Secure Your Devices

Cloud-based and local password managers both have their advantages and disadvantages. While local storage is considered more secure because the data stays on your device, it can complicate syncing between multiple devices.

On the other hand, with cloud-based password managers, data is encrypted and stored on highly secure servers. This makes it convenient to use passwords on different devices because the data can be synced automatically online.

Password managers that work properly and are authenticated do not see your passwords.

Your passwords are encrypted before they are stored on their servers, which means it is impossible for them to look at your passwords. Some password managers also offer the ability to store data locally on your device, which is useful for those who are not yet fully convinced of the security of a password manager.

Google's password manager is a convenient tool that's directly integrated into Chrome and other Google services. Passwords are encrypted on Google's servers, but the company uses its own encryption system. That means it can theoretically access your stored passwords - for example, by legal order.

In addition, if there is a successful cyberattack on your Google account (for example, through phishing or a weak password), the attacker can also gain access to your Password Manager. This is because it is closely linked to your Google account and protected by the same login credentials (which is why it is very important to have an account protected by multi-factor authentication).

In contrast, tools like Bitwarden work on the principle of end-to-end encryption. Your passwords are encrypted before they leave your device, and only your master password is the key to decrypting them. Bitwarden doesn't know or store this key - so even the service provider can't access your data.

This has one big advantage: your privacy is better protected. But there's also a downside - if you forget your master password, no one will restore access to your account.

The secret of strong passwords lies in the combination of memorable words. Such passwords are known as phrasal passwords (e.g. BUM!tear4violetswithTNT) and would take several million years to crack.

A secure password should therefore contain: at least 12 characters, numbers, capital letters and special symbols (e.g. characters, punctuation marks). It can be based on part of a poem, a scene you see on your way to work, or perhaps a childhood memory.

It is not advisable to use passwords that contain easily available information such as your child's name or date of birth. It is also not advisable to place numbers or special symbols in passwords in predictable positions, such as a number at the end of a line or replacing the letter O with 0. You can learn more about passwords in the Cybercompass course. 

To use Bitwarden as the default autofill password manager on your iPhone or iPad, follow these steps.

Here you will find instructions on how to import passwords from the browser you are using into the Bitwarden password manager.

To import passwords from your MacBook into Bitwarden, follow these steps.

Instructions for Bitwarden:

Open the Bitwarden extension.
Click on Settings.
Then click on Autofill.
Check the Set Bitwarden as default password manager option.

The activation of multi-factor authentication is slightly different. You can activate it directly in the IS MU. In doubts, follow this guide.

Connecting via a VPN is generally more secure, especially on public Wi-Fi networks (e.g. cafes, airports, hotels). A VPN encrypts your internet connection, which means:

• Whoever manages the Wi-Fi network doesn't see your activity or your actual IP address, only the IP address of the VPN server you're connecting through.
• Your data is protected in transit (e.g. login details, pages visited).

However:

• Your VPN service sees what you do online because your data passes through its servers. This includes, for example, the domain of the site you are connecting to and connection times.
  If you're on a website that has HTTPS, the content of your communication is encrypted (e.g., entering your Facebook login credentials or messaging via Messenger) and the VPN provider can't see it, but still has access to metadata (e.g., connection time, session length, domains visited).
• This is why it is important to use a trusted VPN with a clear privacy policy, e.g. "no-logs" (no history logging). A VPN increases security, but you have to trust it because your data passes through its infrastructure.

If you have forgotten your master password, it is very likely that you will no longer be able to access your account. However, there are several ways that may help you remember your master password or at least log in to your Bitwarden account (for example, from another device).

The following excerpt is copied from the Bitwarden website (https://bitwarden.com/help/forgot-master-password/).

Bitwarden operates with zero-knowledge encryption. This means that Bitwarden has zero knowledge of, way to retrieve, or way to reset your master password. There are, however, a few steps you can take to try to regain access to your account:

1. Check that you have the right server selected when you try to log in. Bitwarden data regions are separate, and your account only exists in the region where it was first created. Selecting your server is necessary before trying the following steps.

2. Try logging in on another device.

3. Get a master password hint. If you have one setup, a hint will be emailed to your inbox when you interact with this page. If you don't have a hint setup, you'll get an email reporting this.

4. If you have emergency access enabled, contact your trusted emergency contact to regain read or takeover access to your account.

5. If your organization uses account recovery, reach out to your administrator to reset your master password.

6. If the browser you are using to access the web app is a known device (has been registered with Log in with Device), the account can be accessed on the web app.

7. If an encryption-enabled (PRF) Log in Passkey has been registered with your Bitwarden account, you can log in with that.

If none of these options get you access to your account, you will need to delete your account and start a new one:

⚠️ Warning: Deleting your account will delete all individually-owned items stored in it, this will include any saved attachments.
Before deleting your account, check to see if you are actively logged in to any Bitwarden mobile apps, browser extensions, or desktop apps. If you are, you should manually catalogue your data so that you can add it back in to the new account.

1. Navigate to vault.bitwarden.com/#/recover-delete or vault.bitwarden.eu/#/recover-delete.

2. Enter the email address associated with your account and select Submit.

3. In your inbox, open the email from Bitwarden and verify that you would like to delete the account.

If you’re having trouble using Bitwarden’s autofill feature on your Android device, even though the feature is enabled, follow these steps:

⚠️ Note: Menu names such as “System,” “Languages & input,” “Autofill,” etc., may vary slightly depending on your Android version or device brand—e.g., Samsung, Xiaomi, Motorola. In such cases, we recommend using your intuition to look for similar terms or searching for instructions specific to your device/brand.

1. Check if Bitwarden is set as the autofill service:

• Open your phone’s Settings.

• Go to: System > Languages & input > Autofill service
  (Alternatively: Settings > Privacy > Autofill service)

• Select Bitwarden as the default autofill service.

2. Enable "screen overlay" (overlay permission):

• Open: Settings > Apps > Bitwarden > Permissions / Special app access

• Find the option “Display over other apps” and turn it on.
  Bitwarden uses this feature to show the login selection popup.

3. Enable the "Use accessibility" feature:

• Open: Settings > Accessibility

• Find Bitwarden and enable accessibility access.

• Confirm all required permissions.

4. Check settings directly in the Bitwarden app:

• Open the Bitwarden app.

• Go to Settings > Auto-fill.

• Make sure all available options are enabled:

  • Auto-fill service 🔛

  • Enable Auto-fill on Page Load 🔛

  • Auto-fill on page load 🔛

5. Additional tips:

• Make sure you’re logged in and the vault is unlocked.

• If you're using a browser, avoid incognito mode.

• Try restarting or reinstalling the app.
  👉 We also recommend disabling password management in Google Chrome (or any browser you're using) to avoid conflicts.

If you're trying to log in to Bitwarden and receive an error message ("Incorrect master password") even though you're sure you're entering the correct credentials, the issue may be related to which server you're trying to log in to.

Bitwarden operates multiple servers — the most common are:

• bitwarden.com (Global)

• bitwarden.eu (Europe)

If you created your account during registration (see image below) on the bitwarden.eu server (rather than the default bitwarden.com), you must manually select the correct server when logging in via the web.

What to do:

On the login page, click the arrow next to the "Accessing" field.

Manually select "bitwarden.eu" instead of the default "bitwarden.com".

Once the correct server is selected, the login page’s web address will automatically change to:
🔗 https://vault.bitwarden.eu/#/login

If you're unsure which server you used to create your account, we recommend checking your registration confirmation email or looking in the app’s settings.