February 2023 Spotlight: Bitwarden adds multifactor encryption

Access your Bitwarden vault without a password

In the latest release, Bitwarden extended the Log in with device capability to let you log in without using your master password in your browser extensions, desktop app, and more. Learn how this enhanced feature works, how it maintains security, and what the future of passwordless looks like for Bitwarden users around the world.

How to create custom fields for Bitwarden vault entries

There are a variety of vault entry options that come out of box with your Bitwarden account such as Name, Username, Password, Authenticator Key, URL, and more. But let’s say you need to add an entry that’s unique, such as an SSH key or custom fields to auto-populate web forms. Bitwarden makes this easy with the ability to create custom fields. Follow the simple step by step process to get started.

Bitwarden design: updating admin views in the web vault

In the latest February release, Bitwarden built a series of updates to improve usability for organization administrators and owners. Improvements were made to the Vault page, the Members Page, and the Groups page to make navigating and managing your Bitwarden organization faster and easier. New columns were added to each of them to show listed items’ attributes at a glance. Read the article to learn more about the latest updates to the Bitwarden design.

Pepper for your password

For those vault items that need serious care, some users might opt to go the peppering route to give them an added layer of security. Peppering involves adding or subtracting a string of characters to a password entry that isn't part of the password but is known only by you. Although peppering is a very simple idea to implement, it does have a few implications that you must take into consideration. Learn more about the two types of peppering and the caveats to be aware of.

Filling in digit-specific passwords

With cybercrime on the rise, institutions invent new and creative ways to strengthen account authentication, such as prompting users to enter specific password characters upon logging in. In this example, if your password is b!tw@ard3nr0k$, your bank may prompt you to enter the 2nd, 8th, 10th, and 13th characters of your password which would be !, t, r, and $. While this may make it harder to crack, it undoubtedly adds friction to the user login experience. Fortunately, Bitwarden now offers an easy way for users to quickly identify digit-specific password characters in the browser extension app. 

As an open-source project, the global Bitwarden community plays an important role in contributing to a world free of breaches and hacks. Special thanks to the following community members that shared useful tips to help others get the most out of their Bitwarden experience.

Big thank you to community member, Bernd Schoolmann, for partnering with Bitwarden to implement an additional option for encryption, Argon2, as well as Argon2 KDF configuration options. Below are the links to explore the updates yourself!

https://github.com/bitwarden/clients/pull/4468

https://github.com/bitwarden/mobile/pull/2293

1. Thank you @frikeer for sharing your approach to auto-pasting TOTP codes.

   

2. Thank you @jvh@twit.social for commenting on how you simplify two-factor authentication with Bitwarden.

   

   
   

• Weekly Live Demo:  Every Wednesday at 12 pm EDT

• Hacker’s Guide to VIP Security: 3/9 at 12 pm EDT

• Managed Service Provider (MSP) Demo: 3/16 at 12 pm EDT

• Managed Service Provider (MSP) Demo: 3/23 at 12 pm EDT

• Monthly Vault Hours:  3/31 at 12 pm EDT