If for some reason you haven’t started using a password manager yet, it’s time to make the move. But how can you trust all these important secrets to some unknown company? How can you be sure that your password vault will be safe in a cloud-based service? And finally, how do you figure out which service is best for you? Today I’ll ask Kasey Babcock from Bitwarden all those questions. We’ll also talk about two-factor authentication and newer “passkeys” technology, Argon2 vs PBKDF2, and even how you might self-host a solution like Bitwarden if you want to have full control.

Kasey Babcock is a Product Marketing Manager at Bitwarden, and she has many years of experience working at software start-ups in the cybersecurity and project portfolio management industries, working with product and engineering teams to communicate meaningful cybersecurity information and product updates.

• Bitwarden Personal: https://bitwarden.com/products/personal/ 
  
• Bitwarden Secrets Manager: https://bitwarden.com/products/secrets-manager/ 
  
• Bitwarden blog article: https://bitwarden.com/blog/accelerating-value-for-bitwarden-users-bitwarden-raises-usd100-million/ 
  

• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 
  
• Send me your questions! https://fdsd.me/qna 
  
• Support me! https://fdsd.me/support 
  
• Subscribe to the newsletter: https://fdsd.me/newsletter 
  
• Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 
  
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
  
• Generate secure passphrases! https://d20key.com/#/ 
  

Use these timestamps to jump to a particular section of the show.

• 0:01:02: Pre-interview notes
  
• 0:02:21: Why should people entrust their credentials to a password manager?
  
• 0:07:49: What is Argon2 and how does it compare to PBKDF2?
  
• 0:09:15: How can regular people evaluate the security of software products?
  
• 0:14:34: How important is it for security software to be open-source?
  
• 0:16:32: How do third party security audits work?
  
• 0:18:48: What is “pen testing”?
  
• 0:19:16: How much control do audited companies have over releasing audit results?
  
• 0:20:35: What are the benefits of self-hosting a solution like Bitwarden?
  
• 0:23:55: Should we trust cloud-based password vault storage?
  
• 0:25:29: What are some red flags to look for when evaluating security companies?
  
• 0:27:36: Bitwarden recently received $100M in funding – has this changed your focus?
  
• 0:30:57: What is “secrets management” for software developers?
  
• 0:33:31: What is “passwordless” and is it phishing-proof?
  
• 0:39:18: How do I set up and use passkeys?
  
• 0:44:09: How long before we can use passkeys?
  
• 0:45:42: Will passwordless systems still require two-factor auth?
  
• 0:48:22: What’s next for Bitwarden? What features can we look forward to?
  
• 0:50:06: Interview wrap-up