mirror of
https://github.com/bitwarden/help
synced 2025-12-16 00:03:41 +00:00
update articles with proper linking
This commit is contained in:
Kyle Spearrin
1
.publish
Submodule
1
.publish
Submodule
Submodule .publish added at 0f24ba6f10
@@ -9,7 +9,7 @@ tags: [account, email]
|
||||
|
||||
Your email address can only be changed from the [web vault](https://vault.bitwarden.com).
|
||||
|
||||
1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com.
|
||||
1. Log in to the web vault at <https://vault.bitwarden.com>
|
||||
2. Click **Settings** on the sidebar
|
||||
3. Click **Change Email** under the **General** panel
|
||||
4. Type in your master password and the email you want to use
|
||||
|
||||
@@ -9,7 +9,7 @@ tags: [password, account]
|
||||
|
||||
The master password can only be changed from the [web vault](https://vault.bitwarden.com).
|
||||
|
||||
1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com.
|
||||
1. Log in to the web vault at <https://vault.bitwarden.com>
|
||||
2. Click **Settings** on the sidebar
|
||||
3. Click **Change Master Password** under the **Master Password** panel
|
||||
4. Type in your current password, the new password you want, and then re-type to confirm
|
||||
|
||||
@@ -9,12 +9,12 @@ tags: [two-step login, 2fa, two factor authentication, account]
|
||||
|
||||
Two-step login (or two-factor authentication) can only be configured from the [web vault](https://vault.bitwarden.com).
|
||||
|
||||
1. Log in to the [web vault](https://vault.bitwarden.com) at https://vault.bitwarden.com
|
||||
1. Log in to the web vault at <https://vault.bitwarden.com>
|
||||
2. Click **Settings** on the sidebar
|
||||
3. Click **Manage Two-step Log in** under the **Two-step Log In** panel
|
||||
4. Type in your current password and click **Continue**
|
||||
5. Follow the steps that appear
|
||||
- Download a two-step verification app (usually on your mobile device). We recommend [Authy](https://authy.com/).
|
||||
- Download a two-step verification app (usually on your mobile device). We recommend [Authy](https://authy.com/){:target="_blank"}.
|
||||
- Scan the QR code with the verification app.
|
||||
- Enter the verification code from the app.
|
||||
6. Click **Enable Two-step**. Note:
|
||||
|
||||
@@ -9,10 +9,6 @@ tags: []
|
||||
|
||||
No.
|
||||
|
||||
Since your data is fully encrypted and/or hashed before ever leaving **your** local device, no one from the bitwarden
|
||||
team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encrypted and hashed
|
||||
data. This is an important step that bitwarden takes to protect you.
|
||||
Since your data is fully encrypted and/or hashed before ever leaving **your** local device, no one from the bitwarden team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encrypted and hashed data. This is an important step that bitwarden takes to protect you.
|
||||
|
||||
You can read more about how your data is encrypted and transmitted [here][whatencryption].
|
||||
|
||||
[whatencryption]: https://help.bitwarden.com/security/what-encryption-is-used/
|
||||
You can read more about how your data is encrypted and transmitted [here]({% link _articles/security/what-encryption-is-used.md %}).
|
||||
@@ -4,12 +4,7 @@ title: How do you keep the cloud servers secure?
|
||||
categories: [Security]
|
||||
featured: true
|
||||
popular: false
|
||||
tags: [cloud]
|
||||
tags: [cloud, azure]
|
||||
---
|
||||
|
||||
bitwarden processes and stores all data securely in the [Microsoft Azure cloud][azure] using services that are managed by the
|
||||
team at Microsoft. Since bitwarden only uses service offerings provided by Azure, there is no server infrastructure to
|
||||
manage and maintain. All uptime, scalability, and security updates and guarantees are backed by Microsoft and their cloud
|
||||
infrastructure.
|
||||
|
||||
[azure]: https://azure.com
|
||||
bitwarden processes and stores all data securely in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"} using services that are managed by the team at Microsoft. Since bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, and security updates and guarantees are backed by Microsoft and their cloud infrastructure.
|
||||
|
||||
@@ -7,16 +7,8 @@ popular: false
|
||||
tags: [encryption]
|
||||
---
|
||||
|
||||
bitwarden takes security very seriously when it comes to handling your sensitive data. Your data is never sent to the
|
||||
bitwarden cloud servers without first being encrypted on your local device using [AES][aes] 256 bit encryption. You can read
|
||||
more about bitwarden encryption [here][encryption]. bitwarden never stores meaningful data on its servers.
