February 02, 2023
Open Source Password Security for Everyone with Bitwarden | Episode #57

In this episode I talk with Ryan Luibrand , Senior Product Manager at Bitwarden. Bitwarden is an open-source password management solution for individuals, teams, and business organizations. It enables users to store, share, a...

In this episode I talk with Ryan Luibrand, Senior Product Manager at Bitwarden. Bitwarden is an open-source password management solution for individuals, teams, and business organizations. It enables users to store, share, and sync sensitive data. In this episode Ryan and I talk about how Bitwarden provides an open-source password management solution for individuals, teams, and enterprises. Bitwarden emphasizes the importance of code transparency and regular security assessments, and offers a free version to ensure that password security is accessible to everyone. The company's founder, Kyle Spearrin, started the company with the goal of making password management easier and more secure for both developers and everyday users. The company's growth strategy is to continue to provide professional support for their open-source platform and to prioritize customer satisfaction and community engagement.

Bitwarden was founded in 2015 and is headquartered in Santa Barbara, California.

☑️  Buy me a coffee? - https://ko-fi.com/gtwgt

☑️  Technology and Technology Partners Mentioned: OSS, Windows, Linux, Docker, Password Management, Azure

☑️  Raw Talking Points:

  • What constitutes a password manager
  • Personal plus Business
  • MSP
  • About Open Source Software
  • Code Repos
  • Self Host with Docker Linux/Mac/Windows pros/cons
  • About Bitwarden Vault Security
  • About the Bitwarden Security Audit
  • What is Bitwarden Send?
  • Zero Knowedgle Architecture
  • Data Compliance
  • SaaS Azure?
  • Web and Mobile
  • Cybersecurity
  • Transparency
  • Individual and Business impact
  • Self Hosting, tinkering element tech

☑️  Web: https://bitwarden.com/
☑️  Self Hosted Info: https://bitwarden.com/blog/new-deployment-option-for-self-hosting-bitwarden
☑️  Zero Knowledge White Paper: https://bitwarden.com/resources/zero-knowledge-encryption-white-paper
☑️  Crunch Base Profile: https://www.crunchbase.com/organization/bitwarden

☑️ Interested in being on #GTwGT? Contact via Twitter @GTwGTPodcast or go to https://www.gtwgt.com
☑️ Subscribe to YouTube: https://www.youtube.com/@GTwGTPodcast?sub_confirmation=1

