Running self-hosted Bitwarden Enterprise, the “Check if password has been exposed” next to each password is superfluous.
We have the global report and we receive alerts from HIBP themselves about exposed passwords.
This checkmark is confusing to users and we don’t want them clicking it and querying the HIBP servers all the time with their passwords (yes I know the password doesn’t actually get sent and I understand how it works and I still don’t want queries being sent by end-users accidentally or on purpose)
Would like the option to remove this from items that are owned by the organisation, it can stay for individual user’s vault items.
Wouldn’t it cause more confusions for users to have an icon next to a password in their vault but not for the same type of thing (a login) in the company vault ?
Plus, I’m genuinely curious about why you don’t want to let your users check if their password have been compromised ? It seems more useful to teach them to check if the passwords they used on a daily basis have been compromised instead of “the sec team” telling them they have to change their password “because we ask you to”.
Firstly I think anything that is connecting and sending any kind of data to an external service needs to be opt-in no matter how “trusted” we consider this service to be. In Bitwarden there isn’t even a way to opt out of the HIBP service within Bitwarden which is even worse. I can always just block the connections on the firewall of course but that’s not the point.
The icon on the windows desktop app is in a really bad position right next to toggle visibility and copy password, I see no reason for this to be here and to be used on a daily basis, and I see users clicking it by accident and getting confused. I guess this is more of a UI design issue, it can stay but needs to be more like the web interface where its separate from the main actions.
The icon on the web interface is ok, it is separate from the main toggle visibility/copy password buttons. This is how it should be and the inconsistency between interfaces is yet another issue.
The browser extension is more or less ok, you have to actually enter the item to see the check mark but can copy the password without entering the item, but I’d rather it also not be right next to the every day use icons of copy password and toggle visibility.
Even if users use this feature, and they get a reply that their password is compromised the first thing they’ll do is contact IT, so letting them check exposure and deal with it doesn’t result in any less work for the IT support team.
Users will not use their personal vault much as the password manager is only accessible on the local network, but I guess the icon removal option should be global then. This could all be solved with an opt-in/opt-out option for HIBP. If you opt-in the icon is there, if you opt-out its gone.
That would be like saying “We don’t like the ability to add a note to the login. Give us the ability to turn just that one thing off.”
Yeah, It would be nice if every little tiny detail was a toggle that we could customize… but then you start getting into the territory of “ok, we’re chopping off valuable security features left and right… where do we stop?”
There is a difference between high configurability with secure defaults and secure settings that aren’t very configurable… that difference is that one is secure, and the other will be “compromised” (double meaning) into slowly chipping away at security.
Also, it seems your Bitwarden is self-hosted. You can self-host your own HIBP password API if you’d like. The full 30GB of the password hash database is available for download.
If you are worried about sending sensitive data… I hope you destroyed all your Windows machines internally and block any domain remotely related to Microsoft.