A GUIDE TO Bitwarden Change KD Iterations Settings.
|
Prepared by: |
Paresh Parmar |
|
Version: |
1.0 |
|
Effective Date: |
July 5, 2024 |
Bitwarden showing KDF Settings.
Changing KDF iterations
As mentioned above, Bitwarden uses a secure default. However, you can change the iteration count from the web vault's Settings → Security → Keys menu.
Changing the iteration count can help protect your master password from being brute forced by an attacker; it should not be viewed as a substitute for using a strong master password in the first place. Changing the iteration count will re-encrypt the protected symmetric key and update the authentication hash, much like a normal master password change, but it will not rotate the symmetric encryption key, so vault data will not be re-encrypted. See here for information on re-encrypting your data.
Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. We recommend increasing the value in increments of 100,000.
When you change the iteration count, you'll be logged out of all clients. Though the risk involved in rotating your encryption key does not exist when changing KDF iteration count, we still recommend exporting your vault beforehand.
There is a very small chance that something
could go wrong while doing the update, so out of an abundance of caution (since
breaking your account could be a problem), you should export a
password-protected backup copy of the account vault contents and take some
additional precautions before you start.
Creating an Export:
1) Log in to your Pateam account on the Web Vault bitwarden.pateam.co.
2) Click on Tools in the top menu bar.
3) Click on Export Vault in the left-hand navigation menu.
4) In the dropdown menu under File Format, select the option .json (Encrypted).
5) You will now see two options for Export Type: select Password-Protected (it is very important that you don’t select Account-Restricted).
6) Choose a strong password for the backup (use https://bitwarden.com/password-generator/ if you like) and enter it into the input fields File password and Confirm file password. Write this password in a safe location so you don’t lose it!
7) Click Confirm Format.
8) When prompted (in a window titled Confirm Vault Export), enter the Bitwarden Master Password (not your backup password).
9) Click the
Export Vault button. You should see a green alert box in the upper right
corner of your browser window with the message “Vault data exported.”
10) Go
to your Downloads folder and look for a file named bitwarden_encrypted_export_20240612204532.json.
Move this file to any location where you will be able to access it later. The
file is encrypted, so you do not have to worry about hiding it.
In addition, if you have file attachments in your vault, locate these by typing the following expression in the vault search bar:
>attachments:*
Then, download each attachment (as file attachments are not included in the vault export), and make a note of which vault item each file was attached to. If you are concerned about the security of saving these files in decrypted form on your computer, you will need to take special measures (which I won’t detail here, unless you ask).
Finally, if you use the Bitwarden Send 1 feature, then take any necessary actions to preserve or re-create any currently active Sends (as Sends are not included in vault exports and would be lost should something happen to the account).
Additional Precautions:
Click the View Recover Code button in the Warning box, and enter your Master Password when prompted. This will display a 32-character code, which you should print out or write down in a secure location (e.g., your Bitwarden Emergency Sheet).
While you’re on the “Two-step Login” tab, look through the list of “Providers”, and ensure that you see a green check mark ( ) on at least one of the listed provider options. If not, you’ll need to enable multifactor authentication.
Updating the KDF Settings:
Having taken the above precautions, you’re now ready to make the KDF update that will address the “Low KDF Iterations” warning.
While still on the Security page of the Account Settings section, click the top tab that is labeled “Keys”. This will take you to a screen titled “Encryption Key Settings”.
In the “Encryption
Key Settings” screen, change the value of “KDF Iterations”
from 100000 to 600000, and then click the Change
KDF button:
Change Encryption KDF Settings
You will be prompted
for the master password at this point, after which you can click
the Change KDF button in this final prompt:
Related Articles
Bitwarden User MFA Enable step by step guide.
Prepared by: Paresh Parmar Version: 1.0 Effective Date: August 27, 2023 Bitwarden User MFA Enable step by step guide. Bitwarden User MFA Login Step by Step Guide. Two-step Login via Authenticator apps, such as Google Authenticator, do not ...Office 365 Email Password Change Step by Step Guide.
How to Change my password for Microsoft Office/Office 365 If you’ve forgotten your PAteam account password or it’s no longer working, you can go to the self-service password reset tool to try to reset your password. use this tool to send a password ...Before Traveling How to Guide Network File Sharing & Network Discovery Disabled
How to guide will teach you how to stop sharing your files and/or network connection on your Windows PC Prepared by:Paresh Parmar Version:1.0 Effective Date:23rd December 2024 To turn off file sharing, you'll just need to make a quick change in ...step-by-step guide to help you set up and manage multiple email accounts in Outlook
Prepared by: Paresh Parmar Version: 1.0 Effective Date: June 3, 2024 Managing multiple email boxes in Outlook can help you stay organized and efficient. Here's a step-by-step guide to help you set up and manage multiple email accounts in Outlook: ...Remote Help Tools Step-By-Step Guide
Prepared by: Paresh Parmar Version: 1.0 Effective Date: December 12, 2023 How to start a Remote Help tool connection The firsts steps are similar for the user and the admin. Open remote help via the start menu Click Sign in Click To Accept Remote ...