A password manager is great for remembering all your logins, but you still need to keep track of the details for logging into that password manager! Some items to keep tabs on include the account email address, master password, two-step login (2FA) details, recovery codes, and more. vaultwarden
Host your own password manager, Vaultwarden, securely and efficiently. Install Vaultwarden as a Docker container and secure it with Fail2Ban.
Advanced Password Generator
It is a program for creation the passwords. Its advantages are:
- Creation of euphonic passwords - there is no other programmes with such feature.
- Random and keyword-based passwords.
- Dynamic charset change.
- Create list of passwords.
- Small size (69 Kb only).
- Both DOS and Windows version.
Blackman's Random Generator is the software for large random and pseudorandom sequences generating with capabilities to estimate and improve sequences' characteristics.
Program's advantages are:
- Several random and pseudorandom sequences generators.
- Filters set for improvement of random sequences characteristics.
- Set of tests and others sequence quality rating techniques.
- Enhanced result exports capabilities.
- Great performance.
- Minimal size.
- Multilingual interface.
- Detailed help system.
some sysadmin • March 9, 2026 2:55 PM
Different tools for different use-cases. My org self-hosts a vaultwarden instance with account recovery auto-enabled. If our admin accounts were to be compromised, it’d be game over for the whole org. (well, provided our SIEM also failed at alerting us that multiple vault recoveries were taking place in a short amount of time)
As a sysadmin responsible for a 300-ish users network I simply cannot afford to have a password manager that does not have central management and most importantly an account recovery feature in case of forgotten passwords.
Our initial rollout was KeepassXC on test users (30 people) and a fourth of them forgot the master password within 2 weeks. At this point I’m either taking a central vault with potential backdoors or I’m ok with letting users store their passwords in a plain text .docx.
In private though KeepassXC all the way.
The Bitwarden vision is to imagine a world where no one gets hacked. We carry this forward in our mission to help individuals and companies manage their sensitive information easily and securely. Bitwarden believes that:
Basic password management for individuals can and should be free. We provide just that, a basic free account for individuals.
Individuals and families should take an active role in their security using TOTPs, emergency access, and other supporting security features.
Organizations can greatly improve their security profile through organizational password management and secure sharing.
The National Institute of Standards and Technology (NIST), founded in 1901, is now part of the U.S. Department of Commerce. NIST develops industry-wide frameworks and guidelines, including a range of cybersecurity recommendations and resources. It advises against the use of knowledge-based authentication methods, such as personal questions, due to their susceptibility to being easily guessed. Instead, NIST recommends three simple principles for securing passwords, PINs, and passphrases: they should be long, complex, and random.
- Long -- 15 characters minimum
- Complex -- hard for computers to guess, easy for humans to remember
- Random -- if a human can create it a computer can guess it.
The Google Authenticator app can generate one-time verification codes for sites and apps that support Authenticator app 2-Step Verification.
If you set up 2-Step Verification, you can use the Google Authenticator app to generate codes to sign in to your Google Account. You can still generate codes without an internet connection or mobile service.
Microsoft Authenticator is a mobile app that helps you sign in to all your accounts without using a password.
Notes:
Microsoft Authenticator is not available for PC or Mac as authenticator apps are typically designed for smartphones for security reasons. Learn more.
Microsoft no longer supports Authenticator versions that are more than one year old. Always keep your device up to date.
Bitwarden Authenticator is a standalone app that generates time-based one-time passwords (TOTPs) for logins that support authenticator app two-factor authentication (2FA). It generates 5-10 digit codes, by default using SHA-1 and rotating them every 30 seconds.
2FAS Auth — Internet’s favourite Open-source two-factor authenticator.
Private, simple and secure.
It works with all browsers and is not limited to just browser use. Use it to log into any device, application, or unlock encrypted drives.
Some sites support OTP codes; others support security keys. OnlyKey does it all and is the most universally supported 2FA key.
You can use your OnlyKey immediately for two-factor authentication and passwordless login (FIDO2) supported by major websites such as Microsoft, Google, Facebook,Dropbox, GitHub,Okta, AWS and more.
Keep your online accounts safe from hackers with the Security Key by Yubico. Trustworthy and easy-to-use, it's your key to a safer digital world.
Convenient and portable: The Security Key NFC fits easily on your keychain, making it convenient to carry and use wherever you go, ensuring secure access to your accounts at all times. Simply plug in via USB-A or tap on your NFC-enabled device to authenticate.
With the Nitrokey Passkey, you can reliably protect your accounts against phishing and password theft. The device allows super simple and secure passwordless login as well as two-factor authentication (2FA) using the modern WebAuthn or FIDO2 standard. This standard is supported by more and more websites and aims to replace traditional passwords. The device has a practical USB-A mini format and therefore fits on any key ring.
Store and sync passkeys in Bitwarden
To log into websites and other apps, store your passkeys in your secure Bitwarden vault, which gets synced anywhere you go. https://vimeo.com/880292801?fl=pl&fe=vl
Also available in beta, Windows 11 integrates with the Bitwarden desktop app to store and use passkeys natively with other applications.
Securely access your vault with a passkey
Use a passkey to sign into the Bitwarden web app and browser extension to streamline authentication, while using WebAuthn PRF passkey technology for secure vault encryption.
https://player.vimeo.com/video/887354174?h=87c13cfdeb
So, are passkeys shareable? The short answer is yes, when managed properly. Read on to learn more about passkeys, how they differ from passwords, and how teams and families can share passkeys without compromising security.
Contrary to what password managers say, a server compromise can mean game over.
Security is constantly evolving. Today, a new in-depth security report is available, continuing the Bitwarden commitment to transparency and trusted open source security. The audit, conducted by the prestigious Applied Cryptography Group at ETH Zurich, proactively tested Bitwarden core cryptography operations against the hypothetical event of a maliciously compromised server. All issues identified in the report have been addressed by the Bitwarden team and have been included in the attached cryptography report for full transparency.
Bitwarden was selected for analysis by ETH Zurich primarily due to its open source architecture, where code is available to the public on GitHub for inspection, auditing, and contribution. With this model, the world's leading academic researchers and professional minds, like the ETH Zurich Applied Cryptography Group, can stress-test Bitwarden infrastructure and code with penetration testing and security audits.
"No matter who you ask, the most important factor is length. Length is more important than complexity and randomness," Comparitech consumer privacy advocate Paul Bischoff told us in an email.
Of course, adding a random character into a long passphrase doesn't hurt either, Bischoff noted... //
Using gibberish passwords and relying on a password manager is still better than qwerty123, of course, and Bischoff says that goes for browser-based password management, too. You're still taking matters into your own hands, of course, as Chrome updates have been known to break Google Password Manager, and password manager apps aren't 100 percent secure either.
Whatever you do, don't let yourself be caught with a password on Comparitech's list, and if it's your responsibility to set password complexity rules, make sure you're setting good ones.
Welcome to the family! This course shows you how to use your Bitwarden account, access items shared by your Family Admin, and keep your personal passwords organized and secure.