I see . I use PIN on my Vault ,. How can this be compromised ?
Do you mean Unlock with PIN from the Account Security settings? If so, it depends on whether you disabled the option “Unlock with master password on restart” when you set up your PIN, it depends on your PIN entropy, and it depends critically on how secure you keep your devices (Can other people ever access your devices? Do you have strong, up-to-date malware defenses and practice good internet hygiene?).
Unlock with master password on restart is on . The pin should be at last 10 digits or it can be 2 passphrase too ? Haha using Dice ! I mean Bitwarden Desktop App - this is what I use often ,yes it is from the security setting .Filevault is on and also Recovery key for iCloud is set .Malware program I have none - I had some before as F-secure ,but the computer is not in open field - nobody can access this computer physically at last . I think Macs are wery robust against attacks if one is careful . Then one thing I sometimes think about is the Clipboard . I do not know how some hackers can have access to a clip board - strange - so I copy immediately something else and the Clipboard content is deleted . I most type my Massterpassword every time when Bitwarden app restarts . But this concept is not really clear to me . I think if someone has not enabled 2fa ,then it is a real danger ? I am not on internet looking at this or that , that is hazardous yes . I am pretty conscious what too look at and what not to look at ,but nevertheless I can do a mistake and then God knows what will happen - but I am wery careful with the internet . This is the reason too that I newer on Facebook - newer on any social media . I have a pretty strict route .
I moved your questions into their own thread, because they were not really related to the thread where you had originally posted.
If it’s a non-mobile device, then the “PIN” can also contain non-numeric characters, or even be a passphrase.
If you use an all-numeric PIN, then the numbers should be randomly selected (using a CSPRNG or dice), and the number of digits should be four times the number of words in an equally secure passphrase (e.g., you could use a passphrase consisting of 3 random words, or a numeric PIN consisting of 12 random digits).
If you think that the probability of vault data being stolen from your device is 8000 times lower than the probability of the data being stolen from Bitwarden’s cloud servers, then it would make sense to use a 3-word passphrase (or a 12-digit numeric PIN). If you think that the probability of vault data being stolen from your device is 60 million times lower than the probability of the data being stolen from Bitwarden’s cloud servers, then it would make sense to use a 2-word passphrase (or an 8-digit numeric PIN).
Any process running on your computer is free to read the contents of your clipboard — there is no security for these data. If you go to the Settings of your Bitwarden apps and browser extensions, there is a setting that automatically clears the clipboard after a user-defined time delay (e.g., 10 seconds).
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.