Skip to content

Commit

Permalink
Updates about Bitwarden directly from their team
Browse files Browse the repository at this point in the history 
* YubiKey is supported in iOS (NFC and Lighting) using Yubico OTP
* Self-hosted Bitwarden can reset user's 2fa without losing data
* 2fa can be enforced on the organization if Duo is used

Bitwarden says these are currently in development:

* Enterprise SAML SSO
* Admins can access other people's unshared credentials
* Lost master password recoverable in Enterprise without losing data
* Admins can reset user's passwords
  • Loading branch information
@jikamens
jikamens committed Dec 10, 2019
1 parent 57800e3 commit b263666
Showing 1 changed file with 12 additions and 10 deletions.
22 changes: 12 additions & 10 deletions password-manager-comparison.js
View file
Expand Up @@ -44,8 +44,8 @@ var passwordManagerTable = function() {
["YubiKey support in browser (Enterprise)", ["Enterprise", "YubiKey"], ["yes", "no", "yes", ["yes", "k"], "yes", "no", "no"], null],
["YubiKey support in browser (Personal)", ["Personal", "YubiKey"], ["yes", "no", "yes", ["yes", "k"], "yes", "no", "no"], null],
["YubiKey support in Android", ["Android", "YubiKey"], ["no", "no", ["yes", "n"],["yes", "k"], "no", "no", "no"], null],
["YubiKey support in iOS (NFC)", ["iOS", "YubiKey"], ["no", "no", "no", ["yes", "k"], "no", "no", "no"], null],
["YubiKey support in iOS (Lightning)", ["iOS", "YubiKey"], ["yes", "no", "no", ["yes", "k"], "yes", "no", "no"], null],
["YubiKey support in iOS (NFC)", ["iOS", "YubiKey"], ["no", "no", ["yes", "n"],["yes", "k"], "no", "no", "no"], null],
["YubiKey support in iOS (Lightning)", ["iOS", "YubiKey"], ["yes", "no", ["yes", "n"],["yes", "k"], "yes", "no", "no"], null],
["Saved password in Android, iOS", ["OR", "Android", "iOS"], ["yes", "yes", "yes", "yes", "yes", "yes", "yes"], null],
["Fingerprint login in Android, iOS", ["OR", "Android", "iOS"], ["yes", "yes", "yes", "yes", "yes", "yes", "yes"], null],
["Free synchronization across devices", [], ["yes", "yes", "yes", "yes", "yes", "yes", "no"], null],
Expand Down Expand Up @@ -82,14 +82,14 @@ var passwordManagerTable = function() {
["2FA integrated into login entries in vault", [], ["yes", "yes", "yes", "no", "yes", "no", "no"], null],
["Auto-fill in browser disabled by default", [], ["yes", "no", "yes", "no", "yes", "yes", "yes"], null],
["Auto-fill in browser can be disabled by preference", [], ["yes", "no", "yes", "yes", "yes", "yes", "yes"], null],
["Lost master password recoverable without losing data in Enterprise", ["Enterprise"], ["yes", ["yes", "l"], "no", "yes", "yes", "no", "no"], null],
["Lost 2fa recoverable without losing data in Enterprise", ["Enterprise"], ["yes", ["yes", "l"], "no", "yes", "yes", "yes", "no"], null],
["Admins can reset passwords", ["Enterprise"], ["yes", "yes", "no", "yes", ["no", "m"], "no", "no"], null],
["Admins can reset other people's 2fa", ["Enterprise"], ["yes", "no", "no", "yes", ["no", "m"], "yes", "no"], null],
["Admins can access other people's unshared credentials", ["Enterprise"], ["yes", "no", "no", "yes", "yes", "no", "no"], null],
["Lost master password recoverable without losing data in Enterprise", ["Enterprise"], ["yes", ["yes", "l"],["no", "p"],"yes", "yes", "no", "no"], null],
["Lost 2fa recoverable without losing data in Enterprise", ["Enterprise"], ["yes", ["yes", "l"],["no", "o"],"yes", "yes", "yes", "no"], null],
["Admins can reset passwords", ["Enterprise"], ["yes", "yes", ["no", "p"], "yes", ["no", "m"], "no", "no"], null],
["Admins can reset other people's 2fa", ["Enterprise"], ["yes", "no", ["no", "o"], "yes", ["no", "m"], "yes", "no"], null],
["Admins can access other people's unshared credentials", ["Enterprise"], ["yes", "no", ["no", "p"], "yes", "yes", "no", "no"], null],
["2fa can be enforced at the organization level", ["Enterprise"], ["yes", "no", ["no", "c"], "yes", "yes", "yes", "yes"], null],
["2fa can be audited at the organization level", ["Enterprise"], ["yes", "no", "yes", "yes", "yes", "no", "no"], null],
["Enterprise SAML single sign-on (SSO)", ["Enterprise"], ["no", "no", "no", "no", "yes", "no", "no"], null],
["Enterprise SAML single sign-on (SSO)", ["Enterprise"], ["no", "no", ["no", "p"], "no", "yes", "no", "no"], null],
["Exporting items on Linux", ["Linux"], [["poor", "j"], "no", "yes", "yes", "yes", "yes", "no"], null],
["Exporting items on Windows, macOS", ["OR", "Windows", "macOS"], ["yes", "yes", "yes", "yes", "yes", "yes", "yes"], null],
["App export includes attachments", [], ["no", "unknown", "no", "no", "no", "no", "yes"], null],
Expand All @@ -108,7 +108,7 @@ var passwordManagerTable = function() {
var notes = {
a: "CLI allows individual attachments to be exported. The user would have to write a script to iterate through and export all of them.",
b: "Attachments can be exported in Keepass format.",
c: "On the product roadmap, not yet implemented as of 2019-01-02.",
c: "Support for this directly within Bitwarden is on their product roadmap, but not yet implemented. However, you can do it today if you pay extra for Duo and use that for Bitwarden's 2fa.",
d: "You can share individual items or \"vaults\" (folders with distinct access control) between accounts, but there is no way to share the entire contents of one account with another. Alternatively, if you're a paying customer, the apps will remember multiple Keeper accounts and let you switch between them, which is better than nothing but not nearly as useful as being able to see your personal and work credentials at the same time.",
e: "In work profile apps Bitwarden might not pop up a dialog automatically inviting you to auto-fill, but it'll display a notification you can tap to do it.",
f: "Only on Windows.",
Expand All @@ -119,7 +119,9 @@ var passwordManagerTable = function() {
k: "LastPass's YubiKey support uses YubiCo's proprietary OTP protocol rather than the more secure U2F (a.k.a., FIDO2, WebAuthn) that the other password managers use. It's probably good enough, but this is nevertheless an important distinction.",
l: "You can use backup codes or your backup telephone number to recover from a lost 2fa device. If you didn't save backup codes and you didn't set up a recovery phone number or it has changed, then you may be out of luck, or you may be able to contact Dashlane support and ask them to disable your 2fa.",
m: "This functionality is on Keeper's roadmap and expected to be delivered early in 2020.",
n: "NFC-based YubiKey Neo confirmed. Unsure about direct USB (i.e. USB Type C) models. Bitwarden supports both the more secure U2F and the less secure Yubico OTP in the browser, but if you want to you want to use your YubiKey with Bitwarden on Android, you will have to use Yubico OTP there; Bitwarden does not yet support U2F on Android."
n: "Bitwarden supports both the more secure U2F and the less secure Yubico OTP in the browser, but if you want to you want to use your YubiKey with Bitwarden on Android or iOS, you will have to use Yubico OTP there. Bitwarden does not yet support U2F on Android or iOS, but it is in development.",
o: "Self-hosted enterprise customers can recover users from lost 2fa without losing data, but generally speaking I assume most customers will not self-host, so the answer in the grid here is for Bitwarden's cloud offering.",
p: "The Bitwarden team says this is currently in development.",
};

var dataTags = [];
Expand Down

5 comments on commit b263666

@leonardochaia
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I'm not sure where to ask this but

Self-hosted enterprise customers can recover users from lost 2fa without losing data, but generally speaking I assume most customers will not self-host, so the answer in the grid here is for Bitwarden's cloud offering.

It's my understanding that you can use a recovery code for this according to the docs despite of hosting?

@jikamens
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is talking about the case where the user didn't save recovery codes or saved them and then lost them. Yes, you can recover with a recovery code, that's the whole point of recovery codes. ;-)

@leonardochaia
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I see. so with LastPass an "organization" administrator can recover the account for a user, and this is something that Bitwarden does not provide correct?

Thank you for your reply.

@jikamens
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's correct.

@leonardochaia
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much sir, have a wonderful day.

Please sign in to comment.