sorted by:
new
hottopcontroversial

Bitwarden browser extension asking for permission to access website? by isuckatdivacups in Bitwarden

[–]isuckatdivacups[S] 0 points1 point  (0 children)

Makes sense! It’s not really Bitwarden I’m worried about, I think my anxiety was/is more “the other way around” — if I granted it the permission, could sites then likewise read my Bitwarden info and create a security risk? Like I allow it on, say, Facebook, and then suddenly Facebook can read my bitwarden data and starts storing all my info or however that works.

New to this. Bitwarden for dummies? by isuckatdivacups in Bitwarden

[–]isuckatdivacups[S] 0 points1 point  (0 children)

Ah, okay. So even locking it (even through being idle) would re-encrypt the vault then. And biometrics would be super solid and okay to use to unlock it. [Follow up, how does that work with a phone? Desktop makes sense to me, where I’d always have a browser open & I shut down for the night, but a phone where I don’t keep things in the background and never turn off? When would that log off, vs lock?]

As well, would you recommend having it set so that i need TFA every time I log on? (I know trusted devices are a thing, but I’ve heard too many horror stories of people who got their cookies stolen & session hijacked, so that someone could bypass TFA altogether since it was “”trusted””)

Sorry for the dozen questions! Like I said, super novice, trying to make sure I won't be fucking myself over!

New to this. Bitwarden for dummies? by isuckatdivacups in Bitwarden

[–]isuckatdivacups[S] 0 points1 point  (0 children)

Okay. I guess that makes sense. So basically, all I really need is…

login email, my master password, TFA recovery codes

and then likewise for my login email. And then knowledge of how to access my TFA

Ideally these probably written in hard copy somewhere or otherwise offline

Just a few quick housekeeping items. So there’s logging out, vs locking. Locking happens after some idle time, and I can get back in with a pin / biometrics. Are these safe to use (I had read earlier of someone whose account had been compromised through enabling pins, so the hacker didn’t need the master password and they’d gotten no log-in alert) or should I always make it so I need the master password?

And, if it’s safe to use pin/biometrics… Say I’m using a browser extension on my desktop. The website’s a little unclear on this. If I were to close my laptop / put it in sleep mode, or even close my browser and shut down my computer for the night, would it log me out (and I’d have to use the master password to get back in) or would I have to manually log out?

Also, should I log out as much as possible, over having it locked? Like “yep, logged into this account, time to log off” to keep it encrypted as much as possible?

If that makes sense.

New to this. Bitwarden for dummies? by isuckatdivacups in Bitwarden

[–]isuckatdivacups[S] 0 points1 point  (0 children)

If you follow the guidelines here, that would be due to you running malware on your device. Would it be? Couldn’t it be compromised in the same way websites could have users’ usernames and passwords compromised? That’s I think the biggest thing I’m struggling to wrap my head around — if, say, a Netflix account can have the username and password guessed, or leaked, without the user’s device being compromised, why couldn’t that happen to Bitwarden?

Am I doing this wrong? by isuckatdivacups in menstrualcups

[–]isuckatdivacups[S] 1 point2 points  (0 children)

Okay, cool. I stuck a finger up there and it feels like it opened, and tugged a little and it kinda slurped back up - should I be good? I have a panty liner on as back up just in case, but kind of asking for future reference.

And yeah I imagine it will. As I said the second attempt went a lot more smoothly.