From d1f809adf7303c3c714a35af5c3dd9037fd33cb8 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Tue, 23 May 2017 10:14:27 -0400 Subject: [PATCH] update articles with proper linking --- .publish | 1 + _articles/account/how-to-change-your-email.md | 2 +- .../how-to-change-your-master-password.md | 2 +- .../account/how-to-setup-two-step-login.md | 4 ++-- .../can-bitwarden-see-my-passwords.md | 8 ++------ _articles/security/cloud-server-security.md | 9 ++------- ...is-data-securely-transmitted-and-stored.md | 14 +++---------- _articles/security/password-salt-hash.md | 9 ++------- _articles/security/what-encryption-is-used.md | 20 ++++++++----------- .../what-happens-if-bitwarden-is-hacked.md | 9 ++------- .../security/where-is-data-stored-cloud.md | 6 +----- .../security/where-is-data-stored-computer.md | 5 +---- .../security/why-should-i-trust-bitwarden.md | 11 +++------- _sass/_help.scss | 11 +++++++--- 14 files changed, 37 insertions(+), 74 deletions(-) create mode 160000 .publish diff --git a/.publish b/.publish new file mode 160000 index 00000000..0f24ba6f --- /dev/null +++ b/.publish @@ -0,0 +1 @@ +Subproject commit 0f24ba6f10bd28b804df4ca2f9697cfb3cd06739 diff --git a/_articles/account/how-to-change-your-email.md b/_articles/account/how-to-change-your-email.md index 27a71940..12a8cafd 100644 --- a/_articles/account/how-to-change-your-email.md +++ b/_articles/account/how-to-change-your-email.md @@ -9,7 +9,7 @@ tags: [account, email] Your email address can only be changed from the [web vault](https://vault.bitwarden.com). -1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com. +1. Log in to the web vault at 2. Click **Settings** on the sidebar 3. Click **Change Email** under the **General** panel 4. Type in your master password and the email you want to use diff --git a/_articles/account/how-to-change-your-master-password.md b/_articles/account/how-to-change-your-master-password.md index 5602799f..deee9b7c 100644 --- a/_articles/account/how-to-change-your-master-password.md +++ b/_articles/account/how-to-change-your-master-password.md @@ -9,7 +9,7 @@ tags: [password, account] The master password can only be changed from the [web vault](https://vault.bitwarden.com). -1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com. +1. Log in to the web vault at 2. Click **Settings** on the sidebar 3. Click **Change Master Password** under the **Master Password** panel 4. Type in your current password, the new password you want, and then re-type to confirm diff --git a/_articles/account/how-to-setup-two-step-login.md b/_articles/account/how-to-setup-two-step-login.md index e9932c26..857fb09f 100644 --- a/_articles/account/how-to-setup-two-step-login.md +++ b/_articles/account/how-to-setup-two-step-login.md @@ -9,12 +9,12 @@ tags: [two-step login, 2fa, two factor authentication, account] Two-step login (or two-factor authentication) can only be configured from the [web vault](https://vault.bitwarden.com). -1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com +1. Log in to the web vault at 2. Click **Settings** on the sidebar 3. Click **Manage Two-step Log in** under the **Two-step Log In** panel 4. Type in your current password and click **Continue** 5. Follow the steps that appear - - Download a two-step verification app (usually on your mobile device). We recommend [Authy](https://authy.com/). + - Download a two-step verification app (usually on your mobile device). We recommend [Authy](https://authy.com/){:target="_blank"}. - Scan the QR code with the verification app. - Enter the verification code from the app. 6. Click **Enable Two-step**. Note: diff --git a/_articles/security/can-bitwarden-see-my-passwords.md b/_articles/security/can-bitwarden-see-my-passwords.md index c0517fbb..9296479b 100644 --- a/_articles/security/can-bitwarden-see-my-passwords.md +++ b/_articles/security/can-bitwarden-see-my-passwords.md @@ -9,10 +9,6 @@ tags: [] No. -Since your data is fully encrypted and/or hashed before ever leaving **your** local device, no one from the bitwarden -team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encrypted and hashed -data. This is an important step that bitwarden takes to protect you. +Since your data is fully encrypted and/or hashed before ever leaving **your** local device, no one from the bitwarden team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encrypted and hashed data. This is an important step that bitwarden takes to protect you. -You can read more about how your data is encrypted and transmitted [here][whatencryption]. - -[whatencryption]: https://help.bitwarden.com/security/what-encryption-is-used/ +You can read more about how your data is encrypted and transmitted [here]({% link _articles/security/what-encryption-is-used.md %}). \ No newline at end of file diff --git a/_articles/security/cloud-server-security.md b/_articles/security/cloud-server-security.md index be009ae1..d5894794 100644 --- a/_articles/security/cloud-server-security.md +++ b/_articles/security/cloud-server-security.md @@ -4,12 +4,7 @@ title: How do you keep the cloud servers secure? categories: [Security] featured: true popular: false -tags: [cloud] +tags: [cloud, azure] --- -bitwarden processes and stores all data securely in the [Microsoft Azure cloud][azure] using services that are managed by the -team at Microsoft. Since bitwarden only uses service offerings provided by Azure, there is no server infrastructure to -manage and maintain. All uptime, scalability, and security updates and guarantees are backed by Microsoft and their cloud -infrastructure. - -[azure]: https://azure.com +bitwarden processes and stores all data securely in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"} using services that are