How to make Bitwarden more secure

Introduction

In light of the recent security incident involving LastPass, the importance of ensuring the security of password managers has come to the forefront. As a result, some vulnerabilities have been identified in Bitwarden. This guide will provide steps to enhance the security of your Bitwarden vault in accordance with the latest recommendations.

Increasing the number of PBKDF2 iterations

Reference Bitwarden documentation

Why should I change it?

In order to align with the guidelines outlined in the OWASP Password Storage Cheat Sheet, it is recommended to increase the number of PBKDF2 iterations to a minimum of 600,000. While Bitwarden has recently increased the default iterations for new accounts, this change does not apply retroactively. It is possible that your account may still have the previous default of 100,000 iterations or lower set if you created it before they implemented these changes. To ensure the security of your account, it is important to review and update the PBKDF2 iterations accordingly.

How do I change it?

To enhance the security of your account by increasing the PBKDF2 iterations, navigate to the encryption key settings page under Account Settings → Security → Keys on the Bitwarden Web Vault. Here, you can adjust the “KDF iterations” value to either the recommended minimum value of 600,000 or your desired setting.

Click on an image to view it larger

An image illustrating where the settings page is for security keys An image illustrating where to set the number of PBKDF2 iterations

Automatically clearing the clipboard

Why should I enable it?

Enabling the automatic clipboard clearing feature of a password manager is an important security measure.

This feature automatically clears the clipboard after a certain period of time to prevent sensitive information, such as passwords, from being accidentally or maliciously copied and pasted into other applications. This can help to protect against common forms of cyber attacks, such as keylogging and clipboard hijacking, which can be used to steal personal information and gain unauthorized access to accounts.

Additionally, it can also prevent others from viewing sensitive information on your device if it is lost, stolen, or shared. Enabling this feature can help to keep your passwords and other sensitive information secure and protect you from potential security breaches.

How do I enable it?

To activate the automatic clipboard clearing feature for the various Bitwarden apps, please refer to the instructions provided for each below:

Browser Extension

Click on an image to view it larger

An image illustrating where the settings page is for automatically clearing the clipboard on the Bitwarden browser extension An image illustrating where to change the setting for automatically clearing the clipboard on the Bitwarden browser extension

Desktop App (Windows)

Click on an image to view it larger

An image illustrating where the settings page is for automatically clearing the clipboard on the Bitwarden desktop app An image illustrating where to change the setting for automatically clearing the clipboard on the Bitwarden desktop app

Mobile App (Android)

Click on an image to view it larger

An image illustrating where the settings page is for automatically clearing the clipboard on the Bitwarden mobile app An image illustrating where to change the setting for automatically clearing the clipboard on the Bitwarden mobile app

See Also