.png)
4 months ago
1
Assumptions and prerequisites
-
AES256, SHA256 are secure
-
FaceID and TouchID are secure
-
iPhones ≥ 7 are secure
-
MacBook FileVault2 is secure
-
Bitwarden is secure
-
VeraCrypt is secure
-
You have several 3-rd parties who can identify you and will cooperate
-
Your significant other is not an evil psychopath
-
You are not a subject of state-level attack
-
You use iPhone ≥ 7 with TouchID/FaceID
-
You use a MacBook with a T2 security chip
-
You have a Google account
-
Your MacBook and iPhone are not hacked at the time of setup
TL;DR
-
Generate a random 6-digit PIN and memorize it. That’s your phone PIN and your SIM PIN.
-
Generate three random words using EFF Dice or Diceware. Combine with the PIN and memorize the passphrase. That’s your Bitwarden Master Password.
-
Take a word and combine it with the PIN. That’s your laptop password. You MAY store it in Bitwarden.
-
Use Bitwarden to generate strong passwords and TOTP 2FA codes for all your services.
-
Store your sensitive info in Bitwarden.
-
Store your Really Important Info in a Google Drive/iCloud synced VeraCrypt volume.
Example 1. Don’t use these values in real life
-
PIN 984073
-
Words: cake roping vocation
-
Bitwarden Master password: cake984073ropingvocation
-
Laptop password: vocation984073
One good in-memory-only password protects all your other passwords, TOTP 2FA, Recovery codes, etc.
Use Bitwarden Password Generator to create strong, secure passwords or passphrases. Those are encrypted with a strong encryption algorithm and synced securely between your devices.
And you don’t need to enter your PIN, laptop password and Bitwarden password very often thanks to TouchID/FaceID.
Passwords security analysis
6-digit PIN is ~20 bits of entropy, 3 Diceware words give another ~39 bits of entropy, and a random PIN position provides another 2 bits of entropy. Thus, the scheme gives roughly 60 bits of entropy for the Bitwarden Master Password.
Bitwarden uses 100,000 iterations of PBKDF2 with HMAC-SHA256 to derive the encryption key from the Master Password. Assuming an attacker can compute PBKDF2-SHA256 with 1 GiOps/s (see [pbkdf2]), 60 bits of entropy is enough to resist brute-force attacks for about 2 million years.
JavaScript code to calculate the entropy and the number of years to brute-force the password
iPhones and MacBooks with T2 chips mitigate password brute-force attacks by requiring a longer delay between password attempts on the hardware level. iPhone can be configured to wipe all the data after 10 unsuccessful attempts.
Even with the recently discovered flaw, MacBooks' passwords can be tried at 15 passwords per second. With 232 passwords to try, on average, it would take about 9 years to brute-force, making it impractical.
Why Bitwarden?
Bitwarden is open-source, cross-platform, cross-browser, free, and has a good reputation. The code is audited, and the company is trustworthy.
It supports storing TOTP 2FA, TouchID/FaceID unlocking, allows Emergency Access, and it’s easy to use. It is well-integrated with iOS and macOS.
Apple Keychain is not open-source, and it’s not cross-platform. It’s not integrated with the Firefox browser.
1Password is a good alternative, but it’s not open-source, and it’s not free. Anyhow, this scheme can be easily used with 1Password as well. You don’t need to switch to Bitwarden if you already use 1Password. The same rules apply.
Digital legacy and disaster recovery
If you want to leave your digital legacy to your loved ones, you can do it with Bitwarden Emergency Access.
If you have some Really Important Info and you store it in a separate vault, you can leave the vault password to your loved ones.
You store your Secure Vault password in an encrypted file that you share with your loved ones.
The encryption password is derived from your Master Password. You store it in your Google Digital Legacy Plan along with instructions on accessing your Secure Vault.
In case of your death, your loved ones will receive a notification from Google and can access your encrypted file with your Secure Vault password.
If you lose all your devices, you can ask your loved ones to give you the encrypted file with your Secure Vault password, derive the password from your Master Password, and access your Secure Vault.
If you stop trusting one of your loved ones you can revoke their access to your encrypted file by changing a version of the derived password, re-encrypting the file and sharing it with your loved ones again.
Pros
-
remember only 3 words and 6 digits, easy
-
super easy to use, rarely need to enter your PIN, laptop password or Bitwarden password
-
loss of any device is neither a security nor data loss concern
-
can recover all your info from nothing just knowing your Master Password
-
Bitwarden password is good enough to resist brute-force attacks in case the vault is breached (like in LastPass situation)
-
laptop password is good enough to resist brute-force attacks in case the laptop is stolen
-
you can share your PIN and even your laptop password with your significant other, and they still can’t easily access Master Password-protected items in Bitwarden. They can if they know what they are doing, though.
-
in case you distrust your significant other – change your PIN on your phone, laptop, and Bitwarden.
Cons
-
you are screwed if someone shoulder-hunts or records your Bitwarden password, unless you set up 2FA in Bitwarden. Watch your back when you need to enter the password.
-
you are screwed if an attacker has access to your phone or laptop and knows their passwords
-
you are screwed in case of your spouse is malevolent and knows the scheme
-
you are mostly screwed if the laptop is rooted or even keylogged
-
you don’t want to store crypto wallet seeds in Bitwarden with this setup, unless you are accepting the risk of losing your crypto