managed by the team at Microsoft. Since bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, and security updates and guarantees are backed by Microsoft and their cloud infrastructure. diff --git a/_articles/security/how-is-data-securely-transmitted-and-stored.md b/_articles/security/how-is-data-securely-transmitted-and-stored.md index 123ce430..64e39e06 100644 --- a/_articles/security/how-is-data-securely-transmitted-and-stored.md +++ b/_articles/security/how-is-data-securely-transmitted-and-stored.md @@ -7,16 +7,8 @@ popular: false tags: [encryption] --- -bitwarden takes security very seriously when it comes to handling your sensitive data. Your data is never sent to the -bitwarden cloud servers without first being encrypted on your local device using [AES][aes] 256 bit encryption. You can read -more about bitwarden encryption [here][encryption]. bitwarden never stores meaningful data on its servers. +bitwarden takes security very seriously when it comes to handling your sensitive data. Your data is never sent to the bitwarden cloud servers without first being encrypted on your local device using [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard){:target="blank"} 256 bit encryption. You can read more about bitwarden encryption [here]({% link _articles/security/what-encryption-is-used.md %}). bitwarden never stores meaningful data on its servers. -When your devices sync with the bitwarden cloud servers, a copy of the encrypted data is downloaded and securely stored -to your local device. Whenever you use the bitwarden apps or extensions your data is decrypted only in memory as needed. -Data is never stored in its decrypted form on the remote bitwarden servers or on your local device. +When your devices sync with the bitwarden cloud servers, a copy of the encrypted data is downloaded and securely stored to your local device. Whenever you use the bitwarden apps or extensions your data is decrypted only in memory as needed. Data is never stored in its decrypted form on the remote bitwarden servers or on your local device. -bitwarden servers are securely hosted and managed in the [Microsoft Azure cloud][azure]. - -[aes]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard -[encryption]: https://help.bitwarden.com/security/what-encryption-is-used/ -[azure]: https://azure.com +bitwarden servers are securely hosted and managed in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"}. diff --git a/_articles/security/password-salt-hash.md b/_articles/security/password-salt-hash.md index fbecb47d..37ba4fb2 100644 --- a/_articles/security/password-salt-hash.md +++ b/_articles/security/password-salt-hash.md @@ -9,11 +9,6 @@ tags: [encryption, hash] Yes. -bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is -transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted -again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and -hashes are compared every time you log in. +bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and hashes are compared every time you log in. -The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at -bitwarden to reveal your true master password. In the hypothetical event that the bitwarden servers were hacked and your -data was leaked, the data would have **no value** to the hacker. \ No newline at end of file +The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at bitwarden to reveal your true master password. In the hypothetical event that the bitwarden servers were hacked and your data was leaked, the data would have **no value** to the hacker. \ No newline at end of file diff --git a/_articles/security/what-encryption-is-used.md b/_articles/security/what-encryption-is-used.md index 6042399c..5d94dc08 100644 --- a/_articles/security/what-encryption-is-used.md +++ b/_articles/security/what-encryption-is-used.md @@ -7,27 +7,23 @@ popular: false tags: [encryption] --- -bitwarden uses [AES][aes] 256 bit encryption as well as [PBKDF2][pbkdf2] to secure your data. +bitwarden uses [AES][aes]{:target="blank"} 256 bit encryption as well as [PBKDF2][pbkdf2]{:target="blank"} to secure your data. -[AES][aes] is used by the US government and other government agencies around the world for protecting top secret data. With -proper implementation and a strong encryption key (your master password), AES is considered unbreakable. +[AES][aes]{:target="blank"} is used by the US government and other government agencies around the world for protecting top secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable. -[PBKDF2][pbkdf2] is used to derive the encryption key from your master password. This key is then salted and hashed. +[PBKDF2][pbkdf2]{:target="blank"} is used to derive the encryption key from your master password. This key is then salted and hashed. -bitwarden does not write any crypto code. bitwarden only invokes crypto from popular and reputable crypto libraries that are -written and maintained by cryptography experts. The following crypto libraries are used: +bitwarden does not write any crypto code. bitwarden only invokes crypto from popular and reputable crypto libraries that are written and maintained by cryptography experts. The following crypto libraries are used: - Javascript (web and browser extension vaults) - - [Forge][forge] - - [Web Crypto][webcrypto] + - [Forge][forge]{:target="blank"} + - [Web Crypto][webcrypto]{:target="blank"} - C# (mobile vault) - CommonCrypto (iOS, Apple) - Javax.Crypto (Android, Oracle) - - [BouncyCastle][bouncy] (Android) + - [BouncyCastle][bouncy]{:target="blank"} (Android) -bitwarden **always** encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for -syncing. The bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from -the bitwarden cloud