How to secure your BITWARDEN account like a pro | YubiKey Tutorial

Подписаться 4,6 тыс.

Просмотров 136 тыс.

50% 1

Locking down all your passwords with a password vault- like Bitwarden or Lastpass-is a great way to keep all your accounts secure! However, because all this information is stored in one place, it is critical that you protect your password manager with things like a complex passphrase and multi-factor authentication.
**** Correction: Bitwarden's Premium Account is $10/year NOT $10/Month ****
In this video, I’ll show you how to secure your Bitwarden account with a physical token like a YubiKey. Physical tokens add an extra layer of protection for your critical accounts because hackers can’t access them without getting ahold of your physical key.
#HackProofBitwardenAccount #YubiKey #Security #TristanBolton
SUBSCRIBE to see more videos in this series and leave a COMMENT below with your Bitwarden or Yubikey questions. 😊
TIMESTAMPS -
[0:00:22] Why I like Bitwarden
[0:03:07] Signing up for a Bitwarden account
[0:03:55] Think PASSPHRASE instead of password
[0:05:21] BE CAUTIOUS about using Password Hints
[0:06:20] Bitwarden Vault Tour
[0:06:50] Bitwarden Feature: Exposed Password Report
[0:07:28] Pricing (*It’s actually $10/year not $10/month*)
[0:08:07] Locking down your vault with a YubiKey
[0:09:25] Print your RECOVERY CODES and save them somewhere safe!
[0:10:53] Installing the Bitwarden Plugin for your browser
[0:11:50] Unlock your Bitwarden account with a PIN
[0:13:01] Autofilling usernames and passwords on page loads
[0:14:03] Conclusion & Summary
LINKS* -
Buy YubiKey 5 NFC (US Amazon): amzn.to/2QKBG6z (affiliate)
Buy YubiKey 5 NFC (Canadian Amazon): amzn.to/3buvQ0X (affiliate)
Yubico Products: www.yubico.com/products
Yubico Authenticator: www.yubico.com/products/servi...
Bitwarden: bitwarden.com
OTHER VIDEOS -
How to secure your GMAIL account like a pro: • How to secure your GMA...
How to secure your DROPBOX account like a pro: • How to secure your DRO...
How to secure your LASTPASS account like a pro: • How to secure your LAS...
How to secure your AWS account like a pro: • How to secure your AWS...
----
Instagram - / tristan.bolton
Twitter - / tristanbolton
Facebook - / tristan-bolton-8700984...
Website - tristanbolton.com/
Thanks Guys! Have a great day! 😊
*Just a quick FYI - as an Amazon Associate I earn from qualifying purchases. Thanks!

Наука

Опубликовано:

27 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 271

@GMK4EVER 4 года назад

$10 a year, chief. that's less than a buck a month. cant go wrong with that price!

@barddzen 3 года назад

It’s $10 a year for Personal, but add in Family and it jumps to $50 a year for a family of 6, nearly the price of 1Password. I moved to using BW on my Synology NAS via Docker and in this case it’s free and unlimited. Sure it’s self managed, but with CloudSync backups to gCloud I can at least get my data back fairly easy.

@alwanosuarez9022 3 года назад

@@riverjamal5806 stfu bot

@An.Individual Год назад

here after the LastPass breach

@krzychaczu 3 года назад

6:14 I kindly advice _not_ to store passwords in the browser. Adversary who obtains access to this computer can easily retrieve all these usernames and passwords. That's why we setup Bitwarden with 2FA here. 😉

@alexanderf9435 3 года назад

Hello Krzysztof. Do you mean a browser vault or some settings in BitWarden cause passwords to be stored in the browser?

@krzychaczu 3 года назад

@@alexanderf9435 At 6:14 on the top of the screen we can see "Would you like Firefox to save this login for bitwarden.com". This is a Firefox built-in password manager pop-up. It is not as secure as Bitwarden and easy to crack. A good practice would be to select "Never Save" here, and then change the Firefox settings -> Logins and Passwords -> set "Save Logins" to "off". Firefox should not offer saving passwords in Firefox any more. We will use Bitwarden for storing logon credentials from now on. I hope it explains well.

