Bitwarden In Chrome



I’ve used Authy for several years to generate mytime-based one-time passwords(TOTP)for two-factor authentication(2FA). For variousreasons, I recently migrated to using Bitwardeninstead.

Google Authenticator Issues

When comparing Chrome vs Bitwarden, the Slant community recommends Bitwarden for most people.In the question“What are the best online password managers?”Bitwarden is ranked 1st while Chrome is ranked 17th. Complete the following steps to import data to your Bitwarden personal Vault (for help importing to an Organization Vault, see Import Items to an Organization): Log in to the Web Vault. Select Tools from the top navigation bar. Select Import Data from the left Tools menu. Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. The websites and apps that you use are under attack every day. Security breaches occur. Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. Bitwarden works with almost any device and browser you can mention: Windows, Mac, Linux; iOS and Android; Chrome, Firefox, Safari, Edge, and many more niche browsers. That leaves you free to roam, unlike browser password managers.

Many services recommend using GoogleAuthenticator for 2FA. Ioriginally used it before switching to Authy, but I switched for a reason thatis still valid today: it doesn’t have any sort of backup or syncingfunctionality.

Check out thereviewsto get a sense of how often people get burned by switching to a new phone forwhatever reason and realizing they’ve lost all their codes or need to go througheach service one by one and set up 2FA again.

Bitwarden

Google Authenticator is also a neglected app. The Androidappwas last updated on September 27, 2017, and the iOSapp was lastupdated on September 12, 2018. You could argue that these are relatively simpleapps that don’t need frequent updates, but take a look at what other apps likeandOTPand Aegis offer in terms of functionality that GoogleAuthenticator doesn’t have, like being able to search for a service instead ofhaving to scroll though the entire list to find it.

Authy Issues

While I have happily used Authy for several years, I also have some issues withit that caused me to look for a replacement.

No Browser Extension

Authy doesn’t have a browser extension forFirefox, my primary browser. This is aproblem because an extension can offer some protection againstphishing, one of the main securityweaknessesof using TOTP for 2FA. If the extension fails to find an entry that matches thecurrent domain, that can alert me to a possible phishing attempt.

The Chromeextensionalso hasn’t been updated in two and a half years and will no longer besupported goingforward.

No Web Client

Authy doesn’t have a web client. While this could be considered a securityfeature, I’d rather have the option to access my codes through any browser in anemergency. It’s a security vs. usability tradeoff that I’m willing to make.

No CLI Client

Authy doesn’t have a CLIclient. I have some ideas for personal browser automation projects that could beeasier to implement with programmatic access to my TOTP codes.

Mac CPU Usage

I use the Mac desktop program, but when it has a code open, the program usessignificantly more CPU. Here’s the CPU usage when it’s just displaying the listof services.

And here’s the CPU usage when it’s showing the TOTP code.

Since I don’t want the program to unnecessarily drain my laptop battery, I tryto remember to press the back button after copying the code. There’s no optionto automatically go back on copy or to just copy the code from the list viewwithout even seeing the code.

Authentication and Recovery

When you create an Authy account, you have to provide a phone number rather thanan email address or username. I didn’t like this to begin with since I want asfew things tied to my phone number as possible, given how often phone numbersget hijacked.

Authy thenencouragesyou to add the app to your other devices and then disable the multi-devicefeature. This means that your codes will keep working on your existing devices,but to add Authy to a new device, you need access to one of your old ones totemporarily re-enable multi-device and to grant access to the new device. If youdon’t have access to an old device, you have to go through a 24 hour accountrecoveryprocess.

However, I want to be able to regain access to my 2FA codes, even if I’ve lostaccess to all my devices. For example, I could be in a foreign country withoutmy laptop and then lose my phone. I want to have a good contingency plan forthis kind of situation.

Note that Authy doesn’t support an account level password. It does support apassword for your encrypted backups, but you don’t enter that until after youlog in.

Authy also doesn’t support TOTP codes orU2F security keys forprotecting itself. Its sole authentication mechanism (beyond account recoveryprocesses) is access to an old device.

