Chapter 6: User Training
This chapter demonstrates how to use BitWarden from the application side of things. It's a big part in training end-users with new services and this documentation will cover said training.
This chapter is broken down into these sections:
BitWarden is an application that allows you to store sensitive information, such as credit cards, passwords, or other information. Typically, people use the same passwords across multiple sites, which is a huge security risk as data breaches are super common. Once an attacker has a password, they can use said password across all of the popular sites. This is where BitWarden comes in! You can create passwords for every website you have an account for, and it will do all of the remembering for you!
Once your setup in BitWarden, you'll notice a section called 'Collections'. Collections are Organization-Wide items. Each person will be assigned to their appropriate collection, and you are able to share said items others that are also assigned to the same collection. It's kind of like a File Server as each department has their own section to share files. It's the same concept but with secure information!
This answer is dependent on 'where' the password is saved. Upon saving a password, you are given an option if you would like to save the password into your personal vault or into a collection. If the password is saved in your personal vault, NOBODY can see it, not even IT. If you save the password in a collection, everyone who has access to that collection can see said password.
BitWarden is very versatile and can be accessed from anywhere as long as you're connected via VPN, or on-site. You will still have access to your passwords if you're not connected via VPN or on-site. However, in order to sync your changes, you'll need to connect via VPN or go on-site eventually.
You can access BitWarden from the following methods:
- BitWarden's Web Vault (Web Browser): https://bitwarden.example.com/ (replace example.com with your domain)
- BitWarden's Browser Extension: (If you do not have access to the Browser Extension, see IT for assistance)
- BitWarden's Phone App: (If you would like access to BitWarden on your company phone and do not have the App installed, see IT for assistance)
- BitWarden's Desktop App: (If you prefer using the Desktop Application and you do not have it installed, see IT for assistance).
Emergency access is for if you were to forget your master password, we'll be able to help you access your saved password or other important information.
- Log into BitWarden: https://bitwarden.example.com (replace example.com with your domain)
- Click the User Profile icon in the top-right and select Account Settings:
- Click Emergency Access on the left-hand side:
- Click Add emergency contact:
- Input your supervisor's email address, select Takeover, and have the wait time be 7 days:
- Let's say you need to create a new login for a website (e.g., Amazon.com).
- Click the Browser Extension and then then pop-out window (this is to make sure the Password Manager doesn't accidently close on you):
- Click Add a Login:
-
- Type: Select Login
-
- Name: Give this login a name (e.g., Amazon.com)
-
- Username: If this login requires an email address, input your Email Address for said website (e.g., My Amazon username is zack@zackshomelab.com, which means my username would be said email address)
-
- Password: If you cannot think of a Password (I never can), select the Generate button like so:
-
-
- I like to create long passwords but legible. So, passphrases are my goto! Under Options, select Passphrase:
-
-
-
- Number of words: 3
-
-
-
- Word Separator: -
-
-
-
- Capitalize: CHECK
-
-
-
- Include number: CHECK
-
-
-
- Scroll up to see your new password and click Select:
-
-
- URI 1: Input the URL of your website. In my example, I'm creating an Amazon account so the URL would be: https://www.amazon.com:
-
- Folder: If you use folders, this would be a good time to place this login in your predefined folder. If you do not have one, that's fine! You may skip if so.
-
- Notes: I tend to give a description as to what this login is used for, such as: "This account is the IT Department's Amazon Account"
-
- Custom Fields: For now, you may skip this. I cover how to use Custom Fields in this document if you're curious!
-
- Ownership: Who may see this password?
-
-
- Is this a personal account? If so, leave the 'who owns this item?' as your email address
-
-
-
- Is this an account used by more than one person (e.g., your department)? If so, select Your company in the drop-down like so:
-
-
-
- Select what collection the account belongs to, like so (in my example, I want IT to have access to the account, so I'll select my IT collection):
-
-
- Click Save
- Once saved, it's one less thing you have to remember!
- Let's say you need to create a new login for a website (e.g., Amazon.com).
- Browse to our Web Vault: https://bitwarden.example.com (replace example.com with your domain)
- Sign-in with your BitWarden Username & Master Password:
- You may need to input your two-factor code if prompted:
- Once signed-in, click Add item in the top-right:
-
- What type of item is this: Select Login
-
- Name: Give this login a name (e.g., Amazon.com)
-
- Folder: If you use folders, this would be a good time to place this login in your predefined folder. If you do not have one, that's fine! You may skip if so.
-
- Username: If this login requires an email address, input your Email Address for said website (e.g., My Amazon username is zack@zackshomelab.com, which means my username would be said email address)
-
- Password: If you cannot think of a Password (I never can), select the Generate button like so (you cannot customize the type of generated passwords in the Web Vault like you can with the Browser Extension):
-
- Authenticator key (TOTP): This is an advanced feature. We are capable of using BitWarden as our two-factor source for passwords (i.e., it creates the 6-digit code for you, like the text messages you get for signing into your email). Skip this for now.