☑️  Music: https://www.bensound.com

first report now just to grab some sand bites so I'll use these sound bites to basically incredible so I'd choose a funny one or something um hello and welcome to episode 57 of great things with great Tech jtwjt is a podcast highlighting companies doing great things with great technology my name is Anthony spiteri uh this is season 2023 welcome everybody to season 2023 and in this episode we're kicking off the year with a very pertinent topic talking to a company that provides an open source password management solution
that makes it easy safe and secure to store and share sensitive information amongst individuals teams and Enterprises they offer complete code transparency regular security assessments and a comprehensive review process for their code contributions that company is bit Warden and I'm talking to Ryan Lewis brand senior product marketing manager at bit Warden welcome to the show hi great to be here excellent so what a way to kick off 2023 with a subject that is so um you know part of the narrative in terms of security cyber security and and
just general data in general right but before we get into everything password management protection I just want to talk about great things with great Tech it's season 2023 as a reminder if you do love great things with great Tech and would like to feature in future episodes you can click on a link in the show notes or go to gtwgt register your interest as a reminder again we are distributed by anchor FM across all podcast channels and also on YouTube at gtwjt podcast go there hit the Subscribe button and keep up with all future
episodes okay with that Ryan let's talk about bit Warden I guess I'm really interested in getting just a bit of a background on the company a company that was founded you know not that long ago but give us a little bit of a background about the hail and the why of bit Ward and why you guys um now a very very successful company in the area of password security yeah so seven years seven years I guess that's been that's just a long time for for technology companies these days maybe but it doesn't quite feel like
that time has been a little bit strange since 2020. it has yeah but we we started we were founded by an idea our founder Kyle Spearrin was using a password manager of his uh that was pretty well known in the marketplace and looking around at the market and what that password manager was offering he thought that he'd be able to do better so he decided that he was going to get started and and take up programming a password manager that could work not only for developers like him but for individuals and businesses
everywhere and he started doing that um in 2016 very beginning 2016 and he released it to the open source Community for the first time mid-year around August and okay yeah he was completely overwhelmed by the support that he received it seems as though he had found a perfect sweet spot in the market which was something that was open source secure and uh basically just easily easy to be used and picked up yeah so I think that's really interesting so this is again Innovation is you know necessity is the heart of innovation and
all that kind of saying but so he really just wanted to solve a problem for himself he wasn't happy with you know the way that he was storing his own past he wasn't happy with what was out there and he decided he can do something better being being a developer himself he's put it as an open source has put it out there and it's just been picked up by attrition basically right in the in the open source community yeah is the the huge Groundswell of support was really the the big the big thing that really is wake up at Warden
kick-started and off the ground and with all the so the Innovation help from the community it was um it was it was really humbling he says he can he can listen to some of his other interviews about it but he was he was so wrong by the support and that he decided he was going to kick it off and make that his full-time uh you know work and brought on our first person to help with uh with uh customer support yeah and that was 2017 and I just really wanted to build this and realize the vision that he had for a password manager that was usable by all
that was fully transparent yeah so we'll touch on the open source elements as well it gets a very important part of I think what makes bit wooden successful and open and part of your transparency as well was part of that OSS community so but I just wanted to understand when you guys started it looks like from the history um it was an IOS and Android app with browser extensions into Chrome and Opera and all the kind of popular web browsers that are there and that's that's kind of the basis for these password managers
right it's it's it's some sort of plug-in into a into a website or an application where you can effectively just you know store your passwords securely that's kind of the premise of them right and in terms of you know what makes a password manager because obviously back in the day I would have used a spreadsheet you know Excel whatever it might be is my password manager obviously that's not going to be good enough today but how did we get to that point how did we get to the point in time where you know the founders like
okay I'm not happy with what what's happening I want to build my own purpose-built bit of software and now I'm going to offer it as a service and obviously there's other people talk about other sort of um products in the market as well but how do you get to that point how do we get to the point from a spreadsheet to a fully fledged company that's doing great well so if you think about so I guess we talk about let's talk about passwords and password password management General how many how many passwords do you think
the average user reports that they have for websites 100 yeah about that like we've done surveys and we see probably about 150 passwords that are rather accounts websites now that should also hopefully mean 150 different passwords too but it's I can tell you from my own experience that is absolutely not the case yeah so the human mind is pretty fallible um I I thought that I was clever when I had a system with like a prefix the website or name or whatever I was doing like insurance and then a suffix um I was like oh did you see this for
everything I can guess my own password um and it it only takes you so far it takes just a couple of of leaks and that back when uh Kyle was starting to work on this uh really cyber security was was I wouldn't say like in his infancy but it was becoming more mainstream where people were aware of data breaches yeah um and what was happening and you know there's a lot of a lot of concern about that and that basically started the rise of password management password managers into um the public eye where people have been
you know thinking about how they could jump away from using password books which honestly password books aren't that insecure these days uh and you know going for me sell dog was text documents or whatever and and getting stuff uh into websites autofilled and it's a it's been a really interesting change of pace uh for passwords in general um granted there's going to be some some future Innovations with passwords with with pass keys and passwordless logins and stuff and that's exciting but
um passwords are going to be around for quite some time and um you just really need to have a tool that makes random strong passwords for you for every account saves them into a spot where they're safe and then can also just recall them for you automatically and fill them in so you don't have to try to type it which is the hardest part yeah it's almost like you want to it's almost like we've reached a point where we're past where we we're past word lists as it is at the moment if you do it right because
effectively you shouldn't really know any passwords you shouldn't be able to you know and they say you've got great minds I remember back in the day if you remember Windows um keys that came with that software like I would I would memorize those keys right um but they also had it I've worked out they had a bit of a pattern which made it easy to kind of you know recall in the mind but a good password you shouldn't actually be able to recall right that's kind of the basics of a good password
that's right and with current cracking Hardware right now it's usually recommended to have at least 16 characters completely randomized I don't know if you can remember 16 randomized characters you're probably smarter than I am but I know I know I can't um I don't know the passwords to my financial institutions um and people when I tell them that they look at me like I'm crazy like no I don't know I don't need to know it I don't want to have to know it and you know it's uh it's it's actually quite uh
it takes a lot of mental burden off like I only have enough room up here for some things I can't try to remember passwords yeah that's interesting but I think on the playing The Devil's Advocate there I think a lot of people feel they're more in control if they know the passwords and if they can recall them quickly and efficiently to get to those Services especially the key ones right but therein lies the problem I mean if my mum as an example I bet you my mother has some really weak passwords based on
