![]() ![]() ![]() This will be brought to the web vault in a future release. Master password security checks: New users who create their accounts on mobile apps, browser extensions, and desktop apps can now check known data breaches for their prospective master password via HIBP. Existing accounts can manually increase this number. Increased default KDF iterations for PBKDF2: New Bitwarden accounts will use 600,000 KDF iterations for PBKDF2, as recommended by OWASP. : Argon2 is supported by Bitwarden clients version 2023.2.0 and later, and switching to Argon2 via the web vault could mean other clients will not be able to load your vault until they’re updated, typically within a week after release. Mobile - Change language in-app: Users can change the language in the Bitwarden mobile app to differ from the language set on their device OS. IOS - Choose Bitwarden for verification codes: Users on iOS 16 can now set Bitwarden as their default application for storing verification codes when scanned codes directly from the camera app. See here.īrowser Extension - Improved notification bars: Notification bars for adding undetected items to your vault now have more intuitive workflows for users subject to the Remove individual vault policy. This rule will be enforced for new Bitwarden accounts and for any users that change their master password.Īctivate auto-fill policy: For Enterprise organizations, the Activate auto-fill policy will automatically turn on auto-fill on page load for new and existing members of your organization. Master password length requirement: Master passwords must now be at least 12 characters long. Master password security checks: Users can now check known data breaches for their prospective master password via Have I Been Pwned when creating an account or changing their master password on the web vault. Browser extensions will also warn users about untrusted iframes when manually auto-filling, using the context menu, or using keyboard shortcuts, and will warn users when auto-filling HTTP sites that expect HTTPS based on that item's saved URI(s). See here.īrowser Extension - Improved auto-fill security: Browser extensions will now disallow auto-fill on page load for untrusted iframes. ![]() ), allowing users to skip the organization identifier step when using login with SSO. For a technical breakdown, see here.ĭomain verification: Organizations can verify ownership of domains (e.g. See here.īrowser extension - Improved form detection: The logic for form detection has been improved and bug reports addressed for the browser extension’s notification bar. As an additional measure, we recommend using the new option to require a master password on app start. See here.ĭesktop - Windows Hello security improvements: A vulnerability related to Windows Hello and Windows Credential Manager has been addressed. See here.ĭesktop - New biometrics options: You can now choose whether to require a master password on app start or allow biometrics on launch. Vault timeout policy update: The vault timeout policy now provides the option to designate vault timeout actions. Master password requirements policy update: If enabled, the master password requirements policy can now be set to prompt pre-existing non-compliant users to update their master passwords. Improved reseller billing: Bitwarden resellers will now be the only entities with access to see billing, subscription, or payment information for their customer organizations. Learn how to get started with Splunk here. Splunk integration: Bitwarden organizations can now use self-hosted Splunk Enterprise for security information and event management (SIEM). Low KDF alert: A new alert will appear in the web app when a user's KDF iterations are lower than industry recommendations, currently 600,000 iterations. Self-hosting - Clarification to language around server licensing: There is a grace period of 60 days to upload a new license to replace an expired one. Secrets Manager - Create project during secret creation: You can now create a new project in the secret creation menu. Password Manager - Improved auto-fill for German HTML: German-language HTML fields are now available for auto-fill. Users of these operating systems may download a 2023.4.0 desktop app here and must disable automatic updates (learn more here). We recommend upgrading to a supported operating system, as old client versions are not guaranteed to be supported by Bitwarden cloud servers long-term and may present security risks to you in the future.Įnvironment selector: The workflow for connecting Bitwarden apps to self-hosted servers was improved. Beginning with the 2023.5.0 release, Password Manager desktop apps will no longer support Windows 8.1 and older or Windows Server 2012 and older. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |