|
|
|
|
|
|
by ViViDboarder
2153 days ago
|
|
|
I may be a little off in my description, but I believe that the Bitwarden server never sees your password. The client sends a derived key to authorize your access to the vault and then your password is used on the client side to decrypt the vault. It all depends on the risk you’re trying to mitigate. A MITTM or a server attack won’t be able to gain access to your passwords, even if they intercept the data. A user with knowledge of your password or a key logged on your client could. However in either of those cases, you’re not protected all that much by having two passwords as opposed to one long one. |
|
|