セキュリティ・チャンピオンのスポットライトオープンソースの貢献者がパスワード忘れにストップをかける

Name: Bryce Bounds

Bitwarden user since: 2021

Location: Fort Lauderdale, Florida

Industry: Government

In 2021, Bryce Bounds was struggling to remember the hundreds of passwords he was juggling between personal accounts and his role as an architect for local county government. Recalls Bryce, “It got to the point where there was no number of permutations of the same password with special characters appended that was going to cover what I needed. It was too much to keep track of.” Bryce realized he needed a password manager to help. 

An engaged member of the open source software community and regular contributor to various open source projects, Bryce knew he wanted a password manager that valued open source as much as he did. “I’ve contributed to my fair share of projects over the years, like OpenWRT’s hardware debugging to Blogger early code,” said Bryce. “I value open source solutions that are auditable and can be modified as needed with user control as a priority.” 

He found an unofficial third-party fork that utilized the Bitwarden open source code on Reddit’s popular self-hosting subreddit, and spun up a Docker instance to start organizing his passwords. With that, he started his journey with Bitwarden Password Manager.

While Bryce found success in managing his passwords across his work and personal life, his family’s business was struggling to manage their passwords in an enterprise environment.

Bounds Law Offices was leveraging a consumer solution to manage their passwords, but the software had severe shortcomings. “It was not set up for multi-user,” said Bryce. “This prevented any kind of password auditing if employees misused the product since every machine was logged into the same account.”

Explains Bryce, “a staff member would forget a password, so they would hit the reset password and change it then save the new password to the system, which resulted in multiple records of the same account over and over with different passwords, to the point that the password database had over 300 entries,” said Bryce. 

Because the law firm had many employees without technical experience, it was important to Bounds Law Offices to find a solution that made it easy to autofill account logins. “The challenge I was tasked with was to find an alternative system that can autofill and tell us a password was updated or changed,” said Bryce.

Bryce Bounds immediately thought of Bitwarden Password Manager, which offered enterprise capabilities outside what was available with the unofficial third-party project — including single sign-on (SSO) integrations and organizational collections with administrative control and auditing. 

The company “was already shifting from everyone logging in with local workstation accounts to Microsoft Azure AD, so incorporating Bitwarden SSO integration made the transition of password managers seamless for end users.”

Commitment to compliance, transparency, and security was also a big selling point for Bitwarden. “[Bounds Law Offices] have tons of HIPAA and PII data. You can't just be leaving that secured with a password in an Excel spreadsheet or sticky notes under the keyboard,” said Bryce. 

Bitwarden security and privacy compliance like SOC 2, GDPR, and HIPAA aligned with the compliance requirements of the American Bar Association's ethics guidance for lawyers. In addition to Bitwarden open source transparency and third party audits, these compliance requirements helped the firm trust that Bitwarden will protect their sensitive information.

Putting a stop to poor password practices

With Bitwarden, Bounds Law Offices was able to immediately identify problem areas with their passwords that were previously overlooked with their prior solution.

Because several Bounds Law employees had created a new password every time they logged into accounts, instead of leveraging what was already in their previous consumer solution, there were a lot of duplicate entries in Bitwarden initially. Bitwarden audit logs “allowed us to see who kept logging in and changing passwords,” said Bryce. About 70% of the 300 passwords imported were no longer valid, and had since been changed. With Bitwarden, Bounds Law Offices prevented these poor password practices from continuing.

Grant login permissions to those who need it

Bitwarden collections enabled Bounds Law Offices to organize their logins by function and assign access permissions as-needed by role. “We took everything from a monolithic container to organized containers with different access policies depending on who needed access to which password/username combinations,” said Bryce. This allowed the firm to ensure only those who needed access to a particular password or username were granted access.

Share Bitwarden with your coworkers, IT team, leadership or all of the above with these email templates, detailing the key reasons to use a password manager like Bitwarden! 

If you are ready to get started with the open source password manager trusted by millions, start a free 7-day trial today!