Save master pswd in google pswd mgr?

D_Chance_Gold · August 12, 2022, 12:05am

Is it considered a security risk or is it safe to save the Bitwarden Master Password in google’s password manager?

dh024 · August 12, 2022, 1:06am

Generally, I think that is considered a bad practice because now the security of all your passwords and other secrets saved in Bitwarden are dependent on the security of the Google Passwords client and/or access to your Google account.

Here is what Bitwarden suggests:

D_Chance_Gold · August 12, 2022, 7:32pm

Yeah, if your laptop or phone is stolen and google just opens your vault automatically all your security is for naught. Though I guess google login should be in the Bitwarden vault, yeah?

dh024 · August 12, 2022, 7:34pm

Yes, I put my Google credentials into Bitwarden. The BW clients are purpose-built for security, so I trust them far more than Google’s account security. Google sites also auto-fill well with Bitwarden, so I usually stay logged out of Google unless I am using one of their sites.

D_Chance_Gold · August 12, 2022, 7:36pm

Do you launch websites from Chrome bookmarks? I’m not sure I want to login to Chrome a million times a day…

dh024 · August 12, 2022, 8:34pm

I don’t use chrome anymore, and I try to stay off Google sites on my PC’s as much as possible, so my situation is different from yours, I suspect. My advice might not be very applicable to you!

D_Chance_Gold · August 12, 2022, 8:49pm

How do you organize and access websites?

dh024 · August 12, 2022, 8:57pm

I use Firefox bookmarks. It is the only Mozilla service I use, so I feel safe using it.

D_Chance_Gold · August 12, 2022, 10:57pm

So do you log into Firefox every time you want to visit a website or do you stay logged in?

dh024 · August 12, 2022, 11:14pm

I stay logged in. I don’t see any reason to logout.

D_Chance_Gold · August 12, 2022, 11:52pm

Stolen/lost laptop or phone?

dh024 · August 13, 2022, 12:28am

Locked with biometrics.

D_Chance_Gold · August 13, 2022, 12:32am

I see. Do you use a timeout for locking?

dh024 · August 13, 2022, 12:44am

Yes, always. The period depends on where my devices will be (e.g., home, commuting, vacation, etc.).

D_Chance_Gold · August 13, 2022, 12:59am

Got it. Sounds like a very solid scheme. Thanks much for the info.

pdsec · August 14, 2022, 6:24am

instead of using google pw mgr why not make a second bitwarden for just storing your master pw in. unless you fully trust google pw mgr. then you could use it as a shared vault in case if the pw is changed its already sync in your backup bitwarden

D_Chance_Gold · August 14, 2022, 8:30am

I need to learn more about BW’s timeout features, but do you set a timeout on BW login, the items in your vault, or both?

grb · August 14, 2022, 2:57pm

It’s either or. You set the time-out action to either “log out” (which erases your encrypted vault from local disk storage and requires you to re-authenticate to regain access), or to “lock” (which erases your decrypted vault from memory and prevents the UI from being used, but leaves your decrypted vault stored on your local disk).

grb · August 14, 2022, 3:00pm

If you have to memorize the password to this second BW, then why not just memorize the password to the first BW? Or if you’re proposing to store the password to the second BW somewhere, then where? Just a bit confused about what you are suggesting.

D_Chance_Gold · August 14, 2022, 3:05pm

Yes I understand that. I’m less clear on the granularity. Do you set a single timeout on your BW vault or each item in the vault?