10/30/2023 0 Comments Bitwarden web vault security![]() “It was painfully slow for our users who complained several times over the years.” ![]() “The driving force for the switch away from LastPass was lack of speed, especially on the Chrome extension,” said Chief Technical Officer, Andrew Nguyen. While the solution solved some initial challenges, it also introduced new issues for the team.įirst was LastPass load times, meaning employees couldn’t quickly access their vaults and passwords when they needed them, which negatively impacted user productivity. To address this challenge, the Golden Communications team initially used LastPass for password management. This is, however, an unavoidable issue with all browser-based apps.Golden Communications needed to manage and securely store over 3,000 credentials associated with their clients’ website and cloud hosting ecosystems. app stores, extension stores, et c) and stored locally on the client devices. This is not an issue with clientside applications or a browser extension, the code for which is served by third parties (e.g. The clientside encryption is thus unnecessary and indeed ineffective in this scenario as the server must be trusted 100% at all times to deliver safe code anyway. If the application is being loaded from the server uncritically (such as what happens with vault, this repo), then a dishonest server can simply provide backdoored code which subverts/disables the encryption entirely. ![]() It's designed so that the server does not need to be trusted to keep the passwords secret. The point of doing end-to-end encryption of the passwords and password manager data is so that the server doesn't see the passwords. This permits Bitwarden staff, or anyone who can subvert that staff's access (via any means, legal or otherwise, which is Quite A Lot Of People) to serve a backdoored application which steals user keys or plaintext passwords. ![]() This app, running at, is delivered to the web browser client from Bitwarden infrastructure on each and every page load. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |