Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can avoid this by only storing part of your password in Bitwarden. The random part.

Then when you log into somewhere add another secret (which you keep in your head) to the end of the password you stored in Bitwarden.

Switch on 2FA everywhere you can.

Sleep at night.



That's actually a cool idea for a password manager in general. After logging in, you input a "salt" value that is appended to the end of all your passwords. That value is never sent to the password server, so even if the server is compromised your associated accounts aren't.


There's actually a name for that: pepper

Instead of a salt, which is random for each entry and has to be stored along the hash, one single pepper is added to each password before hashing and kept secret.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: