Getting To Know Your Password Manager

Using A Password Manager Or Moving To A New One
An Ongoing Program

Session: One – Two – Three – Four || Quick Start|
Questions || Articles and Videos || Password Strength |
Print Quick Start |

Considering LastPass’ history with security issues and the severity of this latest breach, it’s time to seek an alternative. I have moved to Bitwarden and recommend you do the same.

5 Things to Do Right Now if You Still Use LastPass Manager – By CNET
My Recommendation Resulting from the 2022 LastPass Breach – By Ask Leo! YouTube

After the Monday online meetings, this ongoing program will cover the transition to Bitwarden.

Session One

Choose A Password Manager

Using a password manager is the most important thing you can do to enhance online security. There are some good ones to choose from KeyPass, DashLane, 1Password, RoboForm, and Birwarden. These all are well-vetted and safe to use.

I am now using and suggest BitWarden. So these sessions will concentrate on Bitwarden.

Creating One Strong Easy to Remember Password For use as a Master Password

However, to use a password manager, you still need one password to lock and unlock it. This password needs to be unique and follow all the robust rules. This one password should have no relation to your life, family, anniversaries, hobbies, or travels. In other words, not guessable by someone with knowledge of your life. At the same time, this master password must be easy to remember and type, especially on a phone keyboard.

Here is a simple online tool from LastPass. We will use it to generate pseudowords (nonsense words) to create our unique unguessable master password.

Open the Username Generator Tool:

Set the Username Length to 5 or 6 characters.
Choose “easy to say” and check the Lowercase box.
Now click the circling arrow symbol to generate a word. Repeat clicking the circle arrow till you find a pseudoword you can pronounce, and make notes of it.
Repeat this process until you have 3 or 4 nonce words.
Combine these non-words using numbers and symbols between them and add some numbers to the beginning or end.

The goal is to end up with a 23 to 30-character random master password that you’ll use to lock the password manager.

Here’s how I create a master password using the LastPass username generator.

First, I created three five-letter base words (betag, erect, and glide).

Note: I toggled through many combinations in the username generator tool for each base word until a variety appealed to me.

Then combine them with numbers, symbols, and capital letters to build a 23 or more-character password; add some numbers to the beginning or end ([email protected]) to end up with 30 character password. This random combination of letters, numbers, and symbols will be my Master Password for logging in to the password manager you choose and nowhere else.

How long does it take to crack a Password? See chart or Password Strength Testing Tool.
After creating a shiny new Master Password, you should print several copies of it to have one to store in your safe deposit box or fireproof safe in addition to a convenient location for reference while memorizing your new master password.
Caution: You do not want to enter the Mater Password in any editor that might automatically save it to your hard drive or the cloud (like MS Word, Google Docs, or your Email compose window). Windows Notepad (click Start or the Windows key press” n” choose Notepad from the list) is safe if you discard changes when closing the app or use the Chrome browser notepad.
To open the Chrome browser notepad, simply type or (copy and paste) data: text/html, <html contenteditable> in your omnibar (address bar). That may seem daunting to remember every time you want to access the notepad, but it’s possible to add this to your bookmarks, making it easily accessible.
Tip: You can drag the URL directly from the omnibar to the bookmark bar. I edit the name, making it shorter to accommodate more items on the bookmark bar.

Go To Top

Session Two

Create Your Bitwarden Account
To create a Bitwarden account, select the Get Started button on the Bitwarden homepage, or click here.

Create your account help page.
On the Create Account screen, fill out all fields (Master Password Hint is optional) and select Submit.

Make sure you don’t forget your Master Password. Bitwarden’s zero-knowledge model means we can’t see or recover your Master Password.

Verify your email
Once you have created your account, prompt Bitwarden to send you a verification email by logging in to your web vault and selecting the Verify Email button.

Next steps
Now that you have created your account, these help pages will get you up and running.

Get Started with Browser Extensions – Bitwarden browser extensions integrate password management directly into your favorite browser.