@jorge3234 3 года назад

@@krzychaczu what do you think of Apple password key chain? Is that secure enough?

@krzychaczu 3 года назад

@@jorge3234 Apple's keychain is a primary target of attacks on mac. It also uses 3DES algorithm to encrypt passwords, which is not considered to be safe nowadays. Of course, it is still better than using the same password in different places.

@Sapphire200 Год назад

thats exactly how I got all my passwords leaked (thankfully lost nothing due to 2FA and quick actions from me). Then I found out about bitwarden and other 2FAs besides google

@kenkoh1724 3 года назад

1. Install 2 way firewall 2. Run 3 virus scans 3. Cover cameras 4. Back up against wall 5. Print recovery codes 6. Clear ram

@interstellar10 3 года назад

Tristan, thanks for the great video! I wanted specific info RE: Bitwarden & Yubikey compatibility. Although the Yubikey portion was skimmed-over rather quickly, it gives me incentive to watch your other videos which you referenced throughout & at the end. I appreciate your insight & look forward to maximizing password security.

@tristanbolton 3 года назад

Thanks - if you still have questions feel free to hit me up here or on twitter @tristanbolton Stay safe

@bulbasaur968 3 года назад

your channel is life saving fr

@mrajax_0101 4 года назад

I tried all but this is the best

@jayyeo3270 4 года назад

Great clarity thank you!

@mackjay1777 3 года назад

Very helpful, thanks! The PIN is a great feature you explain it well

@416nighthawk 4 года назад

Excellent video. I am now using bitwarden with google authenticator on my phone.

@barddzen 3 года назад

One of the challenges I have is I use BW on my Synology NAS via https for a family setup. I could get by using Yubikey or other 2FA methods, but I’m a very technical person and have incorporated this into my daily workflows. However, getting my wife, daughter and grandkids to do 2FA is a major stumbling block. Just getting them to the well of using a password manager was step 1, throwing 2FA of any kind at them makes them use it less. Everyone gets it’s “more secure” but from my standpoint, adoption of a password manager trumps 2FA use: I’d rather have them using BW vs implemented 2FA (and additional steps) and have them not use it all or minimally.

@n3tfury Год назад

You're not wrong.

@Daniel-Davies-Gonstead-Student Год назад

Thanks heaps man! This video, even though I don't use a Yubi Key, has been by far the most helpful video I've found in terms of security with a Bitwarden Account. Cheers again :)

@azclaimjumper Год назад

I like that BitWarden is Open Source. I also like that all three of their servers are in Germany. Yes, I've secured Bitwarden with both of my YubiKeys. Two is one; One is None.

@Jackson_010 Год назад

basics it's encouraging to learn a little bit more! Well done!

@johnbod 3 года назад

This was a fantastic video, thank you so much!

@KunouJS 4 года назад

I had no idea about using the PIN feature. Typing in my master password all the time made me concerned about keyloggers. Thanks for that. :)

@tristanbolton 4 года назад

Agreed, I had the same concern. Pin is a great feature

@RandomGuy-lm8wh 4 года назад

But is the PIN just for that PC then? Or does it sync to other browser extensions as well? Else it will be less secure right? I am sort of concerned about PINcodes. So can you let met re-think my PINcode concern?

@notionpicture 3 года назад

@@RandomGuy-lm8wh it's been 6 months since your comment so I don't know if this is going to be helpful. The PIN code only works locally and it doesn't send anything to the cloud, for example you can also set a different PIN code for your mobile app, another for the desktop app and another for the extension. And the PIN code is different on each one of them (if you want). So yeah that's a good feature since is per device and does not sync anything.

@MrDeol84 3 года назад

I love bitwarden . This video tell you how to setup all security

@cidadaojoaocr 3 года назад

Great video! The tips are really helpful!

@MaZEEZaM 2 года назад

Really helpful video again. Cheers from Australia and +1 Subscriber for your efforts 😎

@tristanbolton 2 года назад

Thanks for the sub!

$@apexfractals2555$

@apexfractals2555 3 года назад

amazing work. great video 👍 straight to the point

@leonardomauro7894 2 года назад

Thanks for the video, really well explained!

