Two different security companies were tasked by Bitwarden to "reinforce Bitwarden security and help customers comply with enterprise security requirements".
Bitwarden added support for Argon2 KDF recently to its products and also passwordless web vault logins.
Cure53 found no critical or important issues during the analysis of Bitwarden's network and infrastructure.
@ecksmc it's been published by Bitwarden, though. Would you say the independent auditors are trustworthy entities?
@ayankdownunder yes
imo these companies don't have anything really to gain by bullshiting they have more to gain by telling the truth it's their business model after all
if Bitwarden, or any company, then doctored any report it wouldn't look good on them as the audit company would no doubt call them out on that
@ecksmc excellent, seriously, thank you for your thoughts on this, and for sharing the information.
Bitwarden has been getting some odd opinions around it recently, and I was getting nervous about using it.
personally I don't use Bitwarden anymore no reason really other than a personal choice to use another password manager
that said Bitwarden is probably one of the better services to use
@ecksmc 🥂 it's definitely not the best out there, and has its issues, but I've invested enough time in it, so I'll stick for now.
Thanks again!
@ecksmc BitWarden has seen what happened to LastPass and doesn't want to be next. But the breach at LastPass wasn't due to their security. It was from external vulnerabilities and side channel attacks. They would be wise to address and assess these same areas that led to problems for LastPass in addition to verifying their internal security.
@danielbsmith Bitwarden have done audits before kinda annually for them to it
wouldn't say it had anything to do with LastPass breach other than maybe stepping the audit time-frame forward
and if any password manager service hasn't already started to look at external vulnerabilities that happened at lastpass and address things if found already I'd be shocked
The security researchers did find four issues; two of them received a low security threat rating, the other two an informational rating only.
Cure53 concluded that Bitwarden "exhibits a strong security foundation with zero exploitable
vulnerabilities found"
Three of the four issues that the security researchers discovered during the audit have been addressed, the fourth is under investigation