-
- URI 1: Input the URL of your website. In my example, I'm creating an Amazon account so the URL would be: https://www.amazon.com:
-
- Match detection: This is advanced feature which I demonstrate how to use in the Advanced Password Manage Tutorials. Skip for now.
-
- Notes: I tend to give a description as to what this login is used for, such as: "This account is the IT Department's Amazon Account"
-
- Custom Fields: For now, you may skip this. This is an advanced feature that I cover in the Advanced Password Manage Tutorials. You can read those if you're curious on how to use this!
-
- Ownership: Who may see this password?
-
-
- Is this a personal account? If so, leave the 'who owns this item?' as your email address
-
-
-
- Is this an account used by more than one person (e.g., your department)? If so, select Your company in the drop-down like so:
-
-
-
- Select what collection the account belongs to, like so (in my example, I want IT to have access to the account, so I'll select my IT collection):
-
-
- Click Save
- Once saved, it's one less thing you have to remember!
- Let's say someone has asked you to log into the Department's Amazon account to purchase an item.
- Click the Browser Extension and then search for 'Amazon', like so:
- If the login has the URI configured correctly, you can browse to Amazon.com from the BitWarden extension like so!:
- As you can see, it took me to Amazon.com:
- Click Login on Amazon's web page:
- Again, if the Amazon URL was attached to the Login via URI, you should be able to see the Amazon credentials appear in your extension, like so:
- Left-click the account in BitWarden's extension to populate the Email in Amazon's website, like sO:
- Click Continue:
- The extension should then populate the password for you. If the extension does NOT populate the extension, you can copy the password by clicking the Browser Extension and selecting the 'Copy Password' icon, like so:
- Once you've entered the password, Sign in!
- Let's say someone has asked you to log into the Department's Amazon account to purchase an item.
- Browse to our Web Vault: https://bitwarden.example.com (replace example.com with your domain)
- Sign-in with your BitWarden Username & Master Password:
- You may need to input your two-factor code if prompted:
- Once signed-in, search for 'Amazon' on the left-hand side:
- If the login has the URI configured correctly, you can browse to Amazon.com from the Web Vault like so!:
- As you can see, it took me to Amazon.com:
- Click Login on Amazon's web page:
- Browse back to the Web Vault and select Copy Username:
- Click Continue on Amazon's website
- Browse back to the Web Vault and select Copy Password:
- Paste the Password on Amazon's website and click Sign-in!:
- Let's say you need to update a login within the BitWarden Browser Extension. I'll be using my Amazon Account for this example.
- This assumes I've selected 'Reset Password' via Amazon's website and I'm going through the process of generating a new password for my account.
- Open the Browser Extension and search for the login you'd like to update (in my example, I'll be searching for my Amazon login):
- Click the Login to open it. Once opened, click Edit in the top-right:
- Now, you may update the username, password, notes, or whatever is required to be updated. In my example, I want to update the password. So, I'll click the generate password button like so:
- It will ask me if I want to overwrite the password, and yes I do!:
- Upon open, the password will be automatically generated. I'll click Select to update the password:
- Click Save in the top-right to save your changes:
- NOTE: if someone wants to access the password immediately after you updated the login, the person will need to resync their BitWarden application. Which can be done by performing these steps:
-
- Open the BitWarden Browser Extension and click Settings in the bottom-right:
-
- Click Sync:
-
- Click Sync vault now:
- Let's say you need to update a login within the BitWarden Web Vault. I'll be using my Amazon Account for this example.
- This assumes I've selected 'Reset Password' via Amazon's website and I'm going through the process of generating a new password for my account.
- Browse to our Web Vault: https://bitwarden.example.com (replace example.com with your domain)
- Sign-in with your BitWarden Username & Master Password:
- You may need to input your two-factor code if prompted:
- Once signed-in, search for the login you'd like to update on the left-hand side (in my example, I want to update my Amazon account):
- Click the Login to Edit it:
- Now, you may update the username, password, notes, or whatever is required to be updated. In my example, I want to update the password. So, I'll click the generate password button like so:
- It will ask me if I want to overwrite the password, and yes I do!:
- Again, these instructions assume I have clicked 'Reset Password' on Amazon's website. So, I'll need to copy this password from BitWarden's Web Vault and input it on Amazon's Reset Password website. I copy the password by pressing the Copy Password button, like so:
- Once I've updated my Password on Amazon's website, I can confidently click 'Save' on BitWarden's Web Vault:
- NOTE: if someone wants to access the password immediately after you updated the login, the person will need to resync their BitWarden application. Which can be done by performing these steps:
-
- Open the BitWarden Browser Extension and click Settings in the bottom-right:
-
- Click Sync:
-
- Click Sync vault now:
- Let's say you accidently saved a password to your personal vault, but you meant to save it into your department's collection. How do you fix that?
