BitWarden: Why You Should Ditch LastPass, 1Password, etc (with DasGeek) [Part 2 of 2]

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to tux digital's first-ever collaboration because the last time I didn't actually post it I'm honored yeah right it's it my first ever yes it is yeah that I'm here I think it's your first collaboration with some buddies with you in person right not because I did a collaboration where I talked on your show wow that's a good point yet you collaborate on this week in Linux that's right yeah so we're gonna do a video about bid Wharton and this has actually been a highly requested topic that I was supposed to do like a year ago and they were here and we were like we need to do a video and he was showed him my list of options and Ryan was like let's do the bit more video that's a great idea I meant to do a year ago so let's go ahead and do it now so we're gonna we have two different videos on Ryan's channel and dust geek in youtube.com slash DDoS key you can check out why you'd want to use bit warden if you've never seen it heard before it's a password manager and it's a very nice clean open-source powerful password manager we're gonna get to the features in this video about like showing you all the different things that we talked about in his video but if you've never heard about bit warden or checked out a password manager in general you need to go to check out desk dust geeks video at youtube.com slash duskie where you can see all the reasons why you want to check out bit warden and i think it's fantastic and we explain in depth about all the different cool features that are available and we're going to show some of them right now so first of all we're gonna go to the we're gonna switch to the browser view now we're gonna check out the sidebar with the bit warden sidebar setup now if you look at there's a lot of there's also a bit warden most button that when you first set up your system it will open the sidebar but a lot of people don't want this sidebar all the time and that's a fair point because i don't really want it there all the time either but when you use this drop-down thing the most annoying thing about this is if you search for something and then you copy a password but you can alternate a couple username and you click the past put it in it will go right back to the search field and lose your place meaning it automatically closes here at the top which I by the way this tip he's giving you I didn't know until he came here so I'm one of those ones that would just keep going back and clicking at the top did my username then click and go back that's true of my password that's actually one of the things that we can talk about is the sidebar option is that if you have this sidebar you can close it and open it through well it's actually hard to open you to open the sidebar which you can go to the file menu and bla bla what we're going to hold alt shift and then you and it will go right to your bit wardens sidebar and this is a huge time-saver life changed yes it is a huge time saver and it and the best part about it is that when you do open the sidebar it will stay there until you're done using it so you just hit alt shift you again and it goes away now why is it that particular shortcut I have no idea but it's there but it works it's there use it now we're going to talk about the pin system now this is one of the most important things about bit mourn for me when I switched over because I was using LastPass at the time and LastPass was okay but it had this ridiculously annoying thing where when you use it on your phone you either type in your ridiculous password if you have a ridiculous password which I do and the other option was to just save it like a remember password website it was like how is that secure now that anybody who picks up my phone has access to all of my passwords for everything I have that is a broken system and I always hated it because I always had to type it in and then when I got annoyed enough because log me in purchased LastPass was like okay I don't want to deal with these people anymore I look for something and I tried all the different kinds of things the nice randomly found bitte warten and realize that bit Morden is exactly what I wanted an open-source LastPass and better than LastPass and one of the things that makes them better is that they have this pin system so you can't really see it very well on the camera but what it does is that this allows you to enter a pin code and this can be a pin code that is a number it could be words it could be whatever you want it's just the purpose of making it shorter and the reef the reason this is a super valuable is that it's per device pin code you don't have to worry about you know which you can have the same pin covering every device you want to if you want to do that but you can actually have a separate for another one because maybe there's another computer that you have you leave at your office and it's more important that that one has a stronger pin code but you still don't want to typing your ridiculous password you have that option too I wouldn't you have the option for biometrics no not everybody's getting a biometrics but bit warden has face identification in it so for iPhone users if you're using face unlock you have that you can also do fingerprint unlock if you don't as well so you can use pin fingerprint face all of those options depending on what the availability is on the hardware you use but anyway yeah fingerprint face ID and also the pin code like if you have a phone that doesn't have fingerprint or face ID it used to be you have no option and technically LastPass does have like fingerprint reader but it's like when I first got into LastPass I had a phone that didn't have any of those things or there's still a lot of phones that don't have those and having the pin code system is super simple and basically everybody understand the pin code because their bank account all that stuff right so it's such a great thing to have that I felt like I had you started using