@phant0m214 Год назад

know your basics course is just what I needed. Taking it a day at a ti so I can fully grasp the core of soft.

@pjrodz 2 года назад

Thank you for this video, man!

@perengstrom3414 Год назад

Passphrases yes. Also, make a 6x6 matrix and fill it with part random capital letters and part random special characters. Use two casino dice and the matrix to choose a random capital letter or random special charater to inject in your passphrase. Use the dice also to decide in which word in order to inject the random, and also where in the selected word the random should be. One random is easy to remember in your passphrase and makes the passphrase a lot stronger (examFple).

@hamadmohammad3 3 года назад

Nice presentation, I like the option with the pincode.

@christophervazquez537 3 года назад

Thanks man. This video was very helpful.

@tristanbolton 3 года назад

Glad it helped

@edrumsense 4 года назад

12:45 Thanks for the video. I think that having all your passwords out of the hands of google is a big step already. After that you can arise all the paranoia you want and even burn the paper where you printed the recovery code and swtich to RAM only OS and extreme things like that

@RuanBekker 2 года назад

Great video!

@bertsenechal6127 Год назад

I just bought one and I will put to work and will let you know more after I use it. Great presentation Thank you

@grantnicklin6421 Год назад

Great advice on the settings to use in the browser and browser add-on towards the end of your video. Thanks for your efforts with this.

@catflapqo 2 года назад

Hi, there are some great videos on your channel and they've helped cement my decision to use bitwarden as my password vault, thanks. One thing I'm not sure about is which email to use for registration, is it wise to make this different to the one used for registration/communication of the accounts that bitwarden is holding the passwords for or is it just as good to keep it all in one mailbox? I'm also wondering the same about the authenticator app?

@NamNguyen-ps4hk 4 года назад

Thank you love you

@Ninorc8 2 года назад

Tristan, great video. After leaving LastPass did you simply deactivate your LastPass account or did you delete all the websites and passwords?

@cdhorne2112 4 года назад

Great tutorial!

@tristanbolton 3 года назад

Thank you!

@Hi.PixtuneDigital 4 года назад

Thank you

@ryaniglesias6381 3 года назад

Hey Tristan, great video. So I took your advice and deleted my account with LP and installed the free Bitwarden. So far I am liking it, however, two minor things 1) If I already have a password in Bitwarden vault and I launch the website I have to either go to the browser extension and select the account or right-click on the password field, then click on Bitwarden to fill in password ...... is there a way to do one click to fill a password either with the free account or the paid account? I don't mind paying as it's affordable. 2) This one bugs me, when I change any password, Bitwarden does not update the new password automatically, I have to add it manually in Bitwarden. If I am adding a new password for the first time it works perfectly fine but when I am changing a password I have to do it manually. If that's the way it works, could you recommend another password manager? Please don't say LP, I am so unhappy with them...... I will never go back to LP, what they are saying to free users is, on March 16th we are calling the new free service, FREE but we know most likely most people wouldn't be able to use and have to pay but we will still call it a free account. I don't know who LP thinks they are. I prefer to pay for another password manager than go back to LP .... oh well that's my rant.

@DesertHash 3 года назад

What's the difference between the pink string of characters written under your QR code at 8:54 and the recovery code shown at 9:40? I didn't set up my bitwarden yet and presumed the former (text written under the QR code at 8:54) would be the thing used for recovery. Given all you need is the code at 9:40 for 2fa recovery, is it pointless to record the text written under the QR code at 8:54?

@charlescharles6191 3 года назад

I should say that once I slowed it down the video was very helpful, so thank you.

@user8eighty949 2 года назад

should I have an email for bitwarden only? and then store another email inside who have all my registered accounts?

@KrishnaDigital123 Год назад

when i typed in soft soft tutorial i did not expect it to be tNice tutorials good thank you so much aaaaaaa

@mandalorian2010 Год назад

I host Bitwarden on a Docker Container in Linode. With the exception of hosting on Linode, I own all of my data. Doing this setup, I have an additional way to get access to my data in the event that I forget my passcode and lose my key. I can reset everything from the administrator level. There are obviously pros and cons with this setup but I prefer it.

