Using Personal BW inside big Corporation

Currently doing a consulting job for a large US corporation that’s highly IT secure. Working on their MacBookPro purely VPN’d into their network, YubiKey, etc. Its wonderfully secure.

However, I find myself managing far more logins on this job than I expected, and using Firefox to memorize some passwords to sites, and so on. However, was wondering if I could create a Bitwarden “work” collection and share a few entries with me there, so I’m not keeping some long/strong passwords in the Notes App (not cloud connected, but still, its plain text). And if its a separate collection, it can be its own password so if there’s keyboard logging on this “enterprise device” I don’t have to worry about someone getting into my main Bitwarden.

They really need a solution like that, so you can copy/paste passwords during a screenshare session (without having to turn that off if text is not redacted like it is in Bitwarden).

One concern I had, is would the cloud sync work going through a VPN?
Would a big / secure corporation even allow such a thing ?
That’s probably the snag where it won’t work.

Or maybe I just create a local Bitwarden there, without cloud sync, and keep entries there.

Anyone have experience with this type of dilemma ?

From my limited testing of similar case I could say that if in such secured environment you have access from your browser to web vault, then browser extention (if it is available, because often browsers are managed by corporate policies and many extentions are not allowed to be installed) and desktop client will work.
How safe it is to use it and wheter it is allowed in your case - nobody can know for sure. If someone can login into your account, then all collections and organizations will be accessible to that person.
But if you have hardware tokens, you could configure your account to logout your session by timeout and require 2FA on every login, so even if someone will know your password, it still will be safe until tockens are under your control

1 Like

After I posted this, I read more of their IT guidelines (endless amounts of them so nobody can get through these all before they actually begin work!). One cannot even let FireFox or any browser help them manage password, no Keychain access, etc. Using it will eventually get you locked out when they do a periodic machine audit - so I erased the 4 logins I’d saved in FireFox.

What amazed me about this is that, invariably, you save a couple of logins in a plain-text Notes App, as I didn’t realize my 30 character YubiKey code would need to by TYPED in daily and I would not be able to paste from an encrypted text manager like Bitwarden.

It struck me then, “this is how the Sony hack happened” because there’s hardly a way an employee can protect certain credentials that aren’t yet part of the larger IT picture. Things that are within your department or just your own multiple logins and not have all passwords the same (often they won’t allow that anyway !).

I’m not so concerned about an outside hack in this scenario. I’m more concerned the few times I’ve been either screensharing with co-workers and having to navigate a login (I’ve not stopped screensharing until I complete a login as they’d see me copy a plain text password) and even worse I’ve been on IT sessions with complete control of my machine for 2 min, and they can most certainly screen record, keyboard log, sap the clipboard or simply see a password if I open Notes to copy one.

I thought perhaps my using BW as a standalone app (not as Browser Extension) might be a prudent way to do this, but I’m sure it goes against some IT guidelines. A real shame this isn’t addressed any better at such a large corp - even if I used a PW manager that THEY like, and they have a back door for.