Recommended settings

Unlock with PIN or biometrics.

For fast access to your credentials, set up a PIN or biometrics to unlock your vault.

Open the Settings tab.
In the Security section, check the Unlock with PIN checkbox.
Enter the desired PIN code in the input box. PIN codes can be any combination of characters (a-z, 0-9, $, #, etc.)

Pin the extension

Pinning the browser extension will ensure that it’s easily accessible each time you open your browser. The procedure differs based on which browser you are using:

In Chrome, select the Extensions icon next to the address bar and select the Pin icon next to Bitwarden:

Disable a built-in password manager

Most web browsers will automatically save your passwords by default, but experts generally agree that built-in password managers are more vulnerable than dedicated solutions such as Bitwarden:

In the Chrome browser, navigate to the Passwords page. On this page, toggle off both the Offer to save passwords option and the Auto Sign-in option:

Go To Top

Session Three

Exporting Your Passwords From LastPass & importing To BitWarden

Import Data from LastPass – Use this article for full help details to export and import data from LastPass into Bitwarden.

Export from LastPass
You can export your data from LastPass from their web vault. Here are the quick steps using the Chrome or Edge browsers.

Select the Advanced Options option on the left sidebar:
Then, from the Manage your Vault section, select the Export option. At this stage, LastPass will send you an email to confirm the export.
In your inbox, confirm the export, return to your LastPass web vault, and select the Export option again to complete the export.
Your data will either be automatically saved as a .csv file format:
- Note: File attachments, Sends, trash, and password history are not included in an import file. These items must be manually downloaded from LastPass and uploaded to your Bitwarden vault.

Import Data To Bitwarden

Data must be imported to Bitwarden from the web vault. Data is encrypted locally before being sent to the server for storage.

To import data to your vault:

Log in to the web vault at https://vault.bitwarden.com
Select Tools from the top navigation bar.
Select Import Data from the tools menu.
From the format dropdown, choose a file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
Select Import Data to trigger the import. For example, if you arepassword-protectedord protected .json file, enter the password into the Confirm Vault Import window that will appear.
After successful import, delete the import source file from your computer. This will protect you in the event your computer is An import file does not include fileromised.

File attachments, Sends, trash, and pasn import file. These items must be manually downloaded from LastPass and uploaded to your Bitwarden vault.

Go To Top

Session Four – Using Bitwarden

Videos

How to Create a New Web Login with Bitwarden by Password Bits YouTube
How to Log into accounts with Bitwarden Password Manager by Password Bits
Bitwarden Password Manager Beginners Guide – By Password Bits YouTube
- Bitwarden Beginners Guide [Updated] – By Password Bits
Bitwarden Password Manager Beginners Guide – By Password Bits YouTube

These are the best complete tutorial videos I’ve found.

Bitwarden: How I Manage All My Passwords – by Tario Sultan
The Complet Bitwarden: Setup and How To For Beginners by PasswordBits

Advanced Topics

Is BitWarden Paid Membership More Secure and Worth the Money? – By CyberMedics
Bitwarden Two-Step Login (2FA) – How To Turn On & Use – By Password Bits YouTube
BitWarden- Organizational Plan Explained! – By CyberMedics YouTube
How to Secure Bitwarden with 2nd Factor Authentication – By CyberMedics YouTube
Bitwarden Secured with Yubico Yubikey! – By CyberMedics YouTube
How to Protect Your BitWarden Vault- Backup & Encrypt! -By CyberMedics YouTube

Getting Started | The most used help sections; study the (* stared) item first.

The Oficial BitWarden Help page.

* Get Started with the Web Vault – Add a new login item:
* Get Started with Browser Extensions
* Get Started with Mobile Apps
Get Started with Desktop Apps
Get Started with Organizations (including Family Plan)

Your Vault

* Your Master Password
Account Protection and Avoiding Lockout
Bitwarden cannot reset user passwords, nor can Bitwarden disable two-step login if it has been enabled on your account.
Warning: Users who lose their Mater Password or their two-step login recovery code will need to delete their account and start over.