|
||||
bitwarden takes security very seriously when it comes to handling your sensitive data. Your data is never sent to the bitwarden cloud servers without first being encrypted on your local device using [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard){:target="blank"} 256 bit encryption. You can read more about bitwarden encryption [here]({% link _articles/security/what-encryption-is-used.md %}). bitwarden never stores meaningful data on its servers.
|
||||
|
||||
When your devices sync with the bitwarden cloud servers, a copy of the encrypted data is downloaded and securely stored
|
||||
to your local device. Whenever you use the bitwarden apps or extensions your data is decrypted only in memory as needed.
|
||||
Data is never stored in its decrypted form on the remote bitwarden servers or on your local device.
|
||||
When your devices sync with the bitwarden cloud servers, a copy of the encrypted data is downloaded and securely stored to your local device. Whenever you use the bitwarden apps or extensions your data is decrypted only in memory as needed. Data is never stored in its decrypted form on the remote bitwarden servers or on your local device.
|
||||
|
||||
bitwarden servers are securely hosted and managed in the [Microsoft Azure cloud][azure].
|
||||
|
||||
[aes]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
||||
[encryption]: https://help.bitwarden.com/security/what-encryption-is-used/
|
||||
[azure]: https://azure.com
|
||||
bitwarden servers are securely hosted and managed in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"}.
|
||||
|
||||
@@ -9,11 +9,6 @@ tags: [encryption, hash]
|
||||
|
||||
Yes.
|
||||
|
||||
bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is
|
||||
transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted
|
||||
again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and
|
||||
hashes are compared every time you log in.
|
||||
bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and hashes are compared every time you log in.
|
||||
|
||||
The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at
|
||||
bitwarden to reveal your true master password. In the hypothetical event that the bitwarden servers were hacked and your
|
||||
data was leaked, the data would have **no value** to the hacker.
|
||||
The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at bitwarden to reveal your true master password. In the hypothetical event that the bitwarden servers were hacked and your data was leaked, the data would have **no value** to the hacker.
|
||||
@@ -7,27 +7,23 @@ popular: false
|
||||
tags: [encryption]
|
||||
---
|
||||
|
||||
bitwarden uses [AES][aes] 256 bit encryption as well as [PBKDF2][pbkdf2] to secure your data.
|
||||
bitwarden uses [AES][aes]{:target="blank"} 256 bit encryption as well as [PBKDF2][pbkdf2]{:target="blank"} to secure your data.
|
||||
|
||||
[AES][aes] is used by the US government and other government agencies around the world for protecting top secret data. With
|
||||
proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
|
||||
[AES][aes]{:target="blank"} is used by the US government and other government agencies around the world for protecting top secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
|
||||
|
||||
[PBKDF2][pbkdf2] is used to derive the encryption key from your master password. This key is then salted and hashed.
|
||||
[PBKDF2][pbkdf2]{:target="blank"} is used to derive the encryption key from your master password. This key is then salted and hashed.
|
||||
|
||||
bitwarden does not write any crypto code. bitwarden only invokes crypto from popular and reputable crypto libraries that are
|
||||
written and maintained by cryptography experts. The following crypto libraries are used:
|
||||
bitwarden does not write any crypto code. bitwarden only invokes crypto from popular and reputable crypto libraries that are written and maintained by cryptography experts. The following crypto libraries are used:
|
||||
|
||||
- Javascript (web and browser extension vaults)
|
||||
- [Forge][forge]
|
||||
- [Web Crypto][webcrypto]
|
||||
- [Forge][forge]{:target="blank"}
|
||||
- [Web Crypto][webcrypto]{:target="blank"}
|
||||
- C# (mobile vault)
|
||||
- CommonCrypto (iOS, Apple)
|
||||
- Javax.Crypto (Android, Oracle)
|
||||
- [BouncyCastle][bouncy] (Android)
|
||||
- [BouncyCastle][bouncy]{:target="blank"} (Android)
|
||||
|
||||
bitwarden **always** encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for
|
||||
syncing. The bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from
|
||||
the bitwarden cloud servers.
|
||||
bitwarden **always** encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for syncing. The bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from the bitwarden cloud servers.
