Make your passwords unhackable
What you need: Bitwarden (free account); Windows 7, 8.1 or 10 Time taken: 20 minutes
In March, password manager Lastpass imposed new restrictions on free accounts, meaning you can now only access your passwords on computers or mobile devices (but not both). In Issue 601 (page 62), we explained how to move your passwords from
Lastpass to a less restrictive tool – we recommended Bitwarden. Here, we’ll show you how to tweak Bitwarden to make the passwords it generates unhackable and reveal its hidden tools that can add even more protection to your online accounts.
STEP 1
If you don’t already have a Bitwarden account, create a free one at www.snipca.com/37640. Once you’ve registered, download the Bitwarden extension for your browser by going to www.snipca.com/37641, scrolling down to the Web Browser section, then selecting the version for your browser 1 (it’s available for all major browsers, including Chrome and Edge). Open the Bitwarden extension in your browser (in Chrome, you may need to click the jigsaw icon 2 to reveal it 3 ), then enter your master password to unlock your Bitwarden vault.
STEP 2
Click Generator 1 at the bottom of the Bitwarden extension window. In the next screen, you can tell Bitwarden to generate passwords (a random series of characters) or passphrases (random words). Passphrases are easier to remember, but because they use real words they are more susceptible to brute force attacks, where hackers use tools that combine random words in an attempt to match your password. Because Bitwarden will be handling all your passwords for you (including automatically filling relevant login fields), we recommend setting this box to Password 2 .
STEP 3
Bitwarden can generate passwords of between five and 128 characters long. The more characters a password has, the more secure it will be. However, if you ever have to type a password yourself (such as if you’re using a device on which you don’t have Bitwarden installed), you probably won’t appreciate having to tap out a 128-character password. We therefore recommend you strike a balance between security and convenience, setting the Length slider 1 to between 10 and 16 characters.
STEP 4
Below the password-length slider you can choose the types of characters you want Bitwarden to use when generating passwords. We suggest ticking all four boxes 1 because the variety of character types will make your password harder to hack. Bear in mind some websites won’t let you use special characters when creating a password, in which case you’ll need to return to this option and temporarily untick it. Below this, you can choose how many numbers and special characters you want in your passwords (we recommend at least one of each 2 ). You can also choose to avoid ambiguous characters 3 (such as a capital ‘I’, which can be mistaken for a 1) – doing so makes your passwords slightly less secure, but easier for you to type when needed.
STEP
5
When you want to generate a new password (for example, when signing up for a new online account), right-click the password box on the website in question, then select Bitwarden 1 followed by ‘Generate password (copied)’ 2 . Bitwarden will now create a new, random password based on the settings you made earlier. Note that Bitwarden won’t fill the password box with your new password automatically – instead it copies the password to the Windows clipboard. To paste it into the password box, right-click and select Paste or simply press Ctrl+p.
STEP 6
By default, your generated password will remain in your clipboard until you copy something else, which means you might accidentally paste the password into a document or email later on. More worryingly, someone using the same computer after you might be able to view your password. To avoid this, set Bitwarden to clear the clipboard after generating a password. In the Bitwarden extension, select Settings, scroll down and click Options. Next, click the ‘Clear clipboard’ box and set a time of between 10 seconds and 5 minutes 1 .
STEP
7
Bitwarden will keep you logged into your vault for as long as you have your browser open. While this can be convenient, if you leave your PC unattended someone else may gain access to your passwords. To prevent this, return to the Settings section of the Bitwarden extension 1 , then click the box under ‘Vault timeout’ 2 – you can choose to close the vault after a set period of time or after an action such as restarting your browser or locking your PC. For an easier way to unlock your vault, tick ‘Unlock with PIN’ 3 , enter a series of numbers (we recommend at least four), then click Submit. You can then unlock your vault by typing this PIN rather than entering your master password. Note that the PIN will only work on your PC.