If you haven’t started using a password manager, now is a great time to start! If you are already there, pay attention to the following safety practices to enhance your overall security profile.
Download apps from trusted app stores
App phishing, where fake apps try to look like official apps, is real. Always load apps from a trusted app store and do not sideload applications. Avoid visiting untrusted sites and installing untrusted apps or extensions.
Be aware of App PIN brute-forcing
Many password manager users like to unlock their vault with a PIN code. This is a convenience that requires attention in the event that malicious software gains access to your system to brute-force a PIN code.
Bitwarden requires the master password after 5 failed PIN attempts to protect against brute force attacks. Setting a PIN in Bitwarden also warns you that PIN settings are reset upon logging out. And Bitwarden provides an option to lock with the master password on browser restart.
Choose a strong master password
Using a strong and unique master password is of the utmost importance in protecting your data. This greatly minimizes the risk of a brute force attack and will help keep you safe.
Be in tune with your clipboard
At Bitwarden we recommend using the built-in autofill mechanism and avoiding copy and paste when possible. As an extra precaution, Bitwarden allows users to clear their clipboards after a specified time.
Watch your browser address bar
Unfortunately, there are villains trying to trick you to visit malicious URLs, sometimes by subdomain stacking and HTTPS confusion. Stick with strict URL matching, use a trusted DNS provider, and pay attention to your browsers certificate validation.
Bitwarden provides a range of options for match detection with details in our help site article Match detection for URIs.
Maintaining The Utmost Security
These are just a few tips that can help you enhance your own security once you have a password manager in place. Have other tips? Send them to us on Twitter @bitwarden.
To start your own personal vault with Bitwarden visit bitwarden.com.