Password Managers - Bitwarden
Bitwarden is free and open source cross platform cloud based password manager available as a browser extension, a desktop, mobile application and command line interface.
Permissions
Mobile
The mobile app requires access to the network, notifications, camera and sensors.
Extension
The extension requires access read and write access to the clipboard, access to browser tabs / activity during navigation, data for all websites, notification display and optional messages exchanges with with programs other than the browser.
Account creation
Users creating their account have to choose their geographical region between bitwarden.com or bitwarden.eu, enter their email address, choose a master password using the generator, set up an optional hint and a PIN. Their vault is then automatically created using AES-256 bits for encryption and PBKDF2-SHA-256 with 600000 iterations for key derivation. Users may change their key derivation to Argon2id and change the number of iterations, memory usage and parallelism on the security page of the web app.
Authentication
They can also add multifactor authentification using email, the authenticator app, passkeys or physical keys.
Add Entry
Once logged in users can now add new entries by adding the items details: name and folder; credentials: username, password or passphrase, authenticator key; autofill options: website URI and additional options: notes.
Templates
Or use custom entries types for credit/debit card, ID card, notes, SSH keys.
Password & Passphrase generation
Passwords or passphrase should be generated using the application builtin functionalities.
Passwords
By default generated passwords have 14 characters A-Z a-z 0-9 and a least 1 number. The minimal length is 5, a maximum of 128, can be extended with !@#$%^&* with a minimal number of numbers and special characters while avoiding ambiguous characters.
Passphrases
Passphrases have 3 (mobile app) or 6 (web, extension, desktop) dash-separated lowercase words from the EFF large word-list. The minimal length is 3, a maximum of 20, words can have others separators, be capitalized or include a number.
Form filling
Desktop / Web
Clipboard
User can copy and paste their credentials using the desktop and web app.
Extension
Autofill
Or use the autofill functionality of the extension.
Mobile App
Clipboard
Users should be careful when copying data from an entry. The clipboard is shared will all apps and despite a timeout of 20 seconds may not erase itself correctly on some devices.
Autofill
They could use the autofill service to fill forms. Before first use it needs to be enabled in the application settings and in the operating system settings sub-menu passwords, passkeys and account. Once set up users should see a popup appear for entry selection in apps and website with a corresponding entry.
Application Timeout
To avoid letting the application opened when unused it will lock itself when inactive; 15 minutes for the web and mobile and on restart for the extension and the desktop app.
Syncing
Synchronization is built-in features making it easy to sync vaults between devices.