What a misleading title :) I thought this would be a code review of the password manager software itself.
Oh, that’s a good point, I hadn’t considered that people would interpret the title as a Bitwarden code review. You’re absolutely right, it is misleading so I’ve updated the title, thank you for the feedback.
I recently did a similar review of my KeePassXC password database. Since KeePassXC doesn’t have auditing tools like the Bitwarden ones used in the article, here’s how I audited:
I right-clicked the Password column and unchecked Hide Passwords. Then I left-clicked the Password column to sort by password and scanned down the list. Reused passwords showed as identical adjacent entries.
I manually pasted the email addresses I use into https://haveibeenpwned.com/.
Little more manual, but not by much and still the same result. Nice work and thanks for sharing as a I know A LOT of people use KeePass, myself included (for work).
Looks interesting. Is there a similar app that can check passwords stored in pass?
gopass has an audit feature.
Detected a shared secret for:
Password is empty or all whitespace:
Password is mangled, but too common / from a dictionary:
Password is too short:
Password is too systematic:
Perfect! Exactly what I was looking for :)
Not sure, as I’ve never used Pass. However, if it has an export feature, you could do that and pivot the data in something like Excel.