Getting Comfortable With The Basics

Getting To Know Your Password Manager

 
Using A Password Manager Or Moving To A New One
        An Ongoing Program

Session: OneTwo ThreeFour  || Quick Start|
Questions || Articles and Videos || Password Strength |
Print Quick Start |


Considering LastPass’ history with security issues and the severity of this latest breach, it’s time to seek an alternative. I have moved to Bitwarden and recommend you do the same.

After the Monday online meetings, this ongoing program will cover the transition to Bitwarden.   


Session One

Choose A Password Manager  

Using a password manager is the most important thing you can do to enhance online security. There are some good ones to choose from  KeyPassDashLane1PasswordRoboForm, and Birwarden. These all are well-vetted and safe to use.

I am now using and suggest BitWarden. So these sessions will concentrate on Bitwarden.


Creating One Strong Easy to Remember Password  For use as a Master Password

However, to use a password manager, you still need one password to lock and unlock it. This password needs to be unique and follow all the robust rules. This one password should have no relation to your life, family, anniversaries, hobbies, or travels. In other words, not guessable by someone with knowledge of your life. At the same time, this master password must be easy to remember and type, especially on a phone keyboard.

Here is a simple online tool from LastPass. We will use it to generate pseudowords (nonsense words) to create our unique unguessable master password.

Open the Username Generator Tool:

  1. Set the Username Length to 5 or 6 characters.
  2. Choose “easy to say” and check the Lowercase box.
  3. Now click the circling arrow symbol to generate a word. Repeat clicking the circle arrow till you find a pseudoword you can pronounce, and make notes of it.
    Repeat this process until you have 3 or 4 nonce words.
  4. Combine these non-words using numbers and symbols between them and add some numbers to the beginning or end.
The goal is to end up with a 23 to 30-character random master password that you’ll use to lock the password manager.
Here’s how I create a master password using the LastPass username generator.
First, I created three five-letter base words (betagerect, and glide).
Note: I toggled through many combinations in the username generator tool for each base word until a variety appealed to me.
Then combine them with numbers, symbols, and capital letters to build a 23 or more-character password; add some numbers to the beginning or end ([email protected]) to end up with 30 character password. This random combination of letters, numbers, and symbols will be my Master Password for logging in to the password manager you choose and nowhere else.
  • How long does it take to crack a Password? See chart or Password Strength Testing Tool.
  • After creating a shiny new Master Password, you should print several copies of it to have one to store in your safe deposit box or fireproof safe in addition to a convenient location for reference while memorizing your new master password.
    Caution: You do not want to enter the Mater Password in any editor that might automatically save it to your hard drive or the cloud (like MS Word, Google Docs, or your Email compose window). Windows Notepad (click Start or the Windows key press” n” choose Notepad from the list) is safe if you discard changes when closing the app or use the Chrome browser notepad.
  • To open the Chrome browser notepad, simply type or (copy and paste) data: text/html, <html contenteditable> in your omnibar (address bar). That may seem daunting to remember every time you want to access the notepad, but it’s possible to add this to your bookmarks, making it easily accessible.
    Tip: You can drag the URL directly from the omnibar to the bookmark bar. I edit the name, making it shorter to accommodate more items on the bookmark bar.

Session Two
Create Your Bitwarden Account
To create a Bitwarden account, select the Get Started button on the Bitwarden homepage, or click here.
Create your account help page.
On the Create Account screen, fill out all fields (Master Password Hint is optional) and select Submit.
  • Make sure you don’t forget your Master Password. Bitwarden’s zero-knowledge model means we can’t see or recover your Master Password.

Verify your email
Once you have created your account, prompt Bitwarden to send you a verification email by logging in to your web vault and selecting the Verify Email button.

Next steps
Now that you have created your account, these help pages will get you up and running.

Get Started with Browser ExtensionsBitwarden browser extensions integrate password management directly into your favorite browser.
.
Recommended settings 

Unlock with PIN or biometrics.