@TomTheAustrian 2 года назад

Really great video! It’s $10 per year, not per konth though 😀

@vishnunr3536 Год назад

Are the sample softs there when you open the software or do you have to download them from sowhere

@Peasachance 2 года назад

If i wanted to have a gmail account secured with a Yubikey like in your previous video and have also Bitwarden secured with a yubikey like in this video, can I use the same Yubikey for both? (the gmail account password would not be in bitwarden)

@Stevo50 6 месяцев назад

All I have to say is........... Thank you!!!

@azclaimjumper Год назад

Please consider creating a video that shows how to secure PC's & Macs with Yubikey. These should be 2 separate videos, one for PC's & a 2nd video for Macs

@teamhairball4182 2 года назад

How's the security of Bitwarden while using it as an extension? How do I know for sure my passwords can't be accessed while the extension is unlocked?

@AphichayaUrinkham Год назад

thank god i finally know how to rena stuff

@mh7711 10 месяцев назад

So Do I have to login into bitwarden using Yubikey Authenticator every time I turn onmy Computer / every Day once? and the being logged in in my vault the whole Day? can I choose/change this? or that I dont need to login on my PC? that I only have to authenticate when a) I use a complete New device or b) I am logging in from a Different place/City? would be save enough I think....

@radixsam7690 Год назад

thank you

@ronald0122 4 года назад

You meant 10$ a year

@tristanbolton 4 года назад

I did. Thank you!

@tsunarun 2 года назад

Thanks for this review 👍👍👍 If i have 2 keys can I flash the barre code one more Time for thé second one ????

@saadgbar6181 Год назад

Great video! now... the GMS soft really distorted in my mac, I searched a couple of tutorials to change in nu Options content settings,

@sunlite9759 2 года назад

Best suggestions: 1- Add an additional key word, number or character to each password that is added manually when signing into web page. 2-Keep financial passwords private. Do not list to vault passwords.

@michaelcorleone287 2 года назад

I don’t understand step 2. What do you mean by that?

@sunlite9759 2 года назад

If you use a password manage do not add them to it. I don't keep any financial passwords on my computer.

@michaelcorleone287 2 года назад

@@sunlite9759 what do you suggest I do with them? What do you think of peppering my financial accounts?

@digitaldeepak21 Год назад

What if bitwarden goes out of the business? We should be able to have an offline copy of the encrypted file that we can open and access, right?

@ronnyvillalobos1363 4 месяца назад

You can.. Export vault either choose an encrypted JSON file or use plain text.

@Ghostbit 4 года назад

Very helpful video, Tristan. I was surprised to hear your comments about phone-based authentication being even less secure then SMS. Have you done a video on this? I just started using Authy, thinking it was a better option then SMS. Can you point me to a better examination of matter? Also, I feel a fair bit more at ease ordering a Yubikey after watching this. I've always had a fear of losing it and getting locked out of everything forever but I didn't know about the recovery code.

@tristanbolton 4 года назад

I'm glad you found it helpful. I'm doing a video on Authy vs Yubikey that may help. If your two-factor authentication is SMS or a phone call to a cell phone, it is possible to have your number ported to another SIM/eSIM or even ported to another cell phone carrier without your knowledge. This attack is fairly common but often it is because someone is targeting you and your accounts. However I suspect it will be easier and easier to get SMS and phone calls routed to hackers and therefore using a Yubikey or Authy is much better. They key thing about Authy is the cloud backups and account security (Video coming soon on this). Having a physical key, like a yubikey, is a great way to protect your accounts. Remember the recovery methods you setup for your account is often used to break into them, so if you setup your cell phone to send an SMS code if you loose your yubikey, you're not really anymore secure. Printing off backup codes is one of the best ways to protect yourself if you loose the key.

@kstaxman2 Год назад

and you can have a back up key as well.. I have two keys one I keep with me and one I keep hidden away for emergencies. I do suggest checking the hidden key every few months just to make sure. And as you said the emergency access key offers a last measure of security.

