Vault Health Reports

The Exposed Passwords report will identify passwords that have been uncovered in known data breaches that were released publicly or sold on the dark web by hackers.

This report uses a trusted web service to search the first five digits of the hash of all your passwords in a database of known leaked passwords. The returned matching list of hashes is then locally compared with the full hash of your passwords. That comparison is only done locally to preserve your k-anonymity.

Once identified, you should create a new password for affected accounts or services.

The Reused Passwords report identifies non-unique passwords in your vault. Reusing the same password for multiple services can allow hackers to easily gain access to more of your online accounts when one service is breached.

Once identified, you should create a unique password for affected accounts or services.

The Weak Passwords report identifies weak passwords that can easily be guessed by hackers and automated tools that are used to crack passwords, sorted by severity of the weakness. This report uses zxcvbn for password strength analysis.

Once identified, you should use the Bitwarden password generator to create a strong password for offending accounts or services.

The Unsecured Websites report identifies login items that use unsecured (http://) schemes in URIs. It's much safer to use https:// to encrypt communications with TLS/SSL. To learn more, see using URIs.

Once identified, you should change offending URIs from http:// to https://.

The Inactive 2FA report identifies login items where:

• Two-factor authentication (2FA) via TOTP is available from the service

• You have not stored a TOTP authenticator key

Two-factor authentication (2FA) is an important security step that helps secure your accounts. If any website offers it, you should always enable 2FA. Offending items are identified by cross-referencing URI-data with data from https://2fa.directory/.

Once identified, set up 2FA using the Instructions hyperlink for each offending item:

The Member access report shows the total number of Groups, Collections, and Items each user can access:

To locate a specific person, enter their email into the Search members field. Select the neighboring  Export icon to download a .csv that details per member:

• Basic account details, including their Name and if Two-Step Login or Account Recovery is turned on

• Their Group assignments

• Which Collections they can access and at what Collection Permissions level

• The sum Total Items that the member can access

The Data Breach report identifies compromised data (email addresses, passwords, credit cards, date of birth, and more) in known breaches, using a service called Have I Been Pwned (HIBP).

When you create a Bitwarden account, you'll have the option to run this report on your master password before deciding to use it. To run this report, the first five digits of a hash of your master password is sent to HIBP and compared to stored exposed hashes. Your master password itself is never exposed by Bitwarden.

A “breach” is defined by HIBP as "an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software". For more information, refer to HIBP's FAQs documentation.

BashCopia
globalSettings__hibpApiKey=REPLACE