Yubico Authenticator

I considered using my YubiKeys to generate TOTP codesusing YubicoAuthenticator,but a YubiKey can only store32TOTP secrets, and I already have 49 of them since I enable TOTP-based 2FAwhenever possible.

Bitwarden

I currently use LastPass to manage my passwords,but I am going to switch to 1Password soon. I decidedto use Bitwarden as well but solely for TOTP codes. 1Password can also handleTOTP codes, but I am willingto deal with the hassle of having two password managers to avoid using the sameservice for both passwords and 2FA.

By using a password manager for TOTP, I get broad cross-platform support with aweb client, browser extensions, desktop programs, mobile apps, and even a CLIclient. I also get standard authentication mechanisms, including 2FA support.

This does mean that I am treating my TOTP codes more like secondary passwords(something Iknow)rather than as something Ihave.Authy’s requirement to have access to an old device better fits the latterprinciple. This is a deliberate choice on my part.

Note that Bitwarden requires a premium account that costs $10 a year in order togenerate TOTP codes. A premium account also adds U2F support, which I wanted aswell.

Authentication Strategy

U2F support is the last component of my authentication strategy. Going forward,it will be like this: I’ll store passwords in 1Password and TOTP secrets inBitwarden. I’ll use separate, high entropy masterpasswords that will only exist in my head.

1Password requires a secret key inconjunction with the master password in order to log in on a new device. Since Ican’t memorize it, I plan to store my secret key as a staticpasswordon my YubiKeys. This means that if I touch the metal contact for a few seconds,it will type out the secret key for me.

For both services, I’ll add all my YubiKeys for 2FA. This means that all I needis one of my YubiKeys (one of which is on my keychain) and the master passwordsin my head to regain full access to all of my accounts.

However, I can’t guarantee that I’ll be able to use my YubiKey on every device.For example, Bitwarden doesn’tsupport U2F inits mobile apps. I would also be paranoid about feeling like I need two YubiKeyswhen I travel in case I lose one.

My plan to deal with these issues is to also set up TOTP-based 2FA for both1Password and Bitwarden. I’ll print those TOTP secrets, along with the 1Passwordsecret key, on a small card and laminate it. I can make multiple copies to putin my wallet and my bag. Sometimes being overly prepared is fun in itself, eventhough it might be overkill.

Migration

To migrate to Bitwarden, I went through my Authy list one by one. In theory, I’dbe able to just copy the TOTP secret to Bitwarden, but Authy doesn’t expose thesecret.

For each account, I logged in and reset 2FA to add the secret to Bitwarden. ThenI deleted the account from Authy. Authy marks it for deletion and then waits 48hours before actually deleting it in case you made a mistake.

I did have trouble with adding some services, such asAlgolia and npm, that onlyshow the QR code and don’t have an option to display the TOTP secret. The QRcodes encode URIs that look like this, asdocumentedin the Google Authenticator wiki:

I tried using my phone camera’s built-in QR scanner, but I couldn’t see the fullURI and opening it would open Authy, with no other option. I used GoogleLens instead to grab the secret. In retrospect, I wasonly having trouble because I was adding the services to Bitwarden through thebrowser extension. I should have installed the mobile app from the beginning andused that because it has an option to scan QR codes.

I also had trouble with adding Twitch, which has aspecific integration with Authy instead of providing a generic QR code. To getaround the issue, I followed thisguide.You can use the deprecated Authy Chromeappto retrieve the TOTP secrets and configurations. This method entails usingChrome’s developer tools to execute customcode toprint the information.

This revealed that Twitch uses 7 digit codes instead of the standard 6 and 10second intervals instead of the standard 30.

At this point, I thought I hit a Bitwarden limitation because I mistakenlyassumed that the extension would only take the TOTP secret in the authenticatorkey field.

Bitwarden

However, I discovered that Bitwardensupportsputting the full URI with configuration into that field. I tested it and wasable to log in to Twitch using the code generated by Bitwarden.

Conclusion

Migrating to Bitwarden took me about a full day, but I’m happy with the result.I’ve been using the Bitwarden browser extension to log in to accounts for thepast week, and it is much nicer than using the Authy desktop program. Next up ismigrating from LastPass to 1Password.