@Earthcrosser 3 года назад

I use Bitwarden hosted on my Synology NAS and it’s much better than the free offering by Bitwarden where your vault is hosted on their servers (ugh!). You get premium features (FOR FREE!) like the reports and team sharing, plus Yubico access. I just got my Yubico 5C NFC and I’m excited to try it. :-)

@leoncryp8182 2 года назад

How do you self host for free? I though you need to pay the $1 month Premium account? 3rd party bitwarden code fork / hack?

@Intensity2U Год назад

Do you have a tutorial for how to use the Bit Warden app on smart phones?

@txsjohnny 3 года назад

Tristan, can Bitwarden do password change sweep like LastPass? This is where basically all of your passwords are changed. I think you can pick the ones that have been compromised, weak passwords, similar passwords, or ALL - not sure. I cannot find how to accomplish this in my Bitwarden account though.

@tristanbolton 3 года назад

I haven't seen this feature in Bitwarden. I didn't find it worked very well in LastPass personally. Bitwarden does have an Exposed Password report, which I haven't seen in lastpass (correct me if you've seen this). I really like this feature as it watches all the passwords in my vault and if they have been exposed. You can do this manually at: haveibeenpwned.com/

@christophermook7061 2 года назад

at timestamp 8.56 i open the yubikey authenticator app next to the bitwarden qr code, but don't see the option to add an account. no add button anywhere. Anyone know how to solve this one?

@thepiecesfit5049 Год назад

7:42 is $10 / year , which is under $1 a month

@youdoer 2 месяца назад

If you have a physical token does that mean emergency access no longer is possible?

@veillerguise 3 года назад

@Tristan You forgot to mention how Bitwarden is audited by security groups.

@tristanbolton 3 года назад

You're right, Bitwarden is opensource, so everyone, including security groups, can look under the hood and verify it is safe. One of the big reasons to use Bitwarden over other closed systems.

@des7638 2 года назад

Thanks Tristan. Why do you prefer the Yubikey authenticator over just the Key?

@mh7711 10 месяцев назад

I think because the free Version of bitwarden only allows this method, for the Yubikey you need Premium bitwarden

@bilijeanz 4 года назад

Do you do 2 steps on both Bitwarden and the accounts you have? Meaning would do yubikey or MS Authenticator on your main Bitwarden account + your gmail account.

@tristanbolton 3 года назад

Great question, it depends on the account. I try to do a unique password everywhere, and enable second factor on as much as possible. That second factor varies depending on the app, could be SMS (though I use this as little as possible), Duo, MS authenticator, TOTP in bitwarden, and Yubikey. It really depends on how important that access is to keep secure. The most secured services are a username with a unique password and two-factored with an offline yubikey and further IP protected so it can only be accessed from trusted IPs/locations. That is over kill for most users, and I only have 2 or 3 apps that are that level of secure. For your Gmail I'd def have a second factor with Yubikey.

@P4P1Kpl Год назад

Is it working with this blue one? or only with black?

@plusultra7329 4 года назад

Hi, do I need the Yubikey if I use Authy for Bitwarden? Thanks!

@tristanbolton 4 года назад

I prefer hardware tokens, like yubikey, for any key accounts like a password manager. Authy is a good alternative if you don't want to use a hardware key.

@Mike20878 4 года назад

@@tristanbolton Can you use Yubikey with Authy?

@watuzi 3 года назад

Hi, thank you for the tutorial. I am using Bitwarden now since it is much cheaper option than Lastpass. Do you need separate yubikeys for each device you use? How do you use yubikey for the phone? Thanks

@TheScavengr 2 года назад

You can use the same Yubikey for all your devices. I would recommend getting two keys, so that if you loose one, you still have the other for backup. Make sure all the accounts that you set up with one Yubikey, set up the same accounts with the other Yubikey as well and store one in a safe place. I'm going to do the same. Just ordered two for me.

@TheScavengr 2 года назад

You only need to set up 2FA with Yubikey once while setting up your desired account. After that, you can plug in or scan your Yubikey with NFC to any other device you own in order to sign in to that account. Hope it answers your question.

@user-wm8yx9fg1y Год назад

all the different elents together in a language that is universal. I've seen plenty of DAW tutorials being new, but tNice tutorials is by far the best so

@Nagfan09 3 года назад

How many yubikeys does bitwarden let you add to your account please?? I only ask because yubikey say you should always have a spare as a backup which makes sense,thanks for the vid!

