1. 14
  1. 13

    What a misleading title :) I thought this would be a code review of the password manager software itself.

    1. 1

      Oh, that’s a good point, I hadn’t considered that people would interpret the title as a Bitwarden code review. You’re absolutely right, it is misleading so I’ve updated the title, thank you for the feedback.

    2. 3

      I recently did a similar review of my KeePassXC password database. Since KeePassXC doesn’t have auditing tools like the Bitwarden ones used in the article, here’s how I audited:

      Reused passwords and weak passwords

      I right-clicked the Password column and unchecked Hide Passwords. Then I left-clicked the Password column to sort by password and scanned down the list. Reused passwords showed as identical adjacent entries.

      Exposed passwords

      I manually pasted the email addresses I use into https://haveibeenpwned.com/.

      1. 0

        Little more manual, but not by much and still the same result. Nice work and thanks for sharing as a I know A LOT of people use KeePass, myself included (for work).

      2. 1

        Looks interesting. Is there a similar app that can check passwords stored in pass?

        1. 3

          gopass has an audit feature.

            Detected a shared secret for:
            Password is empty or all whitespace:
            Password is mangled, but too common / from a dictionary:
            Password is too short:
            Password is too systematic:
          1. 1

            Perfect! Exactly what I was looking for :)

          2. 0

            Not sure, as I’ve never used Pass. However, if it has an export feature, you could do that and pivot the data in something like Excel.