an application that understood security is important but also convenience is important absolutely so they covered both sides and that is why they're fantastic and now another thing that they have is also two-factor authentication so they have the free version in the premium version they have two-factor authentication available for both and we're also going to show another one later on for another authentication system that that is gonna be for the premium side but first the two factor is actually if you're not familiar what to factor it means it means it's two-factor authentication which means it's a 2-step authentication where something you have and something you know so for example let's you have an application on your phone that is an Authenticator app for example we're going to show up with with authy and for some reason the default thing is humblebundle ignore that part so what this is is that it is a an Authenticator app that gives you this random code now I don't care if I'm showing you this code because in 20 seconds this code will be worthless right so if that's one of the best things about two-factor because it's it's fantastic actually now it's worth using you know this new ones now here and it's gonna be worthless in Tanana you better hurry up yeah everything if you can if you can time travel that'll be impressive but basically what happens is that you gives you this code and if you have this code which requires physical access to a phone or some other you can do like you b'keen whatever looking at that but you can do this code and also the password so that even if they do have your password if they don't have your phone in your Authenticator code they don't it doesn't matter even though having the best word is still worthless and that's one of the cool things about to about to factor and about the award is it has all these different features so that's how you use the two-factor authentication but now we're going to talk about something that is something I enjoy a lot and that is the self hosted aspect I enjoy this about any kind of software that's one of the things I look out for the most and that is to have the ability to host it myself hosting it myself there's always something I look for for every application I use if I could sometimes I'll use the hosting and sometimes I won't host it myself it depends on what it is in this case I have done both and I think either option is totally fine however so a hosting it yourself might not be the best depending on your level of security of server administration skill and whatever but what you can do is set up a digitalocean droplet and then use by the way use do dot Co slash tux for that digitalocean droplet and you can then set up this docker image because they actually have a docker droplet you can just load mmm and then put the docker image of bit warden in that dr droplet and be good to go of course you still need to do hardening and security stuff for the server itself but yeah they're not an expert stay away from this option if you do know what you're doing security wise it's an awesome option but the cool thing about it is yes you know something's fully open source when you can host it on the server side as well yes that's the most important piece because almost like there's so many things you're like like telegram it's open but only on the clients right so the server itself isn't open and this is like this is such I think this is probably the most important piece is because even if you don't host it yourself the fact that you can shows that they have so much confidence in their code and so much confidence in their ability to guarantee security or maybe not guarantee it because obviously there's no way to 100% guarantee very good thing right but to put as much effort as they possibly can and are comfortable showing you the code that they used to do it proves as well as even the server proves that they actually do have a lot of confidence in their work which is one of the reasons why I like this work now can you migrate if you let's say I sign up yes that's that's one of the coolest thing is that you can create a hosted version and then you can go to self hosted if you like now I the way of doing this is different because you have to have I have to in order to show you how to do this migration I would need to have a server set up for this and we don't currently have a server because we're kind of doing it like a short amount of time so apologize for that if I can do it in post I will let you know if I can you actually will just see it right now but just in case I didn't have time to do it in post there we're gonna show you is the idea is that you have a droplet set up for you and then you just take an export of all the content in your droplet or in your bit warden and your big word involved specifically and then import it into the now self-hosted version and that's all you have to do the import export is super super simple so we're gonna go ahead and since we're talking about imports let's just go ahead and jump into the import section as well for the regulars whether you're using a different thing or not so whether you can use bit warden and you can migrate from basic almost everything I've ever heard of a stuff I've never even heard of in the first place so let's say you want to import your items from another company you go to the import items in your sidebar and it will just show you all the companies that you can get now if you have LastPass it will show you like instructions directly from LastPass but essentially what it does but on the side it's saying that this is what it supports from the exporter so some of these things will use CSV some will use JSON it depends on what the actual company uses as their export tool some will specify multiple export options and that's why they list which ones they were compatible with so for example LastPass does a CSV now all you need to do is going I don't have a LastPass account anymore so it's kind of hard for me to demonstrate this but if you go into this the export section