From c42eafd529dbc9f690cda57df7a576f3330f7278 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Wed, 19 Oct 2016 18:09:08 -0400 Subject: [PATCH] various security help articles --- .../can-bitwarden-see-my-passwords.md | 18 +++++++++++++ .../what-happens-if-bitwarden-is-hacked.md | 17 ++++++++++++ .../security/where-is-data-stored-computer.md | 26 +++++++++++++++++++ .../security/why-should-i-trust-bitwarden.md | 18 +++++++++++++ 4 files changed, 79 insertions(+) create mode 100644 _articles/security/can-bitwarden-see-my-passwords.md create mode 100644 _articles/security/what-happens-if-bitwarden-is-hacked.md create mode 100644 _articles/security/where-is-data-stored-computer.md create mode 100644 _articles/security/why-should-i-trust-bitwarden.md diff --git a/_articles/security/can-bitwarden-see-my-passwords.md b/_articles/security/can-bitwarden-see-my-passwords.md new file mode 100644 index 00000000..e34d7a24 --- /dev/null +++ b/_articles/security/can-bitwarden-see-my-passwords.md @@ -0,0 +1,18 @@ +--- +layout: article +title: Can the bitwarden team see my passwords? +category: Security +featured: true +popular: false +tags: [] +--- + +No. + +Since your data is fully encrypted and/or hashed before ever leaving **your** local device, noone from the bitwarden +team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encypted and hashed +data. This is an important step that bitwarden takes to protect you. + +You can read more about how your data is encrypted and trasmitted [here][whatencryption]. + +[whatencryption]: https://help.bitwarden.com/security/what-encryption-is-used/ diff --git a/_articles/security/what-happens-if-bitwarden-is-hacked.md b/_articles/security/what-happens-if-bitwarden-is-hacked.md new file mode 100644 index 00000000..10c02be2 --- /dev/null +++ b/_articles/security/what-happens-if-bitwarden-is-hacked.md @@ -0,0 +1,17 @@ +--- +layout: article +title: What happens if bitwarden gets hacked? +category: Security +featured: true +popular: false +tags: [hacked] +--- + +bitwarden takes extreme measures to ensure that its websites, application, and cloud servers are secure. Part of this security +comes from the fact that [we rely on managed services and do not manage our cloud server infrastructure at all][cloud]. + +However, if for some reason bitwarden were to get hacked and your data was exposed, your information is still protected. This is +because bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is +safe no matter who gets ahold of it. + +[cloud]: https://help.bitwarden.com/security/cloud-server-security/ diff --git a/_articles/security/where-is-data-stored-computer.md b/_articles/security/where-is-data-stored-computer.md new file mode 100644 index 00000000..ee13d411 --- /dev/null +++ b/_articles/security/where-is-data-stored-computer.md @@ -0,0 +1,26 @@ +--- +layout: article +title: Where is my data stored on my computer/device? +category: Security +featured: true +popular: false +tags: [] +--- + +Your encrypted data can be found on your computer/device in the following locations: + +- Windows + - Chrome Extension: `%AppData%\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb` +- Linux + - Chrome Extension: `~/.config/google-chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb` +- Mac + - Chrome Extension: `~/Library/Application Support/Google/Chrome/Default/Local App Settings/nngceckbapebfimnlniiiahkandclblb` +- iOS + - App group for `group.com.8bit.bitwarden` +- Android + - `/data/data/com.x8bit.bitwarden/` + +You data is also automatically synced to our [cloud servers][[cloud]]. In the event that you need to recover your data due to +a device crash, simply reinstall the bitwarden application and log in and your data will be resynced. + +[cloud]: https://help.bitwarden.com/security/where-is-data-stored-cloud/ diff --git a/_articles/security/why-should-i-trust-bitwarden.md b/_articles/security/why-should-i-trust-bitwarden.md new file mode 100644 index 00000000..40398cce --- /dev/null +++ b/_articles/security/why-should-i-trust-bitwarden.md @@ -0,0 +1,18 @@ +--- +layout: article +title: Why should I trust bitwarden with my passwords? +category: Security +featured: true +popular: true +tags: [] +--- + +1. bitwarden is 100% open source software. All of our source code is hosted on [GitHub][github] and is free for anyone +to review. Hundreds of software developers follow bitwarden's source code projects (and you can too!). +2. We do not store your passwords. We store encrypted versions of your passwords that only you can unlock][encrypted]. +Your sensitive information is all encrypted locally on your personal device before ever being sent to our cloud servers. +3. bitwarden has a reputation. bitwarden is used by thousands of people. If we did anything questionable or risky we +would be out of business. + +[github]: https://github.com/bitwarden +[encrypted]: https://help.bitwarden.com/security/can-bitwarden-see-my-passwords/