Adopting Zero Trust with Bitwarden: The Mighty Password
Adopting Zero Trust11 Touko 2023

Adopting Zero Trust with Bitwarden: The Mighty Password

There’s no avoiding it, the headlines have not been kind to the ways we access systems today. Users are still using 1234, password, and even their dog's name. Not just using these weak passwords but also reusing them across multiple platforms, making it incredibly easy to breach someone once they’ve been caught up in a previous breach. On the vendor side, well we all know what’s happened there in the past 12 months, and now more than ever, password management platforms have growing targets on their back as high-value assets.

But we are not here to throw rocks in the glass house nor try to dissect what goes well or goes wrong in these situations; however, we should all focus on what we can take away from them and ensure they are not repeated. This concept aligns well with Zero Trust, where we should assume systems are already breached, that your users - be it intentionally to shitpost in a discord channel or accidentally fall for a phishing lure- and we should remove as much implicit, unchecked trust as possible. At least until Skynet takes us all out, but we have a few good years ahead.

Jokes aside, we have a great episode for you and appreciate Bitwarden lending us two of their C-suite members who cover a range of topics, including how they navigate these challenges. This week we chat with Bitwarden’s CEO Michael Crandell and Chief Customer Officer Gary Orenstein. Bitwarden offers an integrated open-source password management solution for individuals, teams, and business organizations. It also offers a self-hosted solution, which appeals to those who want greater control over their secrets.

Key Takeaways
  • The use of a Zero Knowledge architecture means that the company, whether cloud-hosted or self-hosted, should not be able to access sensitive information without the user's permission.
  • Open-sourced solutions offer additional layers of trust as there are more eyes are on the product and can vet it for security
  • Passwordless authentication is the future

Hosted on Acast. See acast.com/privacy for more information.

Jaksot(58)

The Security Debt We Pretend Isn’t There

The Security Debt We Pretend Isn’t There

As organizations push return-to-office (RTO) mandates and chase efficiency, many security teams are quietly accumulating debt they don’t know how to unwind.In this episode, we are joined by Lea Cure T...

29 Tammi 50min

Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics

Whisper Leak: How Encrypted AI Chats Still Leak Conversation Topics

In this episode, we break down Whisper Leak, a newly disclosed side-channel issue affecting encrypted LLM communications. JBO explains how attackers can infer conversation topics using packet size and...

11 Joulu 202531min

How Critical Infrastructure Leaders Are Rethinking Cybersecurity

How Critical Infrastructure Leaders Are Rethinking Cybersecurity

In this episode of Adopting Zero Trust, hosts Elliot Volkman and Neal Dennis discuss critical infrastructure security with expert guest Ian Branson, Vice President of Global Industrial Cybersecurity a...

17 Huhti 202544min

Shadows Within Shadows: How AI is Challenging IT Teams

Shadows Within Shadows: How AI is Challenging IT Teams

In this episode of Adoption Zero Trust (AZT), host Neal Dennis and producer Elliot Volkman sit down with Bradon Rogers, Chief Customer Officer at Island, to discuss how AI is compounding the already e...

20 Maalis 202548min

Live at ZTW2025: Cyberwire Daily’s Dave Bittner + Dr. Zero Trust

Live at ZTW2025: Cyberwire Daily’s Dave Bittner + Dr. Zero Trust

Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here.Live from ThreatLocker’s Zero Trust World (ZTW), cybersecurity heavyweights Dave Bittner, host of CyberWire D...

6 Maalis 202532min

Rapid fire update: Silk Typhoon and DOJ's indictment of twelve Chinese nationals

Rapid fire update: Silk Typhoon and DOJ's indictment of twelve Chinese nationals

New intelligence: Silk Typhoon, formerly tracked as HAFNIUM, is a China-based threat actor most recently observed targeting IT supply chains in the US. Today, we released a new report in conjunction w...

5 Maalis 20253min

Predicting the year of cybersecurity ahead (minus regulations)

Predicting the year of cybersecurity ahead (minus regulations)

It’s mid-February, but somehow, we’ve already been through what feels like a year's worth of change in the cybersecurity and regulation world. Beyond the standard incidents, outages, and attacks… ther...

18 Helmi 20251h 2min

Kicking Off Season 4 of Adoption Zero Trust (AZT)

Kicking Off Season 4 of Adoption Zero Trust (AZT)

Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here.Neal and I are excited to welcome you back to AZT as we kick off our fourth season. After four years of tryin...

11 Helmi 202522min