In the past, we only needed to remember a few birthdays. The internet and all of its security implications force us to deal with an almost endless number of passwords in our private and professional lives. Bitwarden CEO Michael Crandell tells us that it doesn’t have so much to do.
Good day, Mr. Crandell! Let’s start by talking about why you chose to work in cybersecurity.
When I was working with document storage systems, encryption technology was the first thing that drew me to security. It was thrilling to think that I could make any document unreadable to anyone, including the storage system it was stored in, and then return it to its readable form to verified users. The multi-layered approach to the security offered tremendous potential.
Did you find something about information security that attracted your attention?
Nicole Perlroth, a former New York Times cybersecurity reporter, and author, stated that the fight against global hacker attacks is not just the responsibility of governments. Businesses and individuals also play crucial roles. It is inspiring to have the chance to help businesses with password security problems, to keep people safe online, and to work alongside a talented team who are passionate about these same goals.
Why did you decide to start your own company?
Kyle Spearrin is the founder and chief technology officer of Bitwarden. He recognized the need for a better password management software that would meet both the business and end user needs. Bitwarden is an open-source solution that views transparency and trust differently than other competitors. Github hosts our source code publically, so anyone can view and contribute to it. Bitwarden’s open-source approach is distinguished by its commitment to community, accountability, code quality, and transparency.
What are the most common cybersecurity problems companies face today?
Our shared challenge is also our opportunity, namely to empower employees to improve personal security. Employees are educated about best practices and have the tools and knowledge to implement them in their own lives and at work. This is the first step towards improving corporate security. If security tools are complicated and difficult to use it will slow down adoption. You’ll find less resistance if you teach your employees password management and multifactor authentication, and provide tools that will improve their lives and work life. It’s about helping people do their business more efficiently and safely.
Although passwords are a pain, people love password managers.
It’s simple. It’s simple. People hate passwords but love their password managers. You don’t realize how much time you spend trying to keep track everything unless you use a password management program every day. People have good intentions. It’s like “the spirit is willing but the flesh is weak.” After they experience the “Aha!” moment when they use a password manager, it’s easy to get on board.
Not all companies provide password managers for their employees. Employees resort to doing-it-yourself methods, which include reusing passwords or creating simple passwords.
Companies are realizing that they can make employees happy and secure by providing them with tools to manage secure credentials.
Bitwarden’s CEO is you, a security expert in the internet realm. Are you a victim of an online scam?
Although I haven’t been scammed, I was notified a few years back that LinkedIn had been compromised and that my password and email were available. My first concern was not that my LinkedIn account had been compromised. I was more concerned about whether the log-in and password exposed could have been used to access any of my bank accounts. Because I was using a password manager, strong passwords were set up for each site. I then realized that the only thing I needed to re-secure the account was to update my LinkedIn password. Bitwarden provides that same protection to millions of users every single day, as I am aware.
What do you think is so bad about passwords in your opinion?
Passwords are not necessarily bad, but that’s what I would say. Passwords have been an integral part of our lives since ancient times. They will always be there, both professionally and personally. People are familiar with passwords and know how to use them.
The way we interact with passwords and manage them is what needs to be improved. Individuals and businesses use hundreds of online accounts that require passwords to access. People tend to use the same password to access multiple accounts. If a weak password is compromised, it can compromise all accounts that share the same password. A leaked password can have devastating consequences for businesses. There are many examples, including the SolarWinds or Colonial Pipeline breaches.
Passwords aren’t necessarily bad. If they are not properly managed, that is what’s wrong.
How can Bitwarden assist an organization with its data protection and cybersecurity?
Each company is unique and security systems must be customized to suit the company’s structure, size, available tools, and resources. Cybercriminals may be able to access the company through many different channels. Companies need to have a multi-layered security strategy.
Strong passwords are the best way to prevent data breaches. It’s not easy to remember these passwords for most people. Enter Bitwarden. Bitwarden allows people to securely store, create and access passwords from anywhere. This is just the beginning. Companies that are growing need an easy way for password sharing and storage to be managed across multiple functions and teams.
The first step towards cybersecurity and data protection should be to begin with what every employee uses every day: their passwords. Employees and companies will benefit from a password management tool that streamlines their workflows. Bitwarden will be a popular choice for employees, while IT departments will enjoy better password security.
Could you briefly outline the core features of password management systems, and how they can benefit remote teams?
Password management systems should be:
Allow users to access existing passwords automatically in a vault when they visit a new site.
When new accounts are created by users, create strong passwords
When a user visits a website that is already in their vault, they can automatically fill their username and password.
Users can work on multiple operating systems (Windows Mac, Linux, Android, Apple iOS), mobile devices (Android and Apple iOS), browser extensions like Chrome, Firefox, Brave Safari, Edge Vivaldi Opera, Safari, Edge, Vivaldi Opera, and a web vault.
