But anyone who listens to SN will agree - Bitwarden needs to come up with a way to prompt users to make this change on the client side. Happening automatically would be ideal, but if not a simple reminder popup would be better than nothing.
Thanks to a tip I heard listening to an episode of Security Now on Twit.tv, I learned you can increase the KDF iterations to 2,000,000. I did this a month ago or so and can’t tell the difference on any of my devices.
Once I figure how to test the speed, I plan on seeing how well my Chromebook tablet can handle Argon2. I think it’s the slowest machine I have with browser extensions right now. I recently had to log in to my vault, and it hung for a good while.
Just spent some time helping get my father setup with Bitwarden. They have been using simple passwords for far too long and I truly think 2fa is the only thing keeping their accounts secure. One thing I am hopeful is that bit warden will make some drastic improvements to their auto-fill and automatic password generation features. Lastpass did have this down pat, it could tell when you were on a site it knew or didn’t know, and offer to generate a new password and automatically save it.
Regardless it’s nice at the end of it all, even with the frustration of changing everything, to know everything is more secure. Be patient with the parents, they can be taught
Can you please ask for Steve’s comment on these default values. Should we adjust any of these, or are they fine as is? I believe I saw something saying that going above 128MB for KDF Memory might cause problems on iOS.
Thanks! I’m sure I’m overthinking this but after having to cope with the reality that 600 of my passwords, my drivers license number and credit card info are all in the hands of… who the frack knows!.. I just really want to be careful. I’d greatly appreciate hearing Mr. S. Tiberius Gibson’s thoughts on the defaults.