Hi everyone, I’m a new customer/community member. Do the recent microsoft azure vulnerabilities (articles linked below) have any bearing on Bitwarden’s stored data/vaults? Such articles seem to be surfacing more often, is it something customers should be worried about? I understand the issues in the following articles have been addressed, but I’m getting more paranoid these days with the hacks made public in the past 12 months. Would be interested in hearing people’s thoughts. Have a great day.
This will always be a risk with cloud storage. It’s the penalty we pay for using cloud-based password managers. Bitwarden completes and publishes third party audits of its network security every year, found here: https://bitwarden.com/help/is-bitwarden-audited/ (noting, there are other major password managers like LastPass which do not do this.)
Your other option, of course, is to move to a local password manager like a KeePass variant, which is also a good choice.
You should plan for the worst:
Assume that eventually, your Bitwarden vault will be stolen from the cloud. Your master password should provide the defense required to protect against your vault contents being compromised, because this is your main line of defense. This requires that you choose a sufficiently strong master password (e.g., a randomly generated passphrase consisting of 5-7 words).
If relying on your master password alone makes you nervous, secondary defenses may include use of a memorized “pepper” that is manually added to each password after it has been auto-filled, or use of 2FA other than the Bitwarden Authenticator for the login accounts stored in your vault.
1 Like
Ok yeah I understand there’s a risk of anything being breached eventually. I’ll consider your suggestions, thank you both.