@user-xt5sb9wm6f 3 года назад

Plenty of them

@MrOzyreusz 3 года назад

Yubikey OTP or Yubikey FIDO2 or Yubikey U2F?

@quatie Год назад

Can you check the reports through android app?

@brucewayne2955 2 года назад

Does BitWarden have a passwordless option where I don't need a master password just a 2fa key (with a backup key of course)?

@azclaimjumper Год назад

NO. to access your Bitwarden vaults you need 3 things, an email address, a passphrase & your yubikey. I've have two Yubikeys in case I lose one, it's the same principle/concept as getting 2 keys when you buy any physical lock

@deadmancontrol1742 Год назад

Have you uploaded any of your soft?

@shulhaaffandi186 Год назад

Good voice

@AK-wm8lj 2 года назад

Hey man. Do u reckon we should write down every password we save or generate passwords just in case Bitwarden goes down or something?

@azclaimjumper Год назад

BitWarden has 3 servers, all in Germany. I think the internet is more likely to be turned off than having all 3 BitWarden servers go kaput.

@NickAlways 3 года назад

In lastpass u can get access through your phone even after losing the master password

@PiriyaSambandaraksa 3 года назад

I'm switching to BitWarden from LastPass. I also use Authy, should I switch to Yubico Authenticator or use the Bitwarden TOTP instead?

@tristanbolton 3 года назад

Great question Piriya - I use Yubico Auth for my most critical items, such as logging into Bitwarden. Then for easy of access to my other accounts, that are less critical, I'll use Bitwarden TOTP. I have an Authy video coming soon

@dewdaltz Год назад

please enlighten me on how the attachment works. I tried taking a pic of one of my Insurance card but for some freaking reasons I cant open it after I took picture from the Bitwarden Vault login.

@menageartois 3 года назад

Why people don’t use spaces in passphrases is interesting :)

@tristanbolton 3 года назад

lol - probably the least used special character. I always just assume most password fields won't accept spaces. I'll have to try that next time.

@bobbobek5358 3 года назад

Great info, I'll be leaving LastPass

@ashleymorris6636 6 месяцев назад

If this is a potential threat and copy and paste is a threat, then how to access accounts with out having to manually do it is there another way?

@murtadha96 3 года назад

Hi, are you making a video about the Bitwarden OTP Authenticator?

@tristanbolton 3 года назад

I covered bitwarden's OTP authenticator in this video: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-zxUC7kAmYz4.html Hope that's what you're looking for

@user-fo5ki8xo8l 3 года назад

Could you do a video about windows login with yubikey and using yubikey for encryption of all the internal hard drives (or to say it in another way, to secure all data on the pc, if someone stoled the pc)? Thanks :) PS: I want to purchase a yubikey and I saw they want to release a yubikey with a fingerprint scanner, should I wait?

@tristanbolton 3 года назад

Yes, I'll do one on how to secure your windows with a yubikey. I wouldn't suggest a fingerprint yubikey. You can password protect your yubikey if you like and that is plenty of security if you use it the way I talk about in the videos

@beauthompson5338 4 года назад

hi do you have a video on how to do a totp on bitwarden ?

@tristanbolton 3 года назад

No, but I'll do that. Using TOTP feature is one of my favorite parts of Bitwarden

@manish17788 4 года назад

most people use free bitwarden because it provides almost all the features with free. but then how do they support the company?

@tristanbolton 4 года назад

The free one works well. I'm not sure where Bitwarden makes all their money but all the organizations I've suggested it to have bought enterprise licenses, so that helps keep it free for individuals

@manny7886 3 года назад

Can you use more than 1 Yubico key sso you'll have backup besides the code generated?

@tristanbolton 3 года назад

Yes, you just add the QR code to both Yubikeys at the same time

@romeoxlove Год назад

And I recomnd starting with LMMS instead of spending 0 and not really know what your getting into. LMMS is free and I've been

@wildmanofborneo 4 месяца назад

Hello Bitwarden won't recognize a login page that only asks for the username (once the username is entered, the NEXT page asks for the password). How to get Bitwarden to recognize this situation? It works ok if the page asks for both the username and password. This applies to Android.

