This is for an internal system that is not public-facing, but does require authentication to separate the end users from service technologists (me). The end user login has a static username and password, but the service user has a static username and updating password that regenerates every day at 00:00. This password is based on known algorithm, and isn’t complex but it doesn’t have to be - it just needs to change so if someone wrote it on a sticky note it won’t work any more after midnight.
Is there any way to store this in my vault so I don’t have to mentally ‘run’ the algorithm?
An example of the password would be Keyword.29! where ‘Keyword’ is one of seven words (one for each of the days of the week), 29 is the day of the month plus the month numerically (27+2 for 27 Feb) and always two digits (so with a leading zero), and with a couple symbols thrown in for good measure.
I am confused about the question, since you can store any old password in Bitwarden. If the question is: is there a way to automatically generate the password and store it in the vault, there is the Bitwarden CLI’s edit command, which happens to have an example in the documentation:
That strategy seems like it would offer less protection than imagined. If I was trying to break in and Keyword.29! did not work, the very first thing I would try is incrementing the number one or more times.
If your management does not feel that an unchanging password is good enough, you might encourage them to look into TOTP instead. Its “changing portion” has the advantage of being non-sequential.
This is unfortunately not my call, my customer’s call, or even something I can run up the internal channels in my country’s service division to the software engineering side. This is an international-scale and heavily regulated product, so any change undertaken by the company has to be approved by government regulators in every single country the product is sold (review the list of UN members) before it can be rolled out.
The “security” as such is physical access to the secure local network where the login page can be accessed, but the rules say it has to have a non-static password for service access compared to operator access, so this is the solution some software developer created over a decade ago.
I am simply looking for a way to store the algorithm rather than do the silly math every time the webpage kicks me out which, for “security”, happens every time the laptop goes idle (so it’s very annoying when I’m performing physical work and using the screen to monitor changes. Again, I can’t adjust the timeout…)
Javascript equivalent would be value = `Keyword${(new Date().getDate() + new Date().getMonth() + 1).toString().padStart(2, '0')}!`;
As for CLI, that would require running a cron job once per day to update the vault… which would then mean having a server with CLI/API access to my vault left running.
Perhaps the best solution is to write a userscript (e.g. ViolentMonkey or GreaseMonkey) but I wanted to see if this could be done natively within Bitwarden.
So, instead of sticky note under the keyboard, JavaScript on the desktop .
Bitwarden does have the ability to securely store ]JavaScript as an attachment. But that will not up-the-game much because the script would need to be downloaded for execution at the risk of leaving a copy on your PC (eg. in the downloads folder).
Unfortunately for your scenario, Bitwarden does not have an inbuilt way to dynamically calculate passwords. There is a feature request that gets part-way there but is not enough because it proposes little more than concatenation.
.