I am mildly curious as to whether my master password is secure, so I did some reading on the Data Breach report. I say “mildly concerned” because my master PW is well over 16 characters, in addition to having some other characteristics that I believe makes it unique and uncompromised (or as uncompromised as anything can be nowadays). But I may want to check anyway.
I’ve read as much as I could on the Data Breach report, but I am still confused about a few things, as follows:
I still cannot find step-by-instructions on how to run the report. Apparently the Data Breach report links to Have I Been Pwned, but I can’t figure out how to do it. The HIBP website has a place to enter passwords directly and check them, so do I simply go to that website and type in the master password?
BW states that if I am self-hosting BW, I need to buy a subscription key to run the report. I have read a bunch on “self hosting” but still don’t know quite what it means. I am an individual using the free BW product as a browser extension. So am I considered “self hosting?”
HIBP says they use SHA-1 hashing for their password and email checks. I’ve read that SHA-1 is no longer considered secure, having been replaced with SHA-256. So … am I actually taking a risk in entering my Master PW into the HIBP website?
Again, I am not terribly concerned about the integrity of my Master PW, so I am trying to weigh the risk of actually typing it into a non-BW site (which could potentially compromise it), vs. leaving well enough alone.
Thanks
Your Bitwarden master password should be a computer-generated, random passphrase, consisting of at least 4 randomly selected words; adding numbers, special characters, or capitalization is not recommended. This will guarantee that your master password is both unique and uncrackable.
You are most likely not self-hosting. Hosting means that you are operating the server that the Bitwarden apps connect to; for example, instead of accessing the web app at vault.bitwarden.com, you would be accessing your web vault using a completely different web address, on a domain that you own (e.g, something like vault.bitjl66personaldomain.net).
The free Bitwarden account provides a Data Breach Report, but this is only for locating email addresses or usernames that have appeared in known breaches, not passwords. Entering an email address or username in Bitwarden’s Data Breach Report form is completely equivalent to checking the email address or username on the HIBP homepage.
If you want to check if a password can be found in any of the known data breaches, then you’ll need to use the HIBP password checker. When you first register for a Bitwarden account, by default, the option to “check known data breaches for this password” is enabled, which means that Bitwarden code running in your web browser will check your entered master password using the HIBP API.
Thus, since using HIBP for checking your master password is officially recommended by Bitwarden, you can trust that this is secure. If you want to know how this works and why the use of SHA-1 hashing is not a security risk for this use, you can read Troy Hunt’s blog article on the the matter:
Thanks. Can I get some additional clarification on your answers, as follows:
My master PW is indeed a passphrase (not a single password) that exceeds your word count. Sorry if I was not clear on that. But I made it up, not the computer. Suffice it to say that it is not an intuitive passphrase. And it did pass muster on both the BW Password Strength Testing Tool and the HIBP password checker.
It seems that you are saying that when I registered my master PW, BW checked it anyway using the HIBP API. (I was not aware of that.) Am I understanding you correctly?
I am confused by your statement that “adding numbers, special characters, or capitalization is not recommended.” I’ve always thought that this IS recommended, which is why many websites require them in passwords.
Thanks
A “made up” passphrase is not appropriate for securing something as important as your Bitwarden vault.
Any password strength tester that analyzes user-entered passwords (including Bitwarden’s) will produce invalid results, often overinflating the stated “strength” by astronomical amounts. At best, these should be taken as an upper bound on the actual strength (i.e., your password is no stronger than the reported estimate, but otherwise, no valid conclusions can be drawn).
The HIBP checker only allows you to conclude that the password is not included among the subset of data breaches that security researchers have been made aware of. You can’t really conclude a lot from this, and the result certainly does not allow you to conclude anything about the ability of attackers to guess your master password.
I don’t know how old your account is. The option to “check known data breaches for this password” was added to Bitwarden’s account registration form sometime in March, 2023. If you registered your account after that date, and if you did not uncheck the pre-checked checkbox, then your master password would have been hashed and checked using the HIBP API.
This is not recommended when it comes to passphrases. The purpose of using passphrases is that they should be easy to memorize and easy to manually type. Adding capital letters, special characters, or numbers defeats this purpose, without meaningfully increasing password strength. In a passphrase, the strength is derived from the random selection of words from a large list (typically, 7776 words or more), and the number of permutations created when combining a string of multiple randomly selected words. A “made up” passphrase has no such strength, since it was not randomly generated.