of LastPass it will say you would like to export all of your passwords you say click yes and it will own them I pretty sure it only gives you a CSV option it might but if it has multiple options that's where you would select I want the CSV file because that's what's going to give you the best import yeah good point so the CSV file is if you're not sure what that means that means comma separated values and that's when when you when you look at it it'll just have a ton of different met code and different thing text separated by commas and the reason why C is I think I prefer them to have CSV because it's just smoother it's kind of a standard yeah it's a standard J's is also pretty good too and they some of them have their own special export tool but what's cool about this like f-secure key has their own FSK format and bit warden supports that particular form right they spent the time to figure it out with the enemy code exactly so once you have your export file then you want to do the import obviously so but the the thing about this is that when you do an import you don't actually use the sidebar or any of the tools but extensions you need to go to your web fault so what we're gonna do is see you're going to go to the front page and click the access web ball you can actually do this other places too which is basically volta bitte warten comm is assist below so you're just opening a browser putting that in right you're gonna you're gonna go to that go to that section and then once you do we're gonna go into this vault and here you're gonna click the tools tab and then the import data option now you'll hear you'll be select which file it is and then it'll click browse to find the actual files you want it'll just whichever one your export tool gives you so as you can see there are a couple of options to import you'll see the blade ability to import a specific file and also a copy and pasting feature I mean you might be wondering why is there a copy and pasting feature well some reason some services such as LastPass do not output a file they just output the text in your web browser because reasons I guess so from here I'm going to show you how to export your data from LastPass if you're not using LastPass using something else I can't really have everything included in that but I wanted to show LastPass because over the way it does their their output of exporting is hot so you'll need to login to the web vault version not the extensions because exporting is only available through the web vault that I've found so first of all we're gonna go to more options and then you'll see this advanced option you click that and then they'll be export now when you click export it will ask you for your password and a lot username information so once you put that information in you'll be able to get this data so for example this is just a demonstration of some basic data I didn't really put anything putting passwords in here whatever this is just an example of how it will output it as text so what you need to do is just copy ctrl a ctrl C copy the text and then paste it into the bit warden field for pasting and then you can M do the import at function so LastPass is an example where technically it's a CSV comma separated value system how they export the data but they don't give you a file to do it so you could just manually create a file from this data if you want to for some reason or just copy and paste it and put it into the bit warden import tool then once you're done you all you do is click the import tool and that's it it takes a few seconds actually not even that long really yeah it's ridiculously fast and like when I first did it I was like ok let's see how long this takes and then I was like oh wait it's done yeah ok so unlike a lot of services like email for instance this is a very easy migration effort yeah on your part to go to bitte warten and again because it's open source because they've had so much security testing like we talked about in my video that's why you want to go to bit work yes exactly bit wardens so is so fast so easy and the migration is just as easy and everything so yeah definitely if you want to learn more about like the values of bit warden you definitely need to go check out the video at dusk eeks or youtube.com slash test geek and we got a couple more things we're gonna talk about here one we're gonna talk about the password generator so we have a bad for dinner for all of their apps so for example here we're going to show you this password generator here on the wait a minute Michael I'll never remember that password it's too long so you're not wrong but you don't have to warden saves the password nice there you go there's also a password when you do is click to use it it will do a drop down that says you want to save this login once you login that is very useful but not always consistent not always they're not always the efficient that's true for every single password manager absolutely it's better to just create the password copy it and then go to the add new when you're like on the page so you click add a log in and then paste it here cuz that will guarantee it will be there because I have generated a password and then not thought about creating yeah a manual entry for it and then I go and copy something else and I lose that generated password and now I have to go through Recovery Options so make sure you go as soon as you do the generation and create a login item for that login and what's cool about that generation is it allows you to set how many digits set the you know different parameters if you want special characters all of us right it's definitely what it's definitely useful right there and I think the the really cool about the the generation is that it is so customizable but we do need to make sure you your we're clear about the fact that it's probably easier to just manually put it in just in the sense that you can guarantee it's there but when you're going to generator right here and you can see it's already got a new password and you can also regenerate a password