For fast access to your credentials, set up a PIN or biometrics to unlock your vault.

  1. Open the Settings tab.
  2. In the Security section, check the Unlock with PIN checkbox.
  3. Enter the desired PIN code in the input box. PIN codes can be any combination of characters (a-z, 0-9, $, #, etc.)

Pin the extension

Pinning the browser extension will ensure that it’s easily accessible each time you open your browser. The procedure differs based on which browser you are using:

  • In Chrome, select the Extensions icon next to the address bar and select the Pin icon next to Bitwarden:

Disable a built-in password manager

Most web browsers will automatically save your passwords by default, but experts generally agree that built-in password managers are more vulnerable than dedicated solutions such as Bitwarden:

  • In the Chrome browser, navigate to the Passwords page. On this page, toggle off both the Offer to save passwords option and the Auto Sign-in option:

Session Three
Exporting Your Passwords From LastPass & importing To BitWarden
  • Import Data from LastPassUse this article for full help details to export and import data from LastPass into Bitwarden.
Export from LastPass 
You can export your data from LastPass from their web vault. Here are the quick steps using the Chrome or Edge browsers.
  1. Select the Advanced Options option on the left sidebar:
  2. Then, from the Manage your Vault section, select the Export option. At this stage, LastPass will send you an email to confirm the export.
  3. In your inbox, confirm the export, return to your LastPass web vault, and select the Export option again to complete the export.
    Your data will either be automatically saved as a .csv file format:

    • Note: File attachments, Sends, trash, and password history are not included in an import file. These items must be manually downloaded from LastPass and uploaded to your Bitwarden vault.

Import Data To Bitwarden

Data must be imported to Bitwarden from the web vault. Data is encrypted locally before being sent to the server for storage.

To import data to your vault:

  1. Log in to the web vault at https://vault.bitwarden.com
  2. Select Tools from the top navigation bar.
  3. Select Import Data from the tools menu.
  4. From the format dropdown, choose a file format.
  5. Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
  6. Select Import Data to trigger the import. For example, if you arepassword-protectedord protected .json file, enter the password into the Confirm Vault Import window that will appear.
  7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is An import file does not include fileromised.

File attachments, Sends, trash, and pasn import file. These items must be manually downloaded from LastPass and uploaded to your Bitwarden vault.

 Go To Top


Session Four – Using Bitwarden
  Videos

These are the best complete tutorial videos I’ve found.

Advanced Topics


Getting Started | The most used help sections; study the (* stared) item first.
.
   The Oficial BitWarden Help page.
Your Vault
  • * Your Master Password
    Account Protection and Avoiding Lockout
    Bitwarden cannot reset user passwords, nor can Bitwarden disable two-step login if it has been enabled on your account.
    Warning:  Users who lose their Mater Password or their two-step login recovery code will need to delete their account and start over.

To mitigate these potential issues: Bitwarden recommends the following for account protection and lockout avoidance.

Master Password – Identify a way for you to retain and be able to recover your Master Password should you forget it. This may include writing it down and placing it in a safe or safe place.

Two-step login recovery code – If you choose to set up a two-step login, be sure to access and retain your recovery code and store that in an equally safe place as your Master Password. Get your Recovery Code:

Auto-fill
Protect Your Bitwarden Account With a Two-step Login
  • Field Guide to Two-Step Login – Authy is our recommended authenticator app because it includes backups for any device. Backups prevent you from losing access to your tokens, even if you lose the device Authy is installed on. Flip the Authenticator Backups toggle on the Accounts screen of the Authy app to use this feature.
  • Two-step Login Methods
Recovery Codes for Two-step Login
  • ** Lost Secondary Device Be sure to store the two-step login recovery code safely.
    TWO-STEP LOGIN Recovery code
    Your Bitwarden two-step login recovery code:
    XXXX 0C5H Y2ZJH XXXX 2 4GNP XXXX 2AMJ
  • Two-step Login FAQs
Security
  • Encryption
    Changing KDF iterations – Bitwarden uses a secure default (100,001 iterations), as mentioned above. However, you can change the iteration count from the Account SettingsSecurityKeys menu of the web vault.
    Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. Therefore, we recommend you increase the value in increments of 50,000 and test all your devices.
    Note: I set my account to 1000101 iterations.
  • Account Fingerprint Phrase
Bitwarden Send

Quick Start
Basic Functions, Options, and Settings
  • Pin Bitwarden extension in Chrome
    • Click the Extension icon > Click the Bitwarden Pin (turn it blue)
  • Turn off LastPass Chrome
    • Click the Extension icon > Choose Manage Extensions > Turn off LastPass
  • In Chrome, turn off the Auto Sign-in
    • Click the kebab menu (three-dot menu) > Choose Settings > Click Autofill > Password Manager > Turn off Auto Sign-in.

Sign-up for a new account in Browser Extension

  • Create a folder
    Folders are a great way to make sure you can always find vault items when you need to use them. To create a folder:

    • Select the Settings tab and choose Folders from the settings list.
    • Select the Add icon.
    • Give your folder a name (for example, Social Media) and select Save.
  • Add a login
    • To create a new login item:
      • Navigate to the Signup Page for the new service.
      • Next, open the Bitwarden browser extension.
      • Next, navigate to the My Vault tab and select the  Add icon.
    • Finally, choose which type of item to create (in this case, select Login).
      • Enter the essential information for this Login. For now, give the item:
        • Replace the prefilled Name with something you’ll quickly recognize (for example, (Twitter account).
        • Your Username (this is often your email address).
        • In the Password box, select Generate.
        • The URI 1 field will automatically have the correct (for example, https://twitter.com/login).
        • Select a folder from the Folder dropdown. Note: You can only choose previously created folders,
        • Nice work! Select Save to continue.
    • Test the Login 
      • After creating a new login, I suggest you test it.
        • Open the Bitwarden browser extension.
        • In the Search, Vault box, type a few letters (“walm” to find Walmart) for the site you want to log into.
        • If more than one item shows, choose the desired one and Click the Launch icon (first icon on the left)
        • The login page should open if it does not open the login page navigate to it manually.
          Tip: To prevent having to manually navigate to the login page whenever you want to open the site.
          I recommend editing the saved web page (URI) to open the correct page showing login boxes. Here are the steps for changing the URI.

          • Navigate to the page showing the login boxes.
          • Check the address bar it will have something like (thesite.com/login…) it may be quite long.
          • Click the address bar text (it will turn blue) indicating it is selected copy it (Ctrl+C on Mac CMD+C).
          • Open the Bitwarden browser extension the site should be listed click the View icon (left-most icon)
          • Choose Edit at the top right. Replace the address in the URI 1 box with what you just copied from the address bar.
          • Select Save to continue. Test again!
  • How to Create a New Web Login with Bitwarden by Password Bits YouTube

Website Login

  • Open the Bitwarden browser extension.
  • In the Search, Vault box, type a few letters (walm to find Walmart) for the site you want to log into.
  • If more than one item shows, choose the desired one and Click the Launch icon (first icon on the left)
  • The login page should open if you do not navigate to it.
    Note: If the site requires manually navigating to the login page, see Test the Login above
  • When the login page is displayed, again open the Bitwarden browser extension.
  • This time click the site name to autofill replete if the password is on a separate page.
    • Tip: Auto-fill login with shortcuts (Ctrl + Shift + L  on Mac CMD + Shift + L).

