TechnologyI am a software engineer that created a free, open source password manager to keep you safe online. AMA!
Nov 21st 2016 by xxkylexx • 23 Questions • 140 Points
Hey reddit. We all use the internet, so we need to be taking the proper steps to stay safe. Password re-use is a huge problem and with large data breaches becoming more and more common these days, we need to protect ourselves. Nearly 4 million data records (that we know of) are stolen online everyday and chances are you've been in one of them. Using a password manager is one of the easiest things you can do to stay safe.
I'm a software architect and have worked in the credit card payment processing industry for quite some time dealing with your sensitive credit card data. Security is something I think about and work with on a daily basis. Last year I decided that there was something missing from the internet: a simple, free, open source password manager that was available on all of your devices. Sure, there are many password management applications out there, but none of them seemed to fit the bill.
After one full year of development, bitwarden has been released for free on several platforms including iOS, Android, Chrome, Firefox, Opera, and the web. You can read more about bitwarden on our website, https://bitwarden.com/.
I'll be here for the rest of the day to answer your questions about bitwarden, your password practices, online security, software development, open source, or whatever. AMA!
- Website: https://bitwarden.com/
- GitHub, source code: https://github.com/bitwarden
- Kickstarter campaign: http://kck.st/2gCsTUL
- Chrome Extension: https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb
- Android App: https://play.google.com/store/apps/details?id=com.x8bit.bitwarden
- iOS App: https://itunes.apple.com/us/app/bitwarden-free-password-manager/id1137397744?mt=8
What makes your password manager better than a community open-source project (like KeePass) ?
KeePass is a great piece of software and is indeed open source as well, however, ask your non-technically inclined friend or family member to try and use it and you will quickly find that it seems to fall short. At least that has been my experience.
Since the product is open source, you certainly can do this, though there is no "happy path" documented at this time. This is something we plan to introduce as a first-class experience further down the road with enterprise support/licensing.
So if someone gets my bitwarden password, I'm fucked?
Yes, which is why it is important to create a strong master password. This shouldn't be an issue since you only have one password to remember now.
Seems pretty unsecure for phishing/keylogging, any preventative measures such as an authenticator to prevent logging in from strange ip addresses/mac addresses?
Two-factor authentication is available for your account as well. This can be activated from our web vault: https://vault.bitwarden.com/#/login
Sounds great! Another question if you don't mind and if it hasn't been asked/answered already, wouldn't transparency by publishing all of the source code make it easier for hackers to hack and access the passwords and sensitive data that is supposed to be protected?
No, since that would be security though obscurity, which is not really security at all.
I see. Do you have any requirements on the master passphrase that would reduced entropy (min or max characters)? Or make it more difficult to remember (capital letters and or special characters)?
We do not enforce any rules on your master password other than it much be at least 8 characters. There was a discussion about this a while back here: https://github.com/bitwarden/web/issues/3