http://www.techradar.com/pro/linux March 2020 LXF260 59Password manager TUTORIALS
SECURE YOUR NEXT ISSUE... Subscribe now at http://bit.ly/LinuxFormat
SET UP A REVERSE PROXY
If you’re a QNAP user, open Container Station, select Create and type
‘linuxserver letsencrypt’ into the search box. Select the first result
(linuxserver/letsencrypt), click Create, leave Latest selected and click
Next. In Create Container, we recommend limiting CPU to 20% and
memory to 1024MB. Click Advanced Settings’ Add environment settings:
PUID = 1000 PGID = 1000 TZ = Europe/London VALIDATION = http.
Add URL = domain.com, replacing domain.com with your own
domain or dynamic hostname. If you’re using your own domain and
plan to use subdomains, create a SUBDOMAIN value, listing each
subdomain, separated by a comma (for example: SUBDOMAINS =
bw,nc), plus change the existing ONLY_SUBDOMAINS value to true.
Select Network and change Network Mode to Bridged. Select Use
Static IP to assign a unique IP address to your container, through
which all subsequent traffic will be forwarded. Select Shared Folders
and click Add under Volume From Host to map /config (mount point)
to a suitable folder on your NAS drive (say /containers/letsencrypt,
which you’ll need to create in File Station). Click Create.
Switch to Containers and after your letsencrypt container appears
and starts running, click to monitor progress through the Console.Length is more
important than
randomness
when creating
your master
password,
so choose
something
only you would
know. For
example, you
could make use
of a favourite
ancestor like
so: 18Billy
1881Thekid59.by choosing your form of secondary verification –
typically an authenticator app. Use this option in
conjunction with Authy or a similar 2FA app to generate
the codes you’ll need to enter in addition to your
password. When set up, click View Recovery Code to
write this down and store it somewhere secure.Install the apps
Log out of your web vault and visit https://bitwarden.
com to download the desktop and mobile apps or install
the browser plugins. If you’re primarily using Bitwarden
to securely store online passwords, you can get by with
the browser plugins and mobile apps.
After installing, click the Bitwarden icon in your
browser toolbar or open the mobile app to log in. Those
with self-hosted servers should first click the settings
button and enter your server’s URL (such as https://
bw.domain.com – don’t forget the https this time)
before clicking Save. Click Log In, enter your username
and password and off you go. The step-by-step guide
reveals how to use Bitwarden to manage and generate
strong passwords in your web browser.
The mobile app works in a similar way to the browser
add-on but comes into its own when linked to your
mobile OS’s password auto-fill feature – in Android Oreo
or later, for example, search for Autofill under Settings
and tap Autofill Service. Bitwarden should be in this list,
so tap it. Going forward, whenever prompted to enter
login details in apps or browsers, you should see an
option to automatically input the relevant password
from your Bitwarden vault.
You can also install a standalone Bitwarden app on
your PC – this is a portable AppImage package for Linux
users, so after downloading be sure to right-click it and
choose Properties > Permissions, and tick Allow
Executing File As Program before running it. The app
sports a similar user interface to the web-based vault,
but it isn’t a substitute for the browser plugin – while you
can right-click a login and choose Launch to jump to
that page in your web browser, it can’t autofill your login
details. Its main use is for managing your existing logins.
As your collection of passwords increases, you may
find your vault begins to look a bit messy. It’s not a
problem – the search box makes zeroing in on a specific
login easy enough, but Bitwarden offers you the option
of organising passwords into folders to make browsing
your collection easier – the annotation (see page 56)
reveals what options are available.
You’ll see a Types category in the left-hand pane,
which reveals that Bitwarden can also be used forstoring credit card information and personal contact
details, for quick-fire form and payment-field filling on
websites. These work in the same way as your logins but
are obviously optimised for the information they contain- the Cards option provides fields for card numbers,
expiry dates, security codes and so on. There’s also a
generic Secure Note option, which lets you store all
kinds of sensitive information like offline passwords,
product keys and so on.
Whichever option you use, don’t feel constrained by
the fields offered – scroll down to the bottom and you
can add custom fields. These can be plain or hidden
(like passwords) text or Boolean (a checkbox allowing
you to set a yes/no field). Logins also enable you to set
multiple URIs, which are web addresses the username/
password combination will be recognised on.
One final feature worth noting is Organisations – set
these up via the web-based vault under Settings >
Organisations. This enables you to share logins and
other information with others via collections, which are
shared folders. Free users can share with one other user
only, with a limit of two collections. A Families paid-for
tier – $1 a month – raises this to unlimited collections
with five users. If you’re running Bitwarden on your own
server, there are no limits – you can have as many
organisations and collections as you wish.