as much as you want then there's also not only just passwords you can regenerate past phrases which are just random a bunch of letters combined with a dash or whatever separator you want to use you can use basically any separate if you want to and now we're gonna go back to the passwords real quick we'll come back to the passphrase in a second but with a password I like to make the password length ridiculous now you can make it is upward to 128 characters and that might be a bit excessive but you know somewhere around 32 to 60 or something like that it's not me that ridiculous but here's the best part as you pointed out earlier there's no way to remember I wouldn't be able remember the 14 by default that they come with cuz they they come with 14 my brain is a quantum computer I remember that any day of the week but most humans yes you're right good point yeah I forgot about that about that feature you have so so we're gonna go up to the wonderful 42 as the one we're gonna do and you're gonna regenerate that password so that is a ridiculously long password but you don't have it doesn't matter because password managers are the whole purpose is that they will remember for you so you don't have to if you remember your master password and that is so I would also suggest adding symbols in here so you shouldn't there's one of the things that some passwords will like some websites I hate it when they have a row minimum requirement of certain things because that lowers the randomness of it so anytime there's a website if you if you run a website and you have you kept okay yeah if you have passwords on your website and you have any stipulations of how a password should be stopped it you can the only thing you should do is say don't have a four digit password or four character password have at least like a tell them to have at least eight characters but beyond that don't limit anything else like don't say you need this many numbers or a minimum amount of this many special characters and also don't don't tell me what special characters I should have don't specify the special courier anytime you put specifications you are lowering the randomness and lowering the security of what those traffic alerts can be so don't do that anyway so what you should do is always have a minimum one of all these things and then let whatever random this gonna happen is gonna happen yeah and so that's why I have it set here to be all these checked and then one on one so the by default the symbols are not checked you definitely check them because it will add a ton of extra security in those kept in those passwords well this makes it really hard for me to share my password with my friends good oh there is an M and there is an option to actually share your account and your passwords if you want to like with your Y for sure you know spouse whatever and not even just for logging in like it doesn't have to be a log in thing it can be a it could be a thing where you're setting up where you can just share access to an individual password and they have as an option in bit warden we're not going to share I'm not going to show that as a demonstration option because don't do that just you should probably not you should probably not share passwords just because if they unless you have a guarantee that they need to log in to your password for some reason send it over signal or something which is be honest is sixty percent divorce rate plus yeah I never know what I'm pretty don't share all of you personally yeah so you know there's things can happen right you know it's just better not to do that good luck to you signal is as a much better option because signal will allow you to have secure messages and you can send passwords over signal if you need to but that's also meaning that you guarantee that that's that person you're sending it to it is that person because you should be verifying when you connect someone else ignol and that way you know that that stuff is encrypted whereas some people would use the sharing passwords through like there's a sharing feature what's that that would be secure that would be a terrible choice it's not that no so don't use any of those things don't use email definitely don't use email even if you have protonmail it's just better because you know the person you're sending to probably doesn't or maybe doesn't so it's just better to have you know something you know a year yeah do you know is secure and signals a good option for that we could talk about signal on a future collaborate collaborations like that yeah so let's move on to the next feature and that is the past phrases so past phrases are the same kind of thing I'd like to have a lot of ridiculous words like I always have ridiculously long password blocks before are using sentences and pass phrases in place of passwords because you can create very complex passwords what with a sentence that you can remember but of course bit warden you don't have to but there may be some cases for instance you're not going to get bit warden on your PlayStation right your PlayStation 4 but you may have a Sony login so in that case you may want to use a long sentence like this and let bit more generate it for you and then what you can do is it would be much easier for you to remember that sentence or type it in or of course you could pull up it warden on your phone or any device and manually type it that way but sometimes people find sentences to be more helpful yeah and the best that's a great great point that's why I wanted to cover the passphrase is because the the idea that people can remember those gibberish things are impossible right but it is possible to remember these past phrases because it's just the random words in a string separated by - I chose to ask also capitalized everything because it just gives it better you know less likelihood of algorithm they're gonna be the extra character change it's good not anymore because now we know well I'm not using this particular oh okay darn it yeah over this particular account I did we get to point that out