#bitwarden currently #2 trending on Mastodon.

Discussion on Hacker News: https://news.ycombinator.com/item?id=41893994

Hello! Is there any good FOSS Bitwarden Android app with Material You design? The official one is very ugly and laggy.

Upd: In latest updates native Bitwarden Android app is pretty good.

cross-posted from: https://lemm.ee/post/33197502

The ports 80 and 443 are already used by Adguard Home. I didnt find any way to change those ports for Bitwarden.

cross-posted from: https://sh.itjust.works/post/15450542

Going native: The future of the Bitwarden mobile app

Highly requested by the Bitwarden community, the new inline auto-fill menu greatly enhances the user experience, enabling users to fill login credentials faster than ever.

Hi everyone. I just noticed something odd. I believe, if I'm not mistaken, that I used to have Bitwarden's Vault as a Progressive Web App installed here on my system in the past, which I have since remove.

Today, though, I decided to reinstall it. So I opened up Bitwarden's website and sure enough, for my convenience, there was an “Install” icon on the address bar.

However! That seemed to have installed the Main Page, and not the vault page itself.

If I click “Login”, it will only open a new web browser tap to a login page, despite the fact that I'm already logged in.

Then I thought, fair enough, the “[Install](https://support.google.com

Hi mate,

I'm interested to know if it is possible to use a family plan in a self hosted Bitwarden instance.

Thanks

After spending all day setting up Bitwarden I ran into a roadblock getting the iOS app to work with it. I get an SSL error because my cert doesn't have the EKU value they want. I use OPNsense for my CA, and it doesn't have the ability to generate this value on a cert as far as I can tell. I really don't want to stand up another CA just to get this one app working. It's the only thing I've found a hard block on with using my internal CA in all my years of homelabbing.

The hilarious thing is that Safari on the same device will connect to my Bitwarden website with no issue - it thinks the cert is fine. Way to go, Apple.

This is mostly just a rant against Apple, but it would be nice if Bitwarden could bypass this by allowing you to trust your own cert inside the iOS app so you're not beholden to Apple's stupid requirements.

The fact that BW is open-source allowing the ability to self-host is a very awesome and unique feature. The fact that Dani Garcia ported the code and allowed you to host vaultwarden on a low-power device like a Pi or a small VPS is even more awesome. The fact that they both made it easy to install and run the service with Docker etc., and that there are a lot of guides on how to set the whole thing up is super awesome. You can play around, learn some things, and get control of your own data. It's all awesome. But none of that is a security feature.

BW started as a tool for enthusiasts, people who probably can review and compile source code, set up a server, and run services securely -- seasoned c/[email protected] folks. Maybe in their hands, a self-hosted instance of BW can come close to the security provided by the official service. If they are experts in the field, maybe they can make it even more secure. Maybe.

For mo

https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.

Details here: https://hackerone.com/reports/1874155

(shamelessly stolen from reddit)

Field value is linked to the item’s Username or Password. Given the right field name, Linked custom fields can be used to solve issues where your Browser Extension can’t auto-fill usernames and passwords for a particular site (learn more).

• Vault Timeout Policy: The Vault Timeout policy will apply a maximum Vault timeout duration for all members of your Organization (see here for details).
• Disable Personal Vault Export Policy: The Disable Personal Vault Export policy will prohibit non-Owner/non-Admin members of your Organization from exporting private Vault data (see here for details).
• Auto-scale Organization Seats: Teams and Enterprise Organizations will automatically scale up user seats as new users are invited. Organizations can set a limit on scaling to prevent the seat count from exceeding a specified number (see here for details).
• Custom Role - Improved Collection Permissions: Collection-management permissions for the Custom role have been expanded to include granular controls over whether the user can create, edit, or delete assigned or all Collections (see here for details).
• Admin Password Reset - Update Password after Reset: Passwords reset by an Admin must now be updated by the u