Learn how to Install Bitwarden on Windows RDP. Nowadays In cyberspace, password theft has become a serious problem. So that the websites and applications that you use are attacked every day. Following such attacks, a security breach may occur and your password may be stolen. Now if you use the same passwords for your different accounts, hackers will easily be able to easily access your email, bank accounts, and other important accounts. In this article, we try to introduce you to Bitwarden and teach you how to Install Bitwarden on Windows RDP. You can also see the packages available in Eldernode if you need to purchase the RDP Admin server.

Tutorial Install Bitwarden on Windows RDP

Recommended Article: Most Useful Windows Shortcuts

Introduction to Bitwarden and its features

Nowadays, with the increase of attacks on Internet user accounts, security experts advise users to use different and random passwords for their online accounts. But the question is, how can these different passwords be remembered? BitWarden is a free and open source tool used to fix such problems. In other words, Bitwarden helps you to generate and manage strong and secure passwords. In the following, we will introduce you to some of the most important features of BitWarden software.

1. Sync all devices

With secure tools called Cloud Syncing, Bitwarden allows users to access their data from any device, such as a laptop, mobile phone, or tablet. In fact, all user information is encrypted before being sent from the user’s device, and only the user can access the information. For this reason, even if the Bitwarden team wants, they will not be able to view user information. In Bitwarden, users’ information is encrypted with powerful algorithms.

2. Access and use of Bitwarden

A password management software will not be useful if it is not readily available. Hence, Bitwarden provides users with various ways to access their software. The first step in starting to use Bitwarden is to create an account. To use Bitwarden on Windows, Mac, and Linux operating systems, you can use the desktop application for each operating system. Bitwarden has a special plugin for almost all browsers that users can install and use in their browser to make their browsing more secure.

Note: When a user does not have access to any of their personal devices and is using other people’s personal computers, they can access their Bitwarden via the web without the need for any applications or plugins.

3. Open source and free

The Bitwarden team believes that one of the most important features of Bitwarden is that it is open source. So source code transparency is absolutely essential for software like Bitwarden. Therefore, BitWarden is completely open source software and its source code is on GitHub and everyone can review, modify and participate in its development.

The main Bitwarden features listed below are available to users for free:

Access and install all Bitwarden applications

Sync without restrictions on all users’ devices

Unlimited storage of items

Add items for logins, confidential notes, and bank cards

Two-step authentication

Generator of secure and strong passwords at random

Customize your personal server to use Bitwarden features

How to Install and Configure Bitwarden on Windows RDP

In this section, we will teach you how to Install Bitwarden on Windows RDP. To install Bitwarden, you first need to go to the Bitwarden website and create an account. In the first step click on Create Your Free Account.

Using Bitwarden In Chrome

In the page that opens, fill in the requested fields. Then check the By checking this box… option and click on Submit to create your account.

Bitwarden Chrome Extension Not Showing

*

In the next step, you will enter the following page. After entering the email and Master Password, click on the Log In to enter your dashboard.

*

Now that you have created your user account, you can install Bitwarden on Windows, macOS, and Linux. You can also install the Bitwarden extension on your favorite browser. To do this, go to the Bitwarden site and select the download tab.

Bitwarden Extension Firefox

Bitwarden In Chrome

In the following, we are going to teach you how to install the Bitwarden extension in the Google Chrome browser. To do this, click on Google Chrome from the Web Browser section.

On the next screen, click Add to Chrome.

Then click on Add extension.

Bitwarden Chrome Web Store

You will see the Bitwarden icon appear in the upper right corner. But it is off for now.

To activate it, you must log in to your account. Click on the Bitwarden icon to log in to your account. In the window that opens, click on Log In.

To enter, type the email and Master Password and click on Log In.

As the icon turns blue, you can see that the Bitwarden extension has been successfully installed.

Recommended Article: How to Install Bitwarden on Windows RDP

Import Bitwarden To Chrome

Conclusion

How To Use Bitwarden In Chrome

Bitwarden is one of the simplest password management applications. This app is free and a good choice for password management. Advanced users like to read code and can even host the application on their server. In this article, we first tried to introduce you to the Bitwarden password management program. Also taught how to Install Bitwarden on Windows RDP and install its extension on Chrome browser.