|
||||
|
||||
[aes]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
||||
[pbkdf2]: https://en.wikipedia.org/wiki/PBKDF2
|
||||
|
||||
@@ -7,11 +7,6 @@ popular: false
|
||||
tags: [hacked]
|
||||
---
|
||||
|
||||
bitwarden takes extreme measures to ensure that its websites, application, and cloud servers are secure. Part of this security
|
||||
comes from the fact that [we rely on managed services and do not manage our cloud server infrastructure at all][cloud].
|
||||
bitwarden takes extreme measures to ensure that its websites, application, and cloud servers are secure. Part of this security comes from the fact that [we rely on managed services and do not manage our cloud server infrastructure at all]({% link _articles/security/cloud-server-security.md %}).
|
||||
|
||||
However, if for some reason bitwarden were to get hacked and your data was exposed, your information is still protected. This is
|
||||
because bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is
|
||||
safe no matter who gets hold of it.
|
||||
|
||||
[cloud]: https://help.bitwarden.com/security/cloud-server-security/
|
||||
However, if for some reason bitwarden were to get hacked and your data was exposed, your information is still protected. This is because bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is safe no matter who gets hold of it.
|
||||
|
||||
@@ -7,8 +7,4 @@ popular: false
|
||||
tags: [cloud]
|
||||
---
|
||||
|
||||
bitwarden processes and stores all data securely in the [Microsoft Azure cloud][azure] using services that are managed by the
|
||||
team at Microsoft. bitwarden does not manage any server infrastructure or security directly. All data is backed up multiple
|
||||
times over, again using services provided by Microsoft Azure.
|
||||
|
||||
[azure]: https://azure.com
|
||||
bitwarden processes and stores all data securely in the [Microsoft Azure cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="_blank"} using services that are managed by the team at Microsoft. bitwarden does not manage any server infrastructure or security directly. All data is backed up multiple times over, again using services provided by Microsoft Azure.
|
||||
|
||||
@@ -20,7 +20,4 @@ Your encrypted data can be found on your computer/device in the following locati
|
||||
- Android
|
||||
- `/data/data/com.x8bit.bitwarden/`
|
||||
|
||||
You data is also automatically synced to our [cloud servers][cloud]. In the event that you need to recover your data due to
|
||||
a device crash, simply reinstall the bitwarden application and log in and your data will be re-synced.
|
||||
|
||||
[cloud]: https://help.bitwarden.com/security/where-is-data-stored-cloud/
|
||||
You data is also automatically synced to our [cloud servers]({% link _articles/security/where-is-data-stored-cloud.md %}). In the event that you need to recover your data due to a device crash, simply reinstall the bitwarden application and log in and your data will be re-synced.
|
||||
|
||||
@@ -7,12 +7,7 @@ popular: true
|
||||
tags: []
|
||||
---
|
||||
|
||||
1. bitwarden is 100% open source software. All of our source code is hosted on [GitHub][github] and is free for anyone
|
||||
to review. Hundreds of software developers follow bitwarden's source code projects (and you can too!).
|
||||
2. We do not store your passwords. We store encrypted versions of your passwords [that only you can unlock][encrypted].
|
||||
1. bitwarden is 100% open source software. All of our source code is hosted on [GitHub](https://github.com/bitwarden){:target="_blank"} and is free for anyone to review. Hundreds of software developers follow bitwarden's source code projects (and you can too!).
|
||||
2. We do not store your passwords. We store encrypted versions of your passwords [that only you can unlock]({% link _articles/security/can-bitwarden-see-my-passwords.md %}).
|
||||
Your sensitive information is all encrypted locally on your personal device before ever being sent to our cloud servers.
|
||||
3. bitwarden has a reputation. bitwarden is used by thousands of people. If we did anything questionable or risky we
|
||||
would be out of business.
|
||||
|
||||
[github]: https://github.com/bitwarden
|
||||
[encrypted]: https://help.bitwarden.com/security/can-bitwarden-see-my-passwords/
|
||||
3. bitwarden has a reputation. bitwarden is used by thousands of people. If we did anything questionable or risky we would be out of business.
|
||||
@@ -258,15 +258,20 @@ footer {
|
||||
}
|
||||
|
||||
h2 {
|
||||
font-size: $font-size-h2 * .6;
|
||||
font-size: 20px;
|
||||
}
|
||||
|
||||
h3 {
|
||||
font-size: $font-size-base;
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
h4 {
|
||||
font-size: $font-size-base;
|
||||
font-size: 16px;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
h5 {
|
||||
font-size: 16px;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user