Bitwarden contains multitudes

Bitwarden has addons, apps, and a website. You can get all your passwords and such from any of these places. The website is the only place you can do certain administrative tasks, though. Regardless let me walk you through settings some of this stuff up.

I’m not gonna talk about the website of the IOS and Android apps. Just install the app and the website… is there.

Addons

I provided a link to the firefox addon and the chrome addon above. If you aren’t able to install them there (the link is dead) go to the firefox or chrome extension thing and look it up. Or Notify me (che) and I’ll help ye out.

One thing to note about this addon business is that by default both Chrome and Firefox don’t allow addons in private tabs. To enable this follow the steps below:

Firefox

  • Click the three little bars in the top right corner.
  • Select “Addons and Themes”
  • Select the three little dots next to Bitwarden and hit “Manage”
  • There should be a toggle that allows it in private mode.

Chrome

  • Hit the three little dots in the top right corner.
  • Select “More tools” then go “Extensions”
  • Select “Details” under bitwardens little card thing.
  • Then toggle the “Allow in incognito”

Desktop app

Bitwarden also comes with a desktop app. I highly recommend not installing this. It is not very secure and you can already get stuff through the browser.

Why is the desktop app insecure?

The desktop app is made with a thing called Electron. Electron is a vary very popular way to make destkop apps. The way it works is by having a full browser (chrome) bundled and you (as the developer) just write your app in html/css/javascript like a regular website. So say you’re slack. You wrote a very nice website with a whole bunch of features and such. Instead of having to hire three teams of developers one for each of Windows, Mac, and Linux you just hire a couple extra people to deal with the fine points of ELectron and BAMO your whole html codebase now just runs on everyones computer.

What’s wrong with that?

Browsers are super complex and they grew up in the most hostile environment I can think of: Downloading arbitrary code from god knows where and running that on your computer. Electron handles that enormous complexity and years of security stuff very poorly and mostly relies on the fact that random internet code should not run on your app for most of your security. Actually, Electron goes out of it’s way to disable a bunch of security features the browser had on by default.

Usually I wouldn’t be too too worried. Some security people I respect just straight up refuse to run any Electron apps on their computer. I am of the opinion that a lil Discord and Slack is fine in moderation. But not all of your passwords.

Also Electron tends to be really bloated and slow and like… I’ll just use the browser it’s fine.