To mitigate these potential issues: Bitwarden recommends the following for account protection and lockout avoidance.

Master Password – Identify a way for you to retain and be able to recover your Master Password should you forget it. This may include writing it down and placing it in a safe or safe place.

Two-step login recovery code – If you choose to set up a two-step login, be sure to access and retain your recovery code and store that in an equally safe place as your Master Password. Get your Recovery Code:

Vault Items
Account Switchingthe
Log in with Device
Sync your Vault
* Search your Vault
* Folders – Folders are a great way to make your vault items easy to find.
* Favorites – Any item can be designated as a Favorite to allow quick access to your most used items.
* Username & Password Generator – Use the Bitwarden generator tool to easily create strong passwords and usernames.
Custom Fields
* Unlock with PIN– After five failed PIN attempts, the app will automatically log out of your account. Unlock with a PIN can be enabled for the Bitwarden browser extension, mobile app, and desktop app:
* Unlock with Biometrics – Unlock with biometrics is supported for Android (Google Play or FDroid) via fingerprint unlock or face unlock and for iOS via Touch ID and Face ID.
Bitwarden Authenticator (TOTP) Note: I only use this for low-value accounts.
* File Attachments Note: File attachments, Sends, trash, and password history are not included in an import file. Additional items will need to be manually uploaded to your vault.
* Vault Timeout Options – Vault timeout determines how long Bitwarden can be inactive before timing out. “Inactivity” is determined by time since interacting with Bitwarden, not system idle time.
Keyboard Shortcuts
Vault Health Reports
General FAQs

Auto-fill

Auto-fill Logins in Browser Extensions – If your browser extension has issues auto-filling usernames and passwords for a particular site, using linked custom fields can force an auto-fill.
Auto-fill Logins on Android
Auto-fill Logins on iOS

Protect Your Bitwarden Account With a Two-step Login

Field Guide to Two-Step Login – Authy is our recommended authenticator app because it includes backups for any device. Backups prevent you from losing access to your tokens, even if you lose the device Authy is installed on. Flip the Authenticator Backups toggle on the Accounts screen of the Authy app to use this feature.
Two-step Login Methods
- ** Two-step Login via Authenticator I strongly recommend 2FA with Authenticator
  WARNING
  Setting up a two-step login can permanently lock you out of your Bitwarden account. A recovery code allows you to access your account if you can no longer use your normal two-step login provider (for example, if you lose your device). Unfortunately, bitwarden support will not be able to assist you if you lose access to your account. We recommend you write down or print the recovery code and keep it in a safe place. Get your Recovery Code:
- Two-step Login via Email
- Two-step Login via YubiKey
- Two-step Login via FIDO2 WebAuthn

Recovery Codes for Two-step Login

** Lost Secondary Device Be sure to store the two-step login recovery code safely.
TWO-STEP LOGIN Recovery code
Your Bitwarden two-step login recovery code:
XXXX 0C5H Y2ZJH XXXX 2 4GNP XXXX 2AMJ
Two-step Login FAQs

Security

Encryption
Changing KDF iterations – Bitwarden uses a secure default (100,001 iterations), as mentioned above. However, you can change the iteration count from the Account Settings → Security → Keys menu of the web vault.
Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. Therefore, we recommend you increase the value in increments of 50,000 and test all your devices.
Note: I set my account to 1000101 iterations.
Account Fingerprint Phrase

Bitwarden Send

Get Started with the Web Vault

Go To Top

Quick Start

Print Quick Start

Basic Functions, Options, and Settings

Pin Bitwarden extension in Chrome
- Click the Extension icon > Click the Bitwarden Pin (turn it blue)
Turn off LastPass Chrome
- Click the Extension icon > Choose Manage Extensions > Turn off LastPass
In Chrome, turn off the Auto Sign-in
- Click the kebab menu (three-dot menu) > Choose Settings > Click Autofill > Password Manager > Turn off Auto Sign-in.