@TheRealJohnMadden 3 года назад

I prefer KeePassXC but Bitwarden is amazing as well

@tristanbolton 3 года назад

I haven't really used KeePassXC before, what do you like about it over Bitwarden?

@koehnejonas 3 года назад

Hey, still waiting for the OTP Tutorial for Bitwarden. Are you still working on it?

@im1random263 3 года назад

Just put in the secret key and there you go

@donlibes 3 года назад

At 9:00, does the app somehow have permission to read your screen? I would imagine this is something you need to explicitly grant permission for but I didn't see such a step. And it seems insecure because how do you know what the authenticator app is really doing. (Yes, you have the source to bitwarden but not to the authenticator app, right?) I also would find it helpful if you wouldn't rely so much on vague words like this/that/it. For example, at 9:10, you say "This is now locked in that way." which left me thinking "What does he mean by "this" and "locked in" and "that way". (You do this a lot!) I'm also wondering about the following scenario: You have phone in hand, away from your computer, but need a password from Bitwarden. How are you entering your Bitwarden master password? It's super-long and with case changes, special characters, numbers, seems like it must be painful to enter on a phone.

@Saa42808 2 года назад

What about just storing the actual passwords and retrieve whenever you need.

@queenkaking7029 Год назад

overwhelming, but tNice tutorials was absolutely brilliant! Thank you!

@z3r0sky 4 года назад

Can you add a second yubikey for backup purposes?

@tristanbolton 3 года назад

Yes, when the QR code is generated, copy it to the first yubikey, unplug it and plug in the second one, and copy the QR code again. After that proceed to the next screen, and now the private key is on both Yubikeys.

@paulurban2 3 года назад

As Tristan explained, for OTP codes you can just set up two keys at the same time with the same QR code / secret. Some sites also support Yubikeys directly as a second factor as a more secure alternative to OTP codes (can be more resistant to phishing attacks). Some sites allow you to register two Yubikeys, so I register my primary and my backup Yubikey. However, some sites only support a single Yubikey, in which case you’d need some other second factor, which kind of defeats the purpose.

@RandomGuy-lm8wh 4 года назад

How do you use the YUBIKEY on your smartphone? I can understand it will work quit well on you pc's but you can't stick a USB in your phone?

@tristanbolton 4 года назад

There are a number of ways to connect the Yubikeys to your phone. 1. Some of them have NFC. You can just hold the key to the back of the phone (works with iPhones and Andriods) while the app is open and it will load the codes. This works, but I find it slow and hit/miss. Plus I don't like the codes to be accessible via NFC. 2. You can get a key that has USB-C on one side and Lightening Port on the other, so it will work for both PCs, Android, and iOS devices. 3. You can get just a USB C one (that is my daily driver) and plug that into your computer or phone (my phone has USB C) 4. If you have a USB A, you can get a USB A to USB C adapter and plug it into your phone if it has a USB C port on it. Hope that helps

@Mike20878 4 года назад

@@tristanbolton Interesting. I didn't know they made USB-C ones. I got a free key with a Wired subscription and learned that it didn't come with the NFS functionality. I'm always bypassing the key when I log into Google because I always forget it downstairs on my keyring. :(

@KubedPixel Год назад

PLEASE do a self-hosted BW video. I've spent about 10 hours fighting with it trying to get it working. I tried in AWS but got so so so frustrated as it just not working as I'd expect that I gave up.

@marufbepary100 3 года назад

Who's here from LastPass

@mikechurcher9320 3 года назад

Too fast for me particularly how you used the key with firefox. How do you use the key with all of the accounts within bitwarden. Just using it for entry to bitwarden isn't worth the bother. Guess I will watch the video again. Thanks.

@jrostern14 Год назад

Remember to securely destroy the plaintext CSV file used to export from another password manager such as LastPass to BitWarden. Ideally do not allow this file to land on your local drive and certainly not in any cloud storage. I exported the CSV to a USB thumb drive and then physically destroyed it after the migraiton. Best practice would be to then change any critical passords immediately thereafter. Remember that you're not paranoid if they truly are out to get you.