Bitwarden a Secure Password Manager on openSUSE

Bitwarden Logo

Password managers are all the rage these days, I guess… I haven’t ever been compelled to try as the password manager I have been using, my shoddy memory, has been working alright for me. The reality is, I have a lot more passwords to remember now and for those passwords I don’t use as frequently, I have to guess at it a few times before I get it… and that is just not a good look.

I have heard rave reviews about several different password manager solutions, waited until I heard more about them and was scared off but recently the rumble of Bitwarden, an open source, free but with a premium paid option came to my awareness. The option to roll your own is a huge deal for me, even if I don’t actually ever roll my own server,

Installation

Bitwarden has several options for installation. I selected to download the AppImage. It should be noted that Your organization my vary but I have a designated AppImage folder for all my AppImages. Once you download it, make sure it is executable. Using Dolphin or your favorite file manager, access the properties and make it executable.

It should be noted that you can download Bitwarden for Windows and Mac OS as well. Not that those mater as much. There is are Deb, RPM and Snap options as well, if you so choose but it should be noted that Deb and RPM don’t have the ability to auto update.

I installed the Firefox Extension so that I could use Bitwarden in a more “seemless” fashion. If I could install Bitwarden on Falkon, I would but at this time, I am not sure how that would be accomplished. Supposedly there is some QML thing in the works but at this time, it is not obvious to me.

It should be noted that Firefox gives you a couple ways to use it. There is a side bar and a drop-down tool. I prefer the drop-down tool as the sidebar tool isn’t as easily turned on and off.

Features

The most commonly used method of using a password manager is automatically through a plugin on a browser. From the different sites I tested it out, it works well. I have tried it on a few sites and when I had input the password I was asked if I wanted Bitwarden to store the login information. Upon returning to that site it did indeed work as expected.

Bitwarden-02-Firefox Plugin.png

An interesting bonus is that you can add any number of notes to a saved password. You could perhaps put the other related notes about your password, or maybe not even have your password at all but a series of hints about your password if you are so paranoid.

Manual Password entry since I often use Falkon instead of Firefox or Chrome and there is not a Bitwarden browser extension available, I will use the Bitwarden in the stand alone mode and do a manual copy and paste into the browser. Although this takes a bit longer to use it’s better than nothing.

An interesting feature built into Bitwarden is a Password Generator. This allows you to generate a random password based on a few factors you set. I am not sure that I would use this feature as it would be me dependent on Bitwarden or some kind of index of passwords to keep things straight.

Bitwarden-02-Password Generator

An interesting feature I think I just may consider using is Identity Entry. I often have to go chasing around for my License or passport number for something but I could potentially put all this information here instead of just some text file on my drive.

Bitwarden-04-Identity.png

You can use Bitwarden for a a place to store all your credit card information. I suppose this could be a better way to store your credit card information as opposed to individual sites. You will have to ask yourself what you trust more, merchant’s web site or an encrypted vault. I think I know which one I trust more.

Another interesting feature in Bitwarden is Secure Notes. I am not exactly sure the intended purpose but I thought I would play around with it anyway. I don’t know if I would use it for my grocery list… not anything real secret about buying ground beef

Bitwarden-05-Secret Note.png

The last area I wanted to look at was not a feature but how much memory does the application use. I believe that the stand alone application is an electron based application and after a few tests of running it and shutting it down, the memory usage varied between 282 MiB and 334 MiB. Depending on how much you value your security will dictate if that amount of overhead is worth it to you. Personally, I think it is worth it on my primary system to have at the ready.

What I Like

The user interface is intuitive, you don’t have to spend any time going through manuals or researching how to instructions on utilizing Bitwarden. It is truly modern and straight forward.

It has a dark theme that integrates very nicely into my desktop’s Breeze Dark theme. It’s not exact, but close enough to not annoy me. It would be nice to have it match exactly but I am not going to be too picky.

A feature I didn’t know I would need but am glad is there is the ability to make folders for your different passwords or notes. The idea here is, you could keep a folder of all your financial passwords, your work password and different hobbies. A nice separation and it keeps things tidy.

Another great feature that I didn’t know I wanted is the ability to put notes with the password information. I can see me using this as such that there are some institutions I log into has additional bits of information outside of your password like your hobbies, your first car, etc. Those answers could very easily be added below in a notes section. This is a pretty fantastic feature, really as you can add all kinds of useful bits of information about the site in a convenient, “secure” container.

Updates seem to be automatic with the AppImage, I was surprised as can be about it too. First time I’ve ever seen an AppImage update itself.

What I Don’t Like

I don’t have a way to integrate Bitwarden into my primary browser of choice, but I really didn’t expect it. It does mean that if I am going to use Bitwarded, integrated into a browser, I will have to use Firefox or possibly Chrome / Chromium.

The memory usage does seem a bit on the high side but it is not a “strain” on my main system, it does make me think twice about using it on low specification systems.