Sign-up for a new account in Browser Extension

Create a folder
Folders are a great way to make sure you can always find vault items when you need to use them. To create a folder:
- Select the Settings tab and choose Folders from the settings list.
- Select the Add icon.
- Give your folder a name (for example, Social Media) and select Save.
Add a login
- To create a new login item:
  - Navigate to the Signup Page for the new service.
  - Next, open the Bitwarden browser extension.
  - Next, navigate to the My Vault tab and select the Add icon.
- Finally, choose which type of item to create (in this case, select Login).
  - Enter the essential information for this Login. For now, give the item:
    - Replace the prefilled Name with something you’ll quickly recognize (for example, (Twitter account).
    - Your Username (this is often your email address).
    - In the Password box, select Generate.
    - The URI 1 field will automatically have the correct (for example, https://twitter.com/login).
    - Select a folder from the Folder dropdown. Note: You can only choose previously created folders,
    - Nice work! Select Save to continue.
- Test the Login
  - After creating a new login, I suggest you test it.
    - Open the Bitwarden browser extension.
    - In the Search, Vault box, type a few letters (“walm” to find Walmart) for the site you want to log into.
    - If more than one item shows, choose the desired one and Click the Launch icon (first icon on the left)
    - The login page should open if it does not open the login page navigate to it manually.
      Tip: To prevent having to manually navigate to the login page whenever you want to open the site.
      I recommend editing the saved web page (URI) to open the correct page showing login boxes. Here are the steps for changing the URI.
      - Navigate to the page showing the login boxes.
      - Check the address bar it will have something like (thesite.com/login…) it may be quite long.
      - Click the address bar text (it will turn blue) indicating it is selected copy it (Ctrl+C on Mac CMD+C).
      - Open the Bitwarden browser extension the site should be listed click the View icon (left-most icon)
      - Choose Edit at the top right. Replace the address in the URI 1 box with what you just copied from the address bar.
      - Select Save to continue. Test again!
How to Create a New Web Login with Bitwarden by Password Bits YouTube

Website Login

Open the Bitwarden browser extension.
In the Search, Vault box, type a few letters (walm to find Walmart) for the site you want to log into.
If more than one item shows, choose the desired one and Click the Launch icon (first icon on the left)
The login page should open if you do not navigate to it.
Note: If the site requires manually navigating to the login page, see Test the Login above
When the login page is displayed, again open the Bitwarden browser extension.
This time click the site name to autofill replete if the password is on a separate page.
- Tip: Auto-fill login with shortcuts (Ctrl + Shift + L on Mac CMD + Shift + L).

How to Log into accounts with Bitwarden Password Manager by Password Bits

Option Settings (my suggestions)

Open the Bitwarden browser extension
Select settings on the bottom row of icons.
- Security
  - Vault timeout 30 min or 1 hour.
  - Vault timeout action Lock
  - Unlock with PIN click.
    Note: If you quit your browser, you will be logged out of both your web vault and browser extension.
    Tip – If you are using a browser extension, you can bypass this by:
  - Uncheck Lock lock with the master password on browser restart.
  - Enter a PIN your PIN can be any combination of characters (a-z, 0-9, $, #, etc.).
  - I highly recommend you implement a Two-step login.
- Other
  - Click Options to open the list.
  - Clear the Clipboard > 2 or 5 minutes.
  - Show card on Tab page > off
  - Show identities on Tab page > on
  - Autofill (you decide) I chose > on

Go To Top

Articles and Videos

How to export your LastPass passwords & switch to an alternative – By Jim Martin techadvisor.com
How to delete your LastPass account – By Tom Pritchard Tom’s Guide3 min

Videos

Switch from LastPass to Bitwarden – HandsOn Tutorial – By SecureSimpleUK Canada YouTube
Moving Your Passwords from LastPass – By TWiT Tech Podcast Network YouTube
Steve’s Next Password Manager After the LastPass Hack – By TWiT Tech Podcast Network YouTube
Bitwarden Premium Vs Free Account – By Tristan Bolton YouTube
Bitwarden – Family Sharing – By Tristan Bolton YouTube