Option Settings (my suggestions)

  • Open the Bitwarden browser extension
  • Select settings on the bottom row of icons.
    • Security
      • Vault timeout 30 min or 1 hour.
      • Vault timeout action Lock
      • Unlock with PIN click.
        Note: If you quit your browser, you will be logged out of both your web vault and browser extension.
        Tip – If you are using a browser extension, you can bypass this by:
      • Uncheck Lock lock with the master password on browser restart.
      • Enter a PIN your PIN can be any combination of characters (a-z, 0-9, $, #, etc.).
      • I highly recommend you implement a Two-step login.
    • Other
      • Click Options to open the list.
      • Clear the Clipboard > 2 or 5 minutes.
      • Show card on Tab page > off
      • Show identities on Tab page > on
      • Autofill (you decide) I chose > on




Articles and Videos
Videos

Security 

Go To Top   




Questions 

Week Four Q: During the Bitwarden session, would you explain how to add new items to the list? Tom T
A:  How to Create a New Web Login with Bitwarden by Password Bits YouTube

 

Week Three Q: 1. Import to BitWarden from LastPass complete. Log out of LastPass, but cannot log on to sites from BitWarden. Must I disable LastPass to use BitWarden? If so, how? I do not want to uninstall LastPass until I know all is well. – Stew R
A:     Auto-fill Logins in Browser Extensions – At the browser top right, click the three dots icon, then More tools, and then Extensions. To disable the extension, click the switch in the lower right corner of the LastPass card to turn it off.

Q: 2. I Did not set up 2FA on BitWarden since I’m having problems with Authy. (See #3.) – Stew R

Q: 3. I must have written Authy Master Password incorrectly. I’ve used Authy on only three accounts on both desktop and phone, unlocking both with a PIN. The desktop recently required my Master Password rather than a PIN, and today found it won’t open on the desktop but does so on a phone with fingerprint and PIN. First priority is to get BitWarden working to change passwords and perhaps get paid version to use MSM. Then see how I can solve the Authy problem to have it on both devices.
Is the master password the same as the backup password on Authy? – Stew R
A:  
Backups password, Master password, and PIN protection with Authy

Q: 4. Have not saved QR or digital codes on the 3 Authy tokens. Can I retrieve these codes retroactively? – Stew R
A: Most sites will not let you get the codes retroactively. Turn off 2FA and start over. This time print the screen when the QR code is showing.
How do I print them from my phone? – Stew R
A: The QR codes are only shown during the setup process.
Authy indicates tokens are “backed up.” Does that just mean they are on the Authy website for use on my multiple devices?
A: Yes! See this same help page. Backups password, Master password, and PIN protection with Authy


Week Two   Q:  1. Have LastPass, Authy, and now BitWarden extension installed to convert. Do you suggest using BitWarden authenticator rather than Authy? Stew R
A:  Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires a BitWarden premium.
NOTE: To maximize security, it is best to keep your TOTP authenticator separate from the password manager. I will continue to use Authy or Microsoft Authenticator.

Q:  2. When I set up Authy not sure I have the recovery code. I have a PIN and know the master password. Is a recovery code needed for Authy? I have the grid recovery for LastPass and a thing labeled Private key (16 characters long, so it isn’t a TOTP), but I don’t recall what it is or who it’s for. At the time got confused with all the pins, passcodes, and recovery codes. Stew R
A:  Backups password, Master password, and PIN protection with Authy,
.   > The Best Authenticator Apps for 2023 bt PCmag
.  > I suggest Authy or Microsoft Authenticator to generate OTP codes

Q:  3. Is my LastPass and BitWarden vault available on the web and through a browser extension? Perhaps that is what the “Private key” is for, which I didn’t label, but is recorded under the print copy of LastPass. Stew R
A:  Lastpass and Bitwarden web vaults use the same username and password you use when signing in to the app or browser extension.

 

 

Go To Top 


Password Strength Evaluation 

While server-side iterations count has some value, it is only required for those with weak passwords. The time to crack a weak password compared strong one ranges from 9 days to 91 trillion years.

 

 

Go To Top

Tech News by Topic