Final Thoughts

After using this application for some time, I have decided that I am going to use this for managing my passwords. It is easy enough to use and the features I require are not that complex. I am also signing up for the Premium version, not because I need the premium features but because I want to support the project and feel good about using it.

Bitwarden works very well within openSUSE using the AppImage. That AppImage will also auto update which was a surprise to me. There is an RPM download for openSUSE from Bitwarden but does not have an Auto update ability… which does seem puzzling but whatever. It is also available for the other operating systems I don’t really care about.

There are many opinions about what is the best security practice, a mix of alphabetic characters with numbers and symbols or using a string of nonsensical words strung together with a smattering of numbers and symbols. Regardless of what your assessment is of “best practice” using Bitwarden is certainly a widely accepted method of storing and maintaining passwords and identities that has increased security yet remains accessible.

Further Reading

https://bitwarden.com/

http://bigdaddylinux.com/

Advertisements

Data Back Up | Better to Prevent than to Regret

Backup-02Backing up data is extremely important. That is, assuming you value your data. Many of us have pictures, videos and documents on our computer. The reality is, all machines will fail, everything gets old and stops working, eventually. Most notably, the Hard Disk Drives and Solid State Drives have a limited lifespan before they cease functioning.

Here is some advice to avoid that white-hot sweaty feeling from a black screen when you turn on your computer.

Back up your data!

Beyond hardware failure, there have been a series of recent ransomware attacks against individuals, businesses and government organizations. One particular bit of ransomware is called WannaCry. Presumably because if you are affected you “wanna cry.” It essentially encrypts all your data and leaves a message that tells you you can have your data back if you pay a ransom. This can be avoided entirely by doing regular offline backups.

Backing up your data is something that you will hear frequently but what do you use to back up your data? Drag and drop the contents of your home directory onto an external drive? That will fill up a drive pretty quick, and isn’t sustainable for the long term. You can pay for storage and sync your data up to “the cloud”, but that can get expensive if you have a lot of data. It also runs the risk of being compromised as well as it just replicates the contents of your data. I have been doing an Rsync command in the terminal but unless if I know that I have been compromised, it could overwrite my good data with bad data.

You Only Need Two Things

1st Item | External Hard Drive

WD.png
Seriously, under $60 will get you started.

The tools I recommend to get you started is some sort of high capacity external mass storage drive. Something like 1 TB or better. They are not expensive, especially if you compare the cost of a new drive to the cost of data recovery. Then you need to get the software. There are lots of great tools out there but rather than search forever for the best tool possible, start here and see if it works for you. Move on if needed and try something else but complete that first backup. Whatever drive you choose to use, ensure that is ALL that drive does. You plug it in, do your backup, unplug it and safely store it.

2nd Item | Software

I am not targeting Windows or Mac users but the fact of the matter is, most of the people I know are NOT on Linux (because they haven’t seen the light, yet). So I wanted to just highlight some FREE offline backup utility options to get you down the right path. This is free as in you don’t have to shell out any cash but feel free to contribute voluntarily to the projects.

Linux

Back In Time

This is what I use on my machine. It has worked very reliably for months now. I haven’t yet had to make any backups but when upgrading my Dell Latitude E6440 with the mSATA drive and growing the 2.5″ SSHD Home partition, I backed up the home drive prior to just in case I messed things up. Fortunately the process went well so no “recovery” was required. I continue to take weekly snapshots of my home directory.

Back In Time

Back In Time openSUSE Install

Documentation for using Back In Time

Deja Dup

Easy to use, very friendly and can be set up for automated online or offline backups. This bit of software actually had more features to play with if you want to do snapshots to a networked service like Nextcloud, Google or a network share.

Deja Dup

Deja Dup openSUSE Install

Using Deja-Dup

Windows

Shadow Copy

Shadow Copy has been included in Windows since Windows XP Service Pack 2 and is pretty basic but easy to use. I have the misfortune of using Windows daily because of a certain bit of required proprietary software. My work machine is still using Windows 7, good bad or otherwise and I also use Windows 7 in VM, therefore I am currently most familiar with that version.

To set up backups is very straight forward and since it is included in Windows, there is really no excuse to not back up your data… at all.

Shadow Copy-1

Here is a guide on using it in Windows 10

Mac OS

Time Machine

included in MacOS since Leopard (2007). I don’t have a Mac nor do I plan to purchase one. Since this is included with your operating system, there is no excuse to not using this utility. When you are done working or playing on your “fruit box”. Plug in that $50 external drive and create that snapshot.

Here is a guide to set it up.

https://support.apple.com/en-us/HT201250

Final Thoughts

Back up your data. Really, just take the time, do it and be done with it. Make it a point to keep your data backed up once a week or every other week… even once a month would be great. There are many, many backup solutions out there, some are free, some are paid services and many may even be better for you. I highly, highly, recommend you make your offline backups and store them safely.

External Links

Back In Time openSUSE Install

Documentation for using Back In Time

Deja Dup openSUSE Install

Using Deja-Dup

Here is a guide on using it in Windows 10

Apple Support for Time Machine