Original Post - https://libredd.it/r/Bitwarden/comments/ms38ob/psa_bitwarden_vault_attacks/
I have seen at least three posts this week involving Bitwarden accounts.
Folks,
Do not reuse passwords...EVER.
ESPECIALLY do not reuse an existing password for your master password.
Consider creating a NEW email account for your important correspondence (banks, utilities, credit cards). Use this email for your Bitwarden account. Go ahead and use existing email for Facebook, personal correspondence, and websites that might share your information.
Pick a strong password for your master password. I use the Bitwarden passphrase generator with three words, a numeral, and punctuation, which yields over 40 bits of entropy.
Set up 2FA for both your new secure email and the Bitwarden account.
Secure your master password and 2FA recovery data externally. It could be a slip of paper with your vehicle title, birth certificate, and will. Backups are important!
Sign up at haveibeenpwned.com.
Use the online tools at Bitwarden.com to review and change exposed or reused passwords.
Bad actors have seized on the expanded popularity of Bitwarden and are attacking vaults with credentials from existing dumps of email/password pairs.
You must log in or register to comment.
I’ll state the obvious, you should never use your Bitwarden vault password anywhere else, and also use 2FA for it. You don’t want Bitwarden itself to be your weakest link, considering it literally holds the keys to your entire digital kingdom.