Don’t forget to write down your recovery 2FA code – without it you
might lock yourself out of your vault.QNAP’s Container Station supports Docker images, making it a great choice for a host.5556March 2 h6r0evlh0vsowtk March 2020 LXF260 59
Password manager TUTORIALS
SECURE YOUR NEXT ISSUE... Subscribe now at http://bit.ly/LinuxFormat
SETUPA REVERSEPROXY
Ifyou’reaQNAPuser,openContainerStation,selectCreate and type
‘linuxserverletsencrypt’intothesearchbox.Selectthefirst result
(linuxserver/letsencrypt),clickCreate,leaveLatestselected and click
Next.InCreateContainer,werecommendlimitingCPUto20% and
memoryto1024MB.ClickAdvancedSettings’Addenvironment settings:
PUID= 1000 PGID= 1000 TZ= Europe/London VALIDATION = http.
AddURL= domain.com,replacingdomain.comwithyour own
domainordynamichostname.Ifyou’reusingyourowndomain and
plantousesubdomains,createaSUBDOMAINvalue,listing each
subdomain,separatedbyacomma(forexample:SUBDOMAINS =
bw,nc),pluschangetheexistingONLY_SUBDOMAINSvalue to true.
SelectNetworkandchangeNetworkModetoBridged.Select Use
StaticIPtoassignauniqueIPaddresstoyourcontainer,through
whichallsubsequenttrafficwillbeforwarded.SelectShared Folders
andclickAddunderVolumeFromHosttomap/config(mount point)
toasuitablefolderonyourNASdrive(say/containers/letsencrypt,
whichyou’llneedtocreateinFileStation).ClickCreate.
SwitchtoContainersandafteryourletsencryptcontainer appears
andstartsrunning,clicktomonitorprogressthroughtheConsole.Lengthismore
importantthan
randomness
whencreating
yourmaster
password,
sochoose
something
onlyyouwould
know.For
example,you
couldmakeuse
ofa favourite
ancestorlike
so:18Billy
1881Thekid59.by choosing your form of secondary verification –
typically an authenticator app. Use this option in
conjunction with Authy or a similar 2FA app to generate
the codes you’ll need to enter in addition to your
password. When set up, click View Recovery Code to
write this down and store it somewhere secure.
Install the apps
Log out of your web vault and visit https://bitwarden.
com to download the desktop and mobile apps or install
the browser plugins. If you’re primarily using Bitwarden
to securely store online passwords, you can get by with
the browser plugins and mobile apps.
After installing, click the Bitwarden icon in your
browser toolbar or open the mobile app to log in. Those
with self-hosted servers should first click the settings
button and enter your server’s URL (such as https://
bw.domain.com – don’t forget the https this time)
before clicking Save. Click Log In, enter your username
and password and off you go. The step-by-step guide
reveals how to use Bitwarden to manage and generate
strong passwords in your web browser.
The mobile app works in a similar way to the browser
add-on but comes into its own when linked to your
mobile OS’s password auto-fill feature – in Android Oreo
or later, for example, search for Autofill under Settings
and tap Autofill Service. Bitwarden should be in this list,
so tap it. Going forward, whenever prompted to enter
login details in apps or browsers, you should see an
option to automatically input the relevant password
from your Bitwarden vault.
You can also install a standalone Bitwarden app on
your PC – this is a portable AppImage package for Linux
users, so after downloading be sure to right-click it and
choose Properties > Permissions, and tick Allow
Executing File As Program before running it. The app
sports a similar user interface to the web-based vault,
but it isn’t a substitute for the browser plugin – while you
can right-click a login and choose Launch to jump to
that page in your web browser, it can’t autofill your login
details. Its main use is for managing your existing logins.
As your collection of passwords increases, you may
find your vault begins to look a bit messy. It’s not a
problem – the search box makes zeroing in on a specific
login easy enough, but Bitwarden offers you the option
of organising passwords into folders to make browsing
your collection easier – the annotation (see page 56)
reveals what options are available.
You’ll see a Types category in the left-hand pane,
which reveals that Bitwarden can also be used for
storing credit card information and personal contact
details, for quick-fire form and payment-field filling on
websites. These work in the same way as your logins but
are obviously optimised for the information they contain- the Cards option provides fields for card numbers,
expiry dates, security codes and so on. There’s also a
generic Secure Note option, which lets you store all
kinds of sensitive information like offline passwords,
product keys and so on.
Whichever option you use, don’t feel constrained by
the fields offered – scroll down to the bottom and you
can add custom fields. These can be plain or hidden
(like passwords) text or Boolean (a checkbox allowing
you to set a yes/no field). Logins also enable you to set
multiple URIs, which are web addresses the username/
password combination will be recognised on.
One final feature worth noting is Organisations – set
these up via the web-based vault under Settings >
Organisations. This enables you to share logins and
other information with others via collections, which are
shared folders. Free users can share with one other user
only, with a limit of two collections. A Families paid-for
tier – $1 a month – raises this to unlimited collections
with five users. If you’re running Bitwarden on your own
server, there are no limits – you can have as many
organisations and collections as you wish.
Don’t forget to write down your recovery 2FA code – without it you
might lock yourself out of your vault.QNAP’s Container Station supports Docker images, making it a great choice for a host.