Thanks, I was not aware of any of this. I guess I need to change my Master PW, which apparently BW allows me to do. So, a couple of follow-up questions:
If I use the BW generator, should I check the passphrase against HIBP anyway, or is that unnecessary? From your response, it sounds like the value of HIBP is somewhat limited anyway.
See the screenshot below of the options for the BW passphrase generator. Are the default options satisfactory, or should I change any of them?
Thanks again
There is nothing wrong with that passphrase generator per se, except that it is running on a website that also is running third-party tracking scripts (e.g., Google Analytics).
Since you already have Bitwarden installed, a much safer option is to use the Generator tool that is available in all Bitwarden apps and browser extensions.
If you generate a 4-word passphrase, the probability that anybody in the world has ever used that same passphrase would be less than 1:1000 (assuming that all 6 billion humans aged 15 years and above have each generated and used up to 600 four-word passphrases based on the same word list — which seems extremely unlikely). In practice, the probability would be much, much lower (probably less than 1 in a billion).
The defaults are fine. As alluded to previously, you can even reduce the number of words to 4.
Feel free to use whatever word separator you like. It is not included in the strength calculations. I personally use a space because I know how to touch-type.
If curious, the Password Bits website is great for explaining a lot of the reasoning behind various password recommendations. It also has one the only password-strength calculators that is actually based on mathematics.
I was not aware that the PF generator on bitwarden.com was different than the one on vault.bitwarden.com. I will use the latter, as advised. (I may bump to 5 words.)
Good to know that I can use spaces instead of dashes between words, without impacting the security level. (I thought the dash was counted). As you note, it’s much easier to touch-type a space than a dash.
Thanks for the link to Password Bits; I’d never heard of it. It’s both interesting and helpful. I used this for the calculator, is this correct? (It matches my Keys settings in BW, so I assume you would use the same settings for Password Bits.)
Passwordbits also has a calculator for random passphrases. I would take the dollar value assigned with grain of salt — costs to the attacker may be lower by a factor of 10 (compared to what the calculator estimates), depending on how much hardware infrastructure the attackers have already invested in for other purposes.
If you haven’t explored the Passwordbits website previously, some of the pages I often recommend to others are these:
PF has been changed per your guidance, thanks. I have to admit, some of the advice on the security envelope and hiding spots did make me chuckle, but I guess you can’t be too careful nowadays.
One more question about the BW PF generator, sorry: I read your post above about the low possibility of a randomly generated PF having been used before by someone else, and I understand that. But … Is there a possibility of the BW PF generator issuing the same PF more than once over time? I’m thinking not, but I also wonder how long a “machine” can keep generating unique PFs without running out of options, especially with a “low” word count like 4. There’re only so many words in the English language. Just has me wondering.
Maybe this question doesn’t even make sense; I am more of a mechanical person than an IT expert, so I don’t know how this thing works. (But I actually find it interesting.)
Thanks again
The generator does not keep track of what it has previously generated, it’s a question of probability: in case of a passphrase of 4 words, there are 7776^4 posibilities (the list of words it uses has 7776 words and we are picking 4 of them).
That is in the order of 10^15 possible passphrases (3,656,158,440,062,976 to be exact).
Suppose the generator is using a much shorter word list to select words from:
veni
vidi
vici
If we create a pass-“phrase” consisting of a single word, then there are only three possibilities (veni, vidi, or vici). Thus, an attacker who has a copy of the word list would only need to make 3 guesses to be guaranteed to find the password.
Now, create a proper passphrase by combining two words, both of which have been randomly selected from the above word list. These are the possible results from the generator:
For each of the three possible choices for the first word, there will be three possibilities for the second word. Thus, the total number of permutations will be 3×3 = 9. An attacker who wanted to guess which specific two-word combination is your passphrase would have to make 9 guesses to be guaranteed the correct answer.
If generating a three-word passphrase, each of the 9 two-word sequence listed above could be followed by one of three possibilities for the third word (veni, vidi, or vici). If your passphrase was picked at random, then the attacker would have to work through all 3×3×3 = 33 = 27 possible permutations to be assured that your passphrase would be found.
