Deploy Bitwarden password manager, then educate users

Equipping all employees with a password manager like Bitwarden is only half the battle.
6 May 2021 | 2 Shares

Will users adopt a password manager like Bitwarden if it addresses all their basic cyber protection woes in one go? Source: Bitwarden

The fastest way to completely revolutionize your organization’s cybersecurity is to ensure that every person in the business uses a unique and difficult-to-guess password for every account they access on the internet. That needs to be the case for both personal and work accounts. If it doesn’t happen, the business is in trouble.

That’s because when a service is compromised – one that might have literally nothing to do with the business – any use of duplicated passwords puts systems and people at risk. When a dog-sitting service that an employee uses gets hacked, the employee’s password becomes literally public knowledge. If that password is used to access work services, documents, shared drives, or (worse) single-sign-on systems, then the business is in trouble.

 

On #WorldPasswordDay, we review the Bitwarden password manager: Packed full of features, open-source, enterprise-ready, and even available to deploy on your own servers.

The Bitwarden desktop application’s interface.

There are many tips and tricks out there that anyone can use that help provide better and unique passwords for every account. Unfortunately, few people use such methods, and they are rarely watertight at any scale. Instead, most people use either the same password (or maybe three individual passwords) for everything or an easy-to-guess variation in every instance. That means… the business is in trouble (do you sense a theme developing here?).

Unfortunately, it’s pretty much impossible today to use any service online without an account with the provider, whether it’s free, freemium, or paid-for. The problems, therefore, multiply. As good as it is for enterprise cyber hygiene as it is for this review, by providing a password manager to every employee, the business stays safer. Not safe – employees have to use their new piece of software properly – but safer.

 

On #WorldPasswordDay, we review the Bitwarden password manager: Packed full of features, open-source, enterprise-ready, and even available to deploy on your own servers.

Password generator

There are plenty of password manager tools out there, with Wikipedia listing dozens, and many a review to boot. Each password manager has different features and  can work on a range of platforms, but to cover off the basics in this review, any chosen password manager should be cross-platform (Windows, Mac, and Linux), work in multiple web browsers via an extension or plug-in, be synchronized to an encrypted store, offer or be part of multi-factor authentication, and work with any security systems already deployed in the business.

There are a couple of bonuses that are nice-to-haves, too: compatibility with hardware security devices (hardware keys, building access management systems), verifiable end-to-end encryption, and some kind of specific business-focused payment tier and/ associated management system. The latter is incredibly convenient when onboarding or off-boarding staff, providing creation and deletion of passwords centrally.

In Focus: Bitwarden password manager review

For personal users, Bitwarden wins the price war at $10 per year for the fully-featured version, and like its competitors LastPass and 1Password (to name just a couple), Bitwarden is offered to businesses on a per-user basis, with an administrator’s dashboard for central management. There are Teams and Enterprise tiers at $3 and $5 per month, per user. It’s available as a standalone application for desktop, as a Chrome extension (working with any Chromium-based browser like Opera, Edge, and Brave), and as add-ons for Firefox, Safari, and even the Tor Browser. It integrates with iOS and Android, auto-filling passwords for app and website logins, a functionality that works even in command-line environments if needed.

However, there are a few significant differences with Bitwarden that make it one of the more popular choices among cybersecurity experts and technology geeks alike. Firstly, the entire platform (including the server instance — see below) is entirely open-source. That means its code is available for anyone to read, double-check and vet for security weaknesses. In fact, the Bitwarden company pays for external audits of its code and entire operations each year, the results of which are available online.

 

On #WorldPasswordDay, we review the Bitwarden password manager: Packed full of features, open-source, enterprise-ready, and even available to deploy on your own servers.

Web browser extension.

The other key differentiator is the self-hosting option. Bitwarden’s paid-for service gives users online encrypted storage (1GB per user) which synchronizes the password database across all devices from the company’s own servers.

But those with available resources can create a Bitwarden Server instance and synchronize to and from that. The source code is open-source, and there are several helper applications produced by users that help systems administrators create their own secure Bitwarden instance.

 

Multi-factor authentication supports fingerprints and hardware security keys like Yubikey.

Conclusion

The most common source of a security breach today is users, whether by clicking bogus links or by poor online hygiene. Although password management systems like Bitwarden’s will all but alleviate the latter cases, users still have to be either forced into, persuaded, or educated into using such a piece of software.

Therefore, the keys to successfully deploying such a solution are ease-of-use and a mixture of cajoling, educating, and arm-twisting. By deploying a fleet of password manager instances for each and every employee, the employer does themselves a huge favor by keeping their everyday users safe(r).