Linux Format - UK (2020-03)

58 LXF260 March 2020 http://www.linuxformat.com

TUTORIALS Password manager

Add login to vault

Log into the Bitwarden browser extension if necessary and

then browse the web in the usual way. When you log into a

website, Bitwarden will pop up a message at the top of the

browser window offering to save the password – click Yes, Save

Now to do so. Click the Bitwarden icon, and after a short pause

you should see an entry appear under logins.

1

Update password

If the password is a weak one, navigate to your profile or

account settings and look for an option to update the password.

Open the Bitwarden add-on and select Generator to create a long

and random password (minimum 14 characters), then click Copy

Password. Right-click inside the new password box and choose

Paste. Update your password.

3

Log in quickly

When you next visit the site, look for a number 1 appearing

on the Bitwarden icon: click this and you should see your login

details appear (the number corresponds to how many entries you

have stored for that site, supporting multiple login profiles). Click

the correct entry and the login boxes should fill automatically,

saving you time and effort.

2

Edit passwords

Bitwarden should offer to update the password

automatically, but if it doesn’t, open the add-on and click the View

button next to the login. Click Edit and then paste your new

password into the Password field. Click Save and it’ll be updated.

Your previous password can be retrieved if necessary by clicking

the number next to Password history after saving.

4

MANAGE ONLINE PASSWORDS WITH BITWARDEN

address, name and supply a strong master password

(see the Quick Tip on the next page). This is the most

important password of all, and if you forget it your

passwords will be lost forever. With this in mind, you

may want to provide a master password hint, which can

be emailed to you if needed.

Once you’ve clicked Submit, your account will be

created and you’ll find yourself at the main vault screen.

If you’re running a self-hosted server and you plan to be

the only user, you can strengthen security by disabling

the registration of new users:

$ docker stop bitwarden

$ docker run -d --name bitwarden \

-e SIGNUPS_ALLOWED=false \

-e INVITATIONS_ALLOWED=false \

-v /bw-data/:/data/ \

-p 4000:80 \

bitwardenrs/server:latest

The browser-based web vault won’t be used much in

day-to-day use, but you will still need to log in to

perform certain functions. One of those is strengthening

security – navigate to Settings > Two-step login’ Start

Make sure server_name points to your subdomain (such

as bw.*) or dynamic hostname, while $upstream_

bitwarden should point to your Bitwarden server’s IP

address. Finally, alter the proxy_pass port number from

80 to 4000. Once done, save the file as bitwarden.

subdomain.conf into the same folder, then restart your

LetsEncrypt container:

$ sudo docker restart letsencrypt

Once it’s up and running again, configure your router

to forward ports 80 and 443 to the reverse proxy’s IP

address. Now open your browser and type in your

chosen subdomain or dynamic hostname, such as

bw.domain.com – no port number required. If

everything is working correctly, you should find that the

connection is automatically redirected to a secure

https:// one – click the padlock and verify that your

browser is happy the connection is secure. Your self-

hosted Bitwarden server is now up and running.

Whether you’ve set up your own server or are going

with Bitwarden’s own cloud servers via, the steps from

here on are virtually identical. Start by clicking Create

Account to set up your account. Enter your email

If you go down

the self-hosted

server route,

make sure you

back up the

/bw-data folder

somewhere safe

and secure. It

won’t be large

• no more than
  10MB in most
  cases – so it
  can be stored
  anywhere. If
  you do back
  it up to cloud
  storage, be sure
  to encrypt the
  backup itself for
  an additional
  layer of security.

58 LXF260March 2020 5556March 20evl6s2e

TUTORIALS Password manager

Addlogintovault
LogintotheBitwardenbrowserextensionifnecessaryand
thenbrowsethewebintheusualway.Whenyoulogintoa
website,Bitwardenwillpopupamessageatthetopofthe
browserwindowofferingtosavethepassword–clickYes,Save
Nowtodoso.ClicktheBitwardenicon,andafterashortpause
youshouldseeanentryappearunderlogins.

1

Updatepassword
Ifthepasswordisaweakone,navigatetoyourprofileor
accountsettingsandlookforanoptiontoupdatethepassword.
OpentheBitwardenadd-onandselectGeneratortocreatealong
andrandompassword(minimum 14 characters),thenclickCopy
Password.Right-clickinsidethenewpasswordboxandchoose
Paste.Updateyourpassword.

3

Loginquickly

Whenyounextvisitthesite,lookforanumber 1 appearing

ontheBitwardenicon:clickthisandyoushouldseeyourlogin

detailsappear(thenumbercorrespondstohowmanyentriesyou

havestoredforthatsite,supportingmultipleloginprofiles).Click

thecorrectentryandtheloginboxesshouldfillautomatically,

savingyoutimeandeffort.

2

Editpasswords

Bitwardenshouldoffertoupdatethepassword

automatically,butifitdoesn’t,opentheadd-onandclicktheView

buttonnexttothelogin.ClickEditandthenpasteyournew

passwordintothePasswordfield.ClickSaveandit’llbeupdated.

Yourpreviouspasswordcanberetrievedifnecessarybyclicking

thenumbernexttoPasswordhistoryaftersaving.

4

MANAGE ONLINEPASSWORDSWITHBITWARDEN

address, name and supply a strong master password

(see the Quick Tip on the next page). This is the most

important password of all, and if you forget it your

passwords will be lost forever. With this in mind, you

may want to provide a master password hint, which can

be emailed to you if needed.

Once you’ve clicked Submit, your account will be

created and you’ll find yourself at the main vault screen.

If you’re running a self-hosted server and you plan to be

the only user, you can strengthen security by disabling

the registration of new users:

$ docker stop bitwarden

$ docker run -d --name bitwarden \

-e SIGNUPS_ALLOWED=false \

-e INVITATIONS_ALLOWED=false \

-v /bw-data/:/data/ \

-p 4000:80 \

bitwardenrs/server:latest

The browser-based web vault won’t be used much in

day-to-day use, but you will still need to log in to

perform certain functions. One of those is strengthening

security – navigate to Settings > Two-step login’ Start

Make sure server_name points to your subdomain (such

as bw.*) or dynamic hostname, while $upstream_

bitwarden should point to your Bitwarden server’s IP

address. Finally, alter the proxy_pass port number from

80 to 4000. Once done, save the file as bitwarden.

subdomain.conf into the same folder, then restart your

LetsEncrypt container:

$ sudo docker restart letsencrypt

Once it’s up and running again, configure your router

to forward ports 80 and 443 to the reverse proxy’s IP

address. Now open your browser and type in your

chosen subdomain or dynamic hostname, such as

bw.domain.com – no port number required. If

everything is working correctly, you should find that the

connection is automatically redirected to a secure

https:// one – click the padlock and verify that your

browser is happy the connection is secure. Your self-

hosted Bitwarden server is now up and running.

Whether you’ve set up your own server or are going

with Bitwarden’s own cloud servers via, the steps from

here on are virtually identical. Start by clicking Create

Account to set up your account. Enter your email

If yougodown

theself-hosted

serverroute,

makesureyou

backupthe

/bw-datafolder

somewheresafe

andsecure.It

won’tbelarge

• nomorethan
  10MBinmost
  cases– soit
  canbestored
  anywhere.If
  youdoback
  it uptocloud
  storage,besure
  toencryptthe
  backupitselffor
  anadditional
  layerofsecurity.