Remote teams will appreciate the following Enterprise features:
Organizations enable teams to share a portion of a vault. You can create an organisation within the vault to allow users to be associated with vault items. This allows them to share logins, notes and cards, as well as identities. The vault can be used by any type of organisation: a business, family, or team that needs to securely share data.
Integration via SSO Bitwarden provides multiple authentication options, including zero-knowledge encryption, and can deliver the right configuration to meet each company’s SSO needs.
Audit logs and event logs. This log keeps track of all activities, changes, and events that take place in your company’s systems operations. This is a valuable resource for auditors, IT staff, and admins who need to investigate suspicious activity on a network or troubleshoot problems.
Employees can get a free Family Plan. Bitwarden has announced that employees on the Enterprise plan will be able to offer their employees a Bitwarden Families personal plan. This plan includes five additional accounts for loved ones.
Bitwarden.com has a comprehensive listing of Bitwarden Enterprise features.
You also mentioned that, despite all the knowledge that unsafe sharing can lead to cyberattacks, people continue to use risky credential practices. What would you do to encourage them to be more secure?
Bitwarden recommends a simple concept known as “the triangle to security success”. It only takes three steps:
Use a password manager to get started. Bitwarden provides a fully-featured free version so that anyone can get started quickly.
Secure your email account. It’s not just a place where you can receive messages. Websites use it to verify your identity by sending you confirmation emails. You’ll need to add additional security measures like two-factor authentication.
Continue to implement two-factor authentication wherever you can, beginning with your email system and password manager. This adds an extra layer of security to your password by allowing you to log in using another method.
Why do you think that password security is such an emotive topic in the crypto community?
It seems that there is a lot more community support for increased credentials awareness within the crypto community. It is almost impossible to keep track cryptocurrency credentials without a password manager. With cryptocurrency and web3 trends placing more emphasis on decentralization and end-user control than ever before, password security is even more critical. While there are still a few debates about whether or not to store your seed phrases within a password manager (or not), it is ultimately up to the individual and their security profile. We see the push for crypto currency and the importance of end-user credential security management as another reason people need a password manager.
What advice would you give companies to encourage a more secure culture?
Establish consistency. It’s important to educate and raise awareness. However, it is not enough to just give one training session to employees and expect the lesson to sink in. Security is a process. We must learn security habits over time just as we learn healthy habits like going to the gym and eating well. It takes time. It is not easy to build security-conscious cultures when the threat landscape changes.
Establish open dialogue. Employees should be able to ask questions and report security incidents. People can feel embarrassed if they click on a phishing link or accidentally download a malicious email. Sometimes they are worried about the consequences. Sometimes they don’t even know. You can give them a safe, open forum. We’re all in it together. Tell people: “If I see something, please say something.”
All should take responsibility. Online security is not just IT’s responsibility. Cybercriminals exploit weaknesses in humans and most attacks rely on some human involvement. It is fine to give your employees security tools, but making sure they have access to tools that increase security without affecting productivity is even better.
When do we think we will see a password-less future? How difficult will it be to adapt to that future?
Bitwarden’s name does not contain the word password, unlike other password managers. This is to reflect our larger vision of providing safer online experiences for all. Bitwarden integrates passwordless approaches including biometrics and security keys.
Bitwarden customers deploy passwordless technology in phases based on a variety of factors, such as company size, IT resources, employee personas and other factors.
Today is the day of passwordless security. The pace at which businesses and individuals adopt new forms will change over time, however. Customers of Bitwarden Enterprise deploy passwordless technology in stages, depending on many factors, such as their size, IT resources, employee personas, etc. These factors influence how fast customers can move to other forms of authentication. Many of our customers begin the passwordless journey with integrations of applications with single sign on systems and identity providers based upon tokens or other passwordless entry points.
Bitwarden is Wired’s “best-choice” password manager. How can Bitwarden ensure the “virtual doorway” for Bitwarden?
The same attack vector is responsible for many data breaches: account compromise via weak passwords. Even large companies with sophisticated security measures in place, this is still true. All of us are susceptible to clicking on malicious links in emails or downloading malicious attachments.
Bitwarden helps enterprises on several levels:
Bitwarden is a tool for IT administrators and cybersecurity professionals. It provides granular access control, user management and configuration tools to optimise security.
Bitwarden provides an easy way to store, generate and secure complex passwords for employees and end-users. This can help ensure that all accounts and services related to work have strong passwords.
Bitwarden is a great tool for executive and senior leadership teams. It helps you to create a security-conscious culture throughout your company where everyone understands their role in cybersecurity. It’s easier to instill a sense of ownership and accountability when employees have access to security tools that make their lives easier.