Security

Should You Store TOTP Authentication in Bitwarden? – By Lawrence Systems YouTube
The 2023 Bitwarden PKDF2 Changes & Why Your Master Password Entropy Still Matters The Most – By Lawrence Systems YouTube
Hackproof Financial Accounts- Google Voice Number! – By CyberMedics YouTube
Hackproof Your Passwords- Simple Double-Blind Method – By CyberMedics YouTube
Everything to Know About Configuring & Purchasing the Yubikey – By CyberMedics YouTube
The Winner of Best 2FA Method for Online Account Security? – By CyberMedics YouTube
How to Protect & Secure Online Accounts- Pick the Right Yubikey! – By CyberMedics YouTube

Go To Top

Questions

Week Four Q: During the Bitwarden session, would you explain how to add new items to the list? Tom T
A: How to Create a New Web Login with Bitwarden by Password Bits YouTube

Week Three Q: 1. Import to BitWarden from LastPass complete. Log out of LastPass, but cannot log on to sites from BitWarden. Must I disable LastPass to use BitWarden? If so, how? I do not want to uninstall LastPass until I know all is well. – Stew R
A: Auto-fill Logins in Browser Extensions – At the browser top right, click the three dots icon, then More tools, and then Extensions. To disable the extension, click the switch in the lower right corner of the LastPass card to turn it off.

Q: 2. I Did not set up 2FA on BitWarden since I’m having problems with Authy. (See #3.) – Stew R

Q: 3. I must have written Authy Master Password incorrectly. I’ve used Authy on only three accounts on both desktop and phone, unlocking both with a PIN. The desktop recently required my Master Password rather than a PIN, and today found it won’t open on the desktop but does so on a phone with fingerprint and PIN. First priority is to get BitWarden working to change passwords and perhaps get paid version to use MSM. Then see how I can solve the Authy problem to have it on both devices.
Is the master password the same as the backup password on Authy? – Stew R
A: Backups password, Master password, and PIN protection with Authy

Q: 4. Have not saved QR or digital codes on the 3 Authy tokens. Can I retrieve these codes retroactively? – Stew R
A: Most sites will not let you get the codes retroactively. Turn off 2FA and start over. This time print the screen when the QR code is showing.
How do I print them from my phone? – Stew R
A: The QR codes are only shown during the setup process.
Authy indicates tokens are “backed up.” Does that just mean they are on the Authy website for use on my multiple devices?
A: Yes! See this same help page. Backups password, Master password, and PIN protection with Authy

Week Two Q: 1. Have LastPass, Authy, and now BitWarden extension installed to convert. Do you suggest using BitWarden authenticator rather than Authy? Stew R
A: Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires a BitWarden premium.
NOTE: To maximize security, it is best to keep your TOTP authenticator separate from the password manager. I will continue to use Authy or Microsoft Authenticator.

Q: 2. When I set up Authy not sure I have the recovery code. I have a PIN and know the master password. Is a recovery code needed for Authy? I have the grid recovery for LastPass and a thing labeled Private key (16 characters long, so it isn’t a TOTP), but I don’t recall what it is or who it’s for. At the time got confused with all the pins, passcodes, and recovery codes. Stew R
A: Backups password, Master password, and PIN protection with Authy,
. > The Best Authenticator Apps for 2023 bt PCmag
. > I suggest Authy or Microsoft Authenticator to generate OTP codes

Q: 3. Is my LastPass and BitWarden vault available on the web and through a browser extension? Perhaps that is what the “Private key” is for, which I didn’t label, but is recorded under the print copy of LastPass. Stew R
A: Lastpass and Bitwarden web vaults use the same username and password you use when signing in to the app or browser extension.

Go To Top

Password Strength Evaluation

While server-side iterations count has some value, it is only required for those with weak passwords. The time to crack a weak password compared strong one ranges from 9 days to 91 trillion years.

Password Strength Testing Tool

Go To Top