servers. +bitwarden **always** encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for syncing. The bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from the bitwarden cloud servers. [aes]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard [pbkdf2]: https://en.wikipedia.org/wiki/PBKDF2 diff --git a/_articles/security/what-happens-if-bitwarden-is-hacked.md b/_articles/security/what-happens-if-bitwarden-is-hacked.md index d882e937..aa29a56f 100644 --- a/_articles/security/what-happens-if-bitwarden-is-hacked.md +++ b/_articles/security/what-happens-if-bitwarden-is-hacked.md @@ -7,11 +7,6 @@ popular: false tags: [hacked] --- -bitwarden takes extreme measures to ensure that its websites, application, and cloud servers are secure. Part of this security -comes from the fact that [we rely on managed services and do not manage our cloud server infrastructure at all][cloud]. +bitwarden takes extreme measures to ensure that its websites, application, and cloud servers are secure. Part of this security comes from the fact that [we rely on managed services and do not manage our cloud server infrastructure at all]({% link _articles/security/cloud-server-security.md %}). -However, if for some reason bitwarden were to get hacked and your data was exposed, your information is still protected. This is -because bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is -safe no matter who gets hold of it. - -[cloud]: https://help.bitwarden.com/security/cloud-server-security/ +However, if for some reason bitwarden were to get hacked and your data was exposed, your information is still protected. This is because bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is safe no matter who gets hold of it. diff --git a/_articles/security/where-is-data-stored-cloud.md b/_articles/security/where-is-data-stored-cloud.md index e548755a..08fb20f4 100644 --- a/_articles/security/where-is-data-stored-cloud.md +++ b/_articles/security/where-is-data-stored-cloud.md @@ -7,8 +7,4 @@ popular: false tags: [cloud] --- -bitwarden processes and stores all data securely in the [Microsoft Azure cloud][azure] using services that are managed by the -team at Microsoft. bitwarden does not manage any server infrastructure or security directly. All data is backed up multiple -times over, again using services provided by Microsoft Azure. - -[azure]: https://azure.com +bitwarden processes and stores all data securely in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"} using services that are managed by the team at Microsoft. bitwarden does not manage any server infrastructure or security directly. All data is backed up multiple times over, again using services provided by Microsoft Azure. diff --git a/_articles/security/where-is-data-stored-computer.md b/_articles/security/where-is-data-stored-computer.md index 236df0f1..a9f2f2ba 100644 --- a/_articles/security/where-is-data-stored-computer.md +++ b/_articles/security/where-is-data-stored-computer.md @@ -20,7 +20,4 @@ Your encrypted data can be found on your computer/device in the following locati - Android - `/data/data/com.x8bit.bitwarden/` -You data is also automatically synced to our [cloud servers][cloud]. In the event that you need to recover your data due to -a device crash, simply reinstall the bitwarden application and log in and your data will be re-synced. - -[cloud]: https://help.bitwarden.com/security/where-is-data-stored-cloud/ +You data is also automatically synced to our [cloud servers]({% link _articles/security/where-is-data-stored-cloud.md %}). In the event that you need to recover your data due to a device crash, simply reinstall the bitwarden application and log in and your data will be re-synced. diff --git a/_articles/security/why-should-i-trust-bitwarden.md b/_articles/security/why-should-i-trust-bitwarden.md index 4fabe7c0..4baff21f 100644 --- a/_articles/security/why-should-i-trust-bitwarden.md +++ b/_articles/security/why-should-i-trust-bitwarden.md @@ -7,12 +7,7 @@ popular: true tags: [] --- -1. bitwarden is 100% open source software. All of our source code is hosted on [GitHub][github] and is free for anyone -to review. Hundreds of software developers follow bitwarden's source code projects (and you can too!). -2. We do not store your passwords. We store encrypted versions of your passwords [that only you can unlock][encrypted]. +1. bitwarden is 100% open source software. All of our source code is hosted on [GitHub](https://github.com/bitwarden){:target="_blank"} and is free for anyone to review. Hundreds of software developers follow bitwarden's source code projects (and you can too!). +2. We do not store your passwords. We store encrypted versions of your passwords [that only you can unlock]({% link _articles/security/can-bitwarden-see-my-passwords.md %}). Your sensitive information is all encrypted locally on your personal device before ever being sent to our cloud servers. -3. bitwarden has a reputation. bitwarden is used by thousands of people. If we did anything questionable or risky we -would be out of business. - -[github]: https://github.com/bitwarden -[encrypted]: https://help.bitwarden.com/security/can-bitwarden-see-my-passwords/ +3. bitwarden has a reputation. bitwarden is used by thousands of people. If we did anything questionable or risky we would be out of business. \ No newline at end of file diff --git a/_sass/_help.scss b/_sass/_help.scss index 2e8115a1..f70189b6 100644 --- a/_sass/_help.scss +++ b/_sass/_help.scss @@ -258,15 +258,20 @@ footer { } h2 { - font-size: $font-size-h2 * .6; + font-size: 20px; } h3 { - font-size: $font-size-base; + font-size: 16px; } h4 { - font-size: $font-size-base; + font-size: 16px; + font-weight: bold; + } + + h5 { + font-size: 16px; } }