where we both use pack a bit warden but naturally when you talk about a mega video this demonstrating bit warden it's better not to use your own acara look at all my complex password you see exactly no one would ever come up with these but yeah this is a cut this is a demo accounting that we built just for this purpose and anyway so you can see dueling husband Lisp retract retrial trodden Cupid jackknife like they're all just random words in a sequence and that's what makes them important is that they're random if you have a beanie if you have us just a regular sentence there's some gonna be some randomness there but there's going to be also consistency like the and those kinds of things whereas this is just completely random words thrown together in a string and that's the best way to do a passphrase and as you said that it is a lot it would be better to checks that include number option because what's gonna happen is the dictionaries they're used for brute-force attacks that are guessing passwords they're now going to have to add numbers into that it makes it far more difficult so you could include numbers and maybe again if this is something you need to not have a bit warden that you need to memorize you don't need 14 words the more you can remember the better but yeah Michael went a little crazy here well I okay sure yeah yeah it's a little bit over the top you don't need to do that many you could go with 9 sure there you go like how idiocy is one of the nine is it try to tell us if not maybe maybe yeah maybe they were saying 14 is too much man yeah exactly idiot but yeah that you can see it only adds one number so you don't have to remember the ton of number if you just number that one and it just puts it randomly in some place so completely throw off brute-force dictionary attack yeah exactly so I capitalized include number whatever amount of words you want but we're going to move on to the last feature of this video and that's the one passwords or teach TOTP timed 1-1 okay so we're moving on to totp apparently as timed one-time passwords wait what why would it be timed one time that seems weird because it rotates and changes there a couple seconds good point it's young but it's just badly tonight maybe they need to work on their marketing no it's an industry standard everybody uses totp the industry doesn't work on their marketing alright so for Tod P I'll show you here in app what you can see here is that the totp line item now has a camera right next to it in the app now normally you would click on that and you'd have a QR code when you go into let's say paint pal and you set up that you want to factor authentication through totp you're gonna have a QR code that's going to show up that you're going to scan so on this app you see the little camera symbol you click that it's gonna open your camera you're going to scan it that's gonna give you that Authenticator key that's going to rotate and change every few seconds to a different password and then basically when you would go to log into PayPal you would use your long complex password bit more than set for you then it would ask you for the totp you would open up this app and it would keep rotating that key just like if you're using something like Aussie or anything else would do which rotates that password but you have it all there contained within bit Morgan right and also to clarify this is for the premium version of it warden but it's a very cheap price ridiculously cheap we talked about it more in your video yep so you can learn all the different features that you get with the premium version this just happens to be one of them there are actually quite a few I think you bikies also on the premiums okay so go check out his video at youtube.com slash toski to check out all the different features of the premium versus the free and there's also an enterprise we talked about that too so yeah this is pretty much all of the features that we're gonna cover on this video if you have any requests for more in depth demonstrations of certain things feel free to leave a comment below but this bit warden is a fantastic application and it is also kind of complex in some cases so if you do have any issues please let us know we'd love to help you and you can also go to the destination Linux dot network forum where you go to discourse destination X dot Network and there you can ask all your Elva questions there's actually gonna be a thread for this video for both of our videos on the forum so if you are interested in that you can go there and ask any questions that you want and we will be happy to answer either in the comments or on the YouTube on the YouTube forum the discourse forum for destination Linux because we were there all the time and that's actually the best place to find us is going to the desk that discourse forum on destination links Network and yeah so if you would like to have us do some more content about bit warden or if you wanted to see more of our collaborations be sure to subscribe to both of our channels you can see that you can find the button below for my channel obviously and if you wanna check out more duskie go to youtube.com/scishow ski or duskie community.com you better smash that like button yes exactly and fill your brains yeah do that too [Music] [Applause] [Music] [Applause] you [Music]
Info
Channel: Michael Tunnell
Views: 46,538
Rating: undefined out of 5
Keywords: bitwarden, open source, passwords, linux, password manager, passwords made simple, keep track of passwords easily, LastPass, lastpass alternative, KeePass, KeePassXC, 1Password, Dashlane, RoboForm, Enpass, Firefox, Chrome, Opera, Vivaldi, password managers, best password manager, free password manager, password manager app, password security, free software, two factor authentication, how to, password management, Windows, MacOS, Mac, iOS, Android, iPhone, chromium, ubuntu, linux mint, F-Secure, passbolt
Id: 5t22YIeUTKE
Channel Id: undefined
Length: 29min 7sec (1747 seconds)
Published: Fri Oct 11 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.