- Open your BitWarden Browser Extension and search for the login that requires moving (I'm using my Amazon Account as an example):
- Click the Login to open it
- Once opened, scroll and select 'Move to organization':
- Select the Collection this login will be affiliated with (In my example, I want to share this login with IT):
- Click Move:
- NOTE: if someone wants to access the login immediately after you moved the login, the person will need to resync their BitWarden application. Which can be done by performing these steps:
-
- Open the BitWarden Browser Extension and click Settings in the bottom-right:
-
- Click Sync:
-
- Click Sync vault now:
- Let's say you accidently saved a password to your personal vault, but you meant to save it into your department's collection. How do you fix that?
- Browse to our Web Vault: https://bitwarden.example.com (replace example.com with your domain)
- Sign-in with your BitWarden Username & Master Password:
- You may need to input your two-factor code if prompted:
- Once signed-in, search for the login you'd like to move to collection on the left-hand side (in my example, I want to move my Amazon account):
- Once you've found your login, on the right-hand side of said login, select Move to Organization, like so:
- Select the Collection this login will be affiliated with (In my example, I want to share this login with IT), and click Save:
- NOTE: if someone wants to access the login immediately after you moved the login, the person will need to resync their BitWarden application. Which can be done by performing these steps:
-
- Open the BitWarden Browser Extension and click Settings in the bottom-right:
-
- Click Sync:
-
- Click Sync vault now:
- Let's say you need to share a login with someone, but they don't have access to the login via BitWarden (e.g., the login resides in your personal vault).
- BitWarden comes with a 'Send' feature which allows you to securely share credentials or files between other individuals in your organization, regardless if they have a BitWarden account or not.
- Open the BitWarden Browser Extension and select Send at the bottom:
- Click the + in the top-right to start a new Send:
-
- Give the Send a Name (In my example, I'll be sharing my fake Amazon credentials, so I'll name it Amazon)
-
- What type of Send is this? Select Text
-
- Text: Since this is login credentials, I'll input the username & password for my fake Amazon account, like so:
-
- Hide this Send's text by default: CHECK
-
- Copy this Send's link to clipboard upon save: CHECK
-
- Click Options
-
- Expiration Date: If you're sharing a password, try to select the lowest possible expiration time (e.g., 1 hour)
-
- Maximum Access Count: 1
- Click Save
-
Upon Save, if you Checked 'Copy this Send's link to clipboard upon save', you should be pass on the URL to the person who requires access to said Send (e.g., pasting the URL to an individual in Microsoft Teams, Email, etc.)
-
Example of me opening the Link and clicking Toggle Visibility to view the shared login:
- When it comes to working for a company, it's common to have logins for multiple services, like so:
- By default, BitWarden will treat all of the above websites as the same website. If you have a different login for each of the above website, BitWarden will more than likely auto-fill the wrong username & password. How do you fix BitWarden to distinguish between each of the above websites?
- In my example, I will have a login account for the following websites:
- As you can see, BitWarden thinks all three of my logins are for https://bitwarden.zackshomelab.com, which is wrong!:
- I only want login bitwarden.zackshomelab.com to appear. In order to do this, I'll need to perform the following steps on all three logins:
- Search for the login (e.g., bitwarden.zackshomelab.com), and click it:
- Click Edit in the top-right:
- Within URI, click the gear icon to update its settings, like so:
- Change the 'Default match detection' to 'Host' and click Save:
- I'll repeat this process for the other 2 logins:
-
- vpn.zackshomelab.com
- Once i've updated the above logins, I now only have 1 login for bitwarden.zackshomelab.com!:
- If you would like BitWarden to automatically load your username/passwords upon loading a page, follow these steps!
- Open the Browser Extension and click Settings:
- Scroll and click Options under Other:
- Scroll and Check Auto-fill on page load:
- Verify Default autofill setting for login items is set to Auto-fill on page load:
- Settings are saved automatically!
- Custom Fields allow you to do pretty advanced things, such as checking the 'remember me' button, so you don't have to.
- In this example, I'll demonstrate how to check 'Remember Me' on one of my logins automatically.
- First, I'll need to open the BitWarden Extension and select Popout:
- I will search and open my 'Private Emai' Login within BitWarden:
- Click Edit:
- Proceed to Step 2
- With my login in Edit mode, I can now move to the login page of the website I want to automate.
- I want BitWarden to check the 'Keep me signed in' button for this login:
- To do so, I'll need to grab the Checkbox's ID. Which can be done by right clicking the checkbox and selecting 'Inspect':
- Upon inspection, a window like so is opened up:
- Where my mouse is located, you'll see an id="keepMeSignedIn". I'll need to copy the 'keepMeSignedIn' and input this within BitWarden.
- Browse to the edited Login within BitWarden from Step 1.
- Scroll and under Custom Fields, select Boolean:
- Click New Custom field:
- I'll need to input the ID from Step 2, which was KeepMeSignedIn and check the box next to it, like so:
- Click Save:
- Now that I have the 'Keep me signed in' button added to my login, I'll search for my login within the BitWarden Extension and launch the website, like so:
- BitWarden populated everything!:
