iPhone Passwords app

I used Bitwarden before, but when iOS 18 came out with a password manager, I switched. This app is smooth and does everything I need from password management to 2FA. The only thing I need is to remember my Apple account, the other passwords are taken care of by that app.

I love Bitwarden and have been using it for a long time. Its value is open-source but I’m still afraid that one day their server gets hacked or their data gets breached like Lastpass. I am so confident in Apple’s security that I leave my account data here.

2 Likes

I’ve been using the built in password manager for a while but this one is a big upgrade for sure. I don’t think you need to worry about bitwarden getting hacked since it’s all e2ee, unless you use their web client.

4 Likes

yeah i know bro but I didn’t do self-host bitwarden. I do save passwords through their servers so that’s why I was afraid

So you’re trusting proprietary security more than open source software?

Well, you do you but the general advice is to always go with open source as they are vetted pieces of technology.

2 Likes

Read about E2EE.

1 Like

Thanks but what if bitwarden server got hacked, hacker got my info and they could decrypt it ?

I mean who could hack apple ? :thinking:

No. They would have to hack Bitwarden and serve you malicious JavaScript on their web app. Bitwarden themselves don’t have access to your data so an attacker that breaches their servers also doesn’t.

3 Likes

Thanks
What about 2FA
Which is da best option on iPhone ?

From Bitwardens docs:

Bitwarden uses AES-CBC 256-bit encryption for your vault data, and PBKDF2 SHA-256 or Argon2 to derive your encryption key.

Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data. For more information, see Storage.

AES-CBC
AES-CBC (cipher block chaining), used to encrypt vault data, is a standard in cryptography and used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.

TLDR; if your master password is strong, you are fine. If an attacker hacked birwarden servers, they would probably dump millions of accounts and yours blend in with everyone else. If someone wanted to crack your encrypted data, I’d imagine it would take a government level threat and decades before it gets decrypted.

As is a rite of passage, I have to post this obligatory comic.

security

6 Likes

Advanced Data Protection with 2 security keys

Passwords are E2EE with or without ADP.

2 Likes

Or so they claim

Perhaps you should learn of Pegasus

1 Like

If you backup your passwords on iCloud, you are also saving this data on someone else’s server. All you’ve done is shift trust from one entity to another. Arguably, I’d trust Bitwarden over iCloud any day if the threat model involves police or government agency. Otherwise, it’s probably a neutral move.

The point of E2EE is you don’t need to trust the server.

1 Like

Bitwarden wont protect you from Pegasus. They werent decrypting your data on Apple’s servers they were attacking your phone itself.

1 Like

Did they make it easier to export your passwords from the app? Previously to export your keychain it required a Mac and that’s part of the walled garden keeping you using their products because not everyone with an iPhone has access to a Mac.

Correct. Hence why I said it was probably a net neutral move for OP.

Yes, but 0zboy asked for 2FA. ADP is the best option for 2FA and additional protection.

1 Like