At this point, I hope that it is clear that if you were to generate a four-word passphrase (e.g., vici-vidi-veni-vici), the number of guesses that an attacker would have to make to be guaranteed finding your passphrase is 3×3×3×3 = 34 = 81. The number of guesses required to find the passphrase increases exponentially with the number of words.
Back to Bitwarden’s passphrase generator. The word list from which the words are chosen is well known, and publicly available, and therefore certain to be known to password crackers. However, it consists of 7776 words.
Thus, the number of permutations possible in a Bitwarden-generated passphrases increases with word count as shown in the table below:
Word Count
Number of Possible Passphrases
1
7776
2
60,466,176
3
470,184,984,576
4
3,656,158,440,062,976
If we want to assure that the generated passphrases are unique, we would have to strike out each generated permutation from the list of possibilities, reducing the number of possibilities by 1 each time. If a 4-word passphrase were generated three times, the number of unique possibilities would be:
Because the Bitwarden generator does not keep track of previously generated passphrases, the number of possible outcomes when generating three 4-word passphrases is actually
Consequently, the probability of at least one of the passphrases matching a previously generated passphrase would be
1 – 0.9999999999999991795 = 8.205×10-16
We can generalize this to n generated 4-word passphrases, in which case the probability (p) of generating at least one non-unique passphrase would be given by the following expression:
p = 1 – (N!)/((N – n)!)/(Nn)
where N = 3,656,158,440,062,976 (the number of possible passphrases that could be created by the generator).
OK, you’ve convinced me.
I changed my PF per your guidance, using the BW PF generator.
It sure is a lot harder to memorize than the one I made up. (Which I know is the point.)
Thanks again.
The perfect password (if such thing existed, anyway) would be easy to remember (by it’s owner) but hard to guess (by anoyne else).
But in real life: yes, strong passwords are often also hard to remember. That’s why security concerned people end up using password managers and (hopefully in a not so distant future) passkeys.
Memorizing a generated passphrase is not that difficult, but it does take some practice. It helps to imagine some story or visual scenario that can be associated with the words in the passphrase.
Be very careful about not overdoing this, and if you feel like you will not be able to handle the cards (passphrase words) that are dealt the first time, then I would advise generating a 5-word passphrase instead of just 4 words, to make up for the entropy loss caused by cherry-picking.
Not sure how adding additional characters would help. Perhaps you would get a more memorable phrase by inserting a verb (or some other part of speech) to create something that sounds more like a sentence, but if you do this, do not make any alteration, rearrangement or substitution of the words that were produced by the generator.
My response is: train yourself on it until you are as fluent in it as in your own family’s names.
One way of doing this is to avoid simplifications for a while, i.e. do not set up any alternative unlock or login method until after the phrase is second nature. Then, keep using it for login at least weekly (e.g. instead of a passkey) as a refresher. You will actually learn it quite quickly.
Edit to add after seeing @grb’s post: I like (though not using) adding, not changing, a word for readability, as it does not break any rules around purely random generation.
Thanks. I actually did cycle through a few PFs when I was using the BW PF generator, hoping I would find a PF that was “somewhat” intuitive. No dice, but of course, that is intentional and part of the security scheme. I finally just went with the one that came up after a few tries. They’re all gibberish to me anyway. (Not sure what the comment about entropy loss meant, but I stuck with what I got after a few tries.)
Then I started thinking: What would happen if two people hit the generator at the exact same time? Is that possible? And if so, would they get the same PF? (I decided to leave that one alone.)
Anyway, as noted, the more one uses the PF, the easier it “should” be to remember it. But at my age, it’s gonna take awhile.
I did consider using a PIN instead. But BW cautions against that: See the warning on this page: Unlock with PIN | Bitwarden Help Center. (I don’t quite understand it, but I am taking their advice.)
I’ve also taken steps to protect the PF, plus I am following some of the advice on the Password Bits site (post #9 above.)
One thing I may do is to lengthen the timeout (lockout) period from 15 minutes to 30 minutes (so I won’t get locked as often), but I haven’t made a decision on that yet.
In short, I think I am ok now.
Thanks again for everyone’s help and advice.
Generator tool that is available in all Bitwarden apps and browser extensions.
