Setting up Bitwarden

Table of Contents

• Basic Concepts
• Create New Account
• Configure Biometric Authentication
• Configure Biometric Authentication for the Browser Plugin
• Adding a New Username/Password to the Vault
• Use the Password Generator
• Bitwarden Sends and Secure Secrets Sharing
• Troubleshooting

Basic Concepts

• Personal Vault: Each user has their own personal vault for the storing of passwords. Xenter IT does not have access to your personal vault. We can reset access to your account while you are part of the company but we cannot access your passwords. This is a security and privacy feature of Bitwarden.

• Corporate Vault: There is also a corporate vault for storing credentials that need to be shared amongst a team. Any account you need/want to share with other team members will be placed in the corporate vault under the collection for your department. I.e. A mechanical engineer would add the account to the engineering collection.

• Collections: Each internal department at Xenter has a corresponding collection in the corporate vault. Access to these collections is determined by department and role. For example, members of marketing should have access to the marketing collection and should add their shared passwords there.

• Sends: Bitwarden allows you to securely share files with anyone via the send feature. You can add text or upload a file (500 MB limit) and Bitwarden will create a link which you can share with anyone. You can then send the link to whoever and they will be able to open and view/download the text/file in their web browser.

• Browser Plugins: Bitwarden provides browser plugins for Firefox, Opera, and all Chrome based browsers. The browser plugin can be used to autofill website logins, add/edit username/password combos in the vault, and to also create sends.

• Desktop Integrations: Bitwarden provides a desktop app for those who don’t want to use the browser plugins. The app has the same options and features as the browser plugins, but also has additional support for logging in to Bitwarden using biometrics such as your fingerprint or by using facial recognition.

• Mobile Integrations: You can install the Bitwarden app on your phone and configure it to autofill websites and your mobile apps.

  • Android: Install the bitwarden app and then go to Settings > General Management > Passwords and autofill. Under autofill service, select Bitwarden.

  • iPhone: Install he bitwarden app and then go to Settings > Passwords > Password Options. Enable Autofill Passwords and Passkeys and then select Bitwarden under Use Passwords and Passskeys from.

Create New Account

1. You will receive an invite to set up your bitwarden account in your work email. Click Join Organization Now to proceed.

   

   Invitation

2. Once you click on the link, you should be presented with the option to create sign in or create a new account. Choose the option to Create account.

   

   join_organization

3. On the create account page, fill in the fields appropriately. You must choose a master password that is longer than 10 characters and has at least 1 uppercase, 1 lowercase, and 1 number. I recommend choosing a long but easy for you to remember password. Generally speaking, the longer the password the more secure. You will only need to remember this one password which is used to unlock the vault and access the rest of your passwords.

   

   create_account

4. Once the account has been created, an admin must approve you. Contact the IT team and request someone to approve your new account.

Configure Biometric Authentication

1. Install the Bitwarden desktop client.

2. Login to the Bitwarden desktop client.

3. Go to File > Settings. Enable the following options and then click close:

   • Vault Timeout: Custom = 8 hours
   • Vault Timeout Action: Lock
   • Check the box to enable Unlock with Windows Hello.
   • Check the box to enable Ask for Windows Hello on app start.
   • Check the box to enable Show tray icon.
   • Check the box to enable Minimize to tray icon.
   • Check the box to enable Close to tray icon.
   • Check the box to enable Start to tray icon.
   • Check the box to enable Start automatically on login.
   • Check the box to enable Allow browser integration.
   • Do not check Require verification for browser integration.

4. Reboot your computer and open the Bitwarden desktop app.

Configure Biometric Authentication for the Browser Plugin

1. Follow the steps in Configure Biometric Authentication. Make sure that you can successfully open the Bitwarden desktop app using your biometrics before proceeding to the next steps.

2. Install the Bitwarden browser plugin.

3. Open your browser and go to your list of extensions.

   • If using a chrome based browser: Find Bitwarden and open its extension settings and enable Allow access to file URLs.
   • If using Firefox: Find Bitwarden and open its extension settings and enable the permission to Exchange messages with programs other than Firefox.

4. Now open the Bitwarden plugin and login to it.

5. Go to settings and check the boxes to Unlock with Biometrics. A Windows Hello prompt should be displayed asking for your fingerprint or facial recognition.

6. Also check the box for Ask for biometrics on launch. Another Windows Hello prompt will be displayed asking for your fingerprint or facial recognition.

7. Restart the web browser and then open Bitwarden. It should have an option to sign in using Windows Hello now.

8. Now you should be prompted to scan your fingerprint each time you open your browser and this will unlock the password vault!

Adding a New Username/Password to the Vault

First, decide if the account is a personal or corporate account. It is a corporate account if its shared amongst your team or is a password that must stay with the company if you were to ever leave for some reason.

1. In the Bitwarden browser plugin or desktop app, click the + icon to add a new item to the vault.

2. Select Login for the type.

3. Give it a descriptive and logical name that makes it easy to search for.

4. Add the username and password to the corresponding fields.

5. If the account has 2 factor authentication setup (2FA), then you can copy the secret key into the Authenticator key (TOTP) field.

6. Add the login page URL to URI 1.

7. Under ownership, select your work email if its a personal password. If its a corporate owned password, then select Xenter. If you select Xenter as the owner, then you must also assign it to a collection too.

8. Click save.

Use the Password Generator

Bitwarden includes a password generator so that you can create very secure passwords quickly. Since these passwords are stored in the vault, they can long and random since you no longer have to remember them. It’s recommended to use 20 characters at a minimum when creating your passwords.

Password Generator in the Bitwarden App

1. Open the Bitwarden App.

2. Click on the + icon to add a new login. Next to Password, click on the 🗘 icon.

3. You can also choose between a password and a passphrase. The difference being that a passphrase is a series of random words.

4. Expand options and choose the password length. (Or the number of words if you chose passphrase instead of password.)

5. You can copy and past the password or you can save it by clicking on the checkmark button.

Password Generator in the Bitwarden Browser Plugin

1. Open the Bitwarden browser plugin.

2. Click on Generator in the bottom navigation bar.

3. Choose if you want a password or passphrase.

4. Choose the password length. (Or the number of words if you chose passphrase instead of password.)

5. You can copy and paste the generated password as needed.

Bitwarden Sends and Secure Secrets Sharing

Bitwarden has a feature called sends that allows you to securely share files or text messages (max of 1,000 characters) via a link.

Bitwarden Sends Via the App

1. Open the Bitwarden App.

2. Click on Send in the bottom left corner.

3. Click the + icon to create a send.

4. Choose a name for the send. Note that anyone with the link will be able to see the name.

5. Upload your file or add the text message.

6. Expand options and configure to your needs.

7. When you are done, click on the 💾 icon to save.

8. In the list of sends, click on the send you created and then click on ⧉ to copy the share link.

9. You can now share the link via email, SMS, or some other way. Anyone with the link will be able to access the file/text.

Bitwarden Sends Via the Browser Plugin

1. Open the browser plugin.

2. Click on Send in the bottom navigation bar.

3. Click the + icon to create a send.

4. Choose a name for the send. Note that anyone with the link will be able to see the name.

5. Upload your file or add the text message.

6. Expand options and configure to your needs.

7. When you are done, click on the 💾 icon to save.

8. In the list of sends, click on the send you created and then click on ⧉ to copy the share link.

9. You can now share the link via email, SMS, or some other way. Anyone with the link will be able to access the file/text.

Troubleshooting

1. Issue: You try to login using single sign on (SSO) and see the below error message:

   

   error_sso

   Solution: An administrator must confirm your account in Bitwarden before you can login using SSO.

2. Issue: You try to setup a new account using the email invitation but it asks you to login with your master password or SSO.

   

   error_expired_invite

   Solution: The email invitation link has expired and an admin will need to resend your invitation.