maybe our birthdays or you know um the grandkids names or whatever it is right and it's just number one from the a point of view of just being able to hack those or crack those easily just from social engineering alone that can be done let alone a a Brute Force type of attack which you know again with Computing the way it's going you know where we're getting to a point where that's going to happen a lot quicker so the more complex the passwords are the better um how do you how do you as a company
fight that I mean it's it just seems like human nature is to just basically take the easy path and to me having that sort of long complex password goes against everything that we are as humans yeah it's a human nature really is the the biggest challenge for cyber security uh and the people like security researchers will tell you that all the time I think I think I saw some data that was 84 of all giant or most all reported hacks came through compromised logins um either through phishing or guest passwords or reused passwords
password sprays um it really is incredible the tools that all these malicious hackers have out there to to crack into everything and as as a company what you try to do at bit Warden to help mitigate that is is make it a little bit easier so firstly it just not having to even think about the passwords generate them and save them and autofill that that really is the biggest value proposition there for passwords but there's other things that you can do so for example um you could use password phrases and you know there's there's some
uh debate over how long a password phrase needs to be in order to be secure but it's definitely a phrase is way more memorable because that's the type of people we are as humans like we're not good at remembering random strings of characters but we can form a story in our head with like four or five words and sometimes we get some really hilarious things out of the bit Warden generator that gives you um the different words I've been saying that all of Olaf generated is um just the the more complex passwords maybe
we'll have to take a look at that and actually do turn it into a phrase but it's interesting on those phrases I think phrases got brought into the mainstream a lot through um crypto and blockchain like I think a lot of people know seed phrases and whatnot and so I think the concept of the phrase is becoming more and more um you know popular because of certain Technologies like that and I know for me um you know I can say openly because I don't think people are going to guess my phrases but I know for my crypto wallets
um and which is pretty much my most critical you know bit of you know equipment that I've got out there I use phrases as opposed to passwords so that's kind of interesting how the psyche changes based on the technology and and how we're interacting with them and basically the easiest the best way to to combat the human nature about passwords is to really just make passwords not an obstacle anymore and and that's the the whole purpose of a password manager is to is just take the obstacle out of it and
um even so the only password you're really going to need to remember there's if you do it right we have a great presentation called the triangle of security on our website I'll link to that in the show notes but there's there's really two passwords that you should really need to know and that is your primary email address that you use for your two-factor authentication um and for password reset emails and then your password manager master password and you shouldn't and you shouldn't put uh that email password in
your like you shouldn't rely on your password manager for that because if you ever need to reset something or reset to a face somewhere else you can always access that account is that the concept of zero knowledge architecture is it like talk about that a little bit because we we hear about that in the industry quite a bit so what is zero knowledge architecture in essence sure so zero knowledge architecture uh we we use think about um a post office now it's probably not really a good example these days because
post offices are x-raying your boxes but let's say you write something down in a letter and you put it in an envelope and you seal it at your in your at your house and you put it in the mailbox and the the mail carrier comes and takes it away the in theory the mail the post office has no idea what's in that sealed envelope um I mean obviously they might tell let's say it's a paper and that they could be like what you get from like a hash or something but they don't know the contents of it
um but they they it gets mailed out like it sends to somebody with a PO Box um they might not know exactly who it is um the mail carrier may not and it goes to that person and they are able to open it up and then see the message themselves and that is basically a really super simplified version of end-to-end encryption zero knowledge and the encryption part of it um really comes from the idea that if the post office were to somehow open up the envelope what they see on a piece of paper is complete useless gibberish to
them so the way bit Warden works is that everything is encrypted locally on your machine before it gets transmitted anywhere so it the warden host a bit Warden Cloud that's where your Warden vault is and that the data is and it really is just a blob of data that um it's organized so like somebody who might might be able to look at and say oh they have X amount of entries but they wouldn't get any information from looking at that at all and bit Warden Prides ourselves on having everything in the vault encrypted whereas uh some
password managers might have certain critical elements unencrypted that's not sensitive in their eyes but everything is encrypted and it goes a completely end to end for your for your Vault now the zero knowledge part is that the cipher the the what's needed to decrypt your vault is your master password and bit Warden never knows what your master password is so we we have no way to reset your password because that master password is in part your cryptographic key um and we can't we we don't know it
there's no way for us to possibly know what your master password is yeah so so let's let's actually dive into you know the now and today and you know kind of why it's relevant because obviously we you know we we saw the last pass incident happened last month and that's caused a whole heap of people to to look at Alternatives but um I think you know in general you guys are absolute targets for for malicious intent because they they understand that you guys even though it's encrypted or whatnot you
still hold a ton of data that could be used for bad and for evil and for malicious intent if someone is able to crack if you've got a weak master password and then they know other elements of your login as an example as well to what happened then they could spend time trying to crack that master password and if they crack it then they got the case of the Kingdom right which is your kingdom and on a personal level and then a business level they've got organizational passwords and it's a whole sort of Pandora's box of of danger
at that point um so is that element of the bit Warden architecture what makes it sort of almost immune to an attack like that because I think that the reality is breaches are going to happen like we've we've seen that and we understand that like and we are almost a result of the fact that breaches will happen we hope it doesn't but if it did the bit War didn't architecture would mitigate against any breach because it would effectively be useless information that they get well I don't want to say that anything
is uncrackable uh it's a bit Warden if you look under the hood but Warden uses an industry standard uh encryption method AES CBC 256-bit encryption it's we're not trying to reinvent the wheel and we actually consider that part of our Innovative things that we we hold that course we stay with the industry standards so if if the industry standards change then our standards will change as well yeah but given enough time in a situation where somebody had your encrypted Vault and they had a powerful enough computer
and you had a weak enough password um then then you know there's always risk there um so what makes a bit word a little bit different you can go to we have an encryption and security white paper on our website I highly recommend you go take a look at that and see how everything is done and how the master password um and key is derived but it's it's a combination of your master password that you enter the username generates a salt that goes into it the hash there's an account key as well and it really makes
it pretty robust and yes the stronger the master password is the better it is and um and it should there should the the most Unthinkable happen um ideally it would take someone several million years to break into your account uh giving you plenty of time and warning to go and and make the necessary changes um in your defense absolutely that's cool I think that kind of addresses it I think bad things will happen it's just about how you're set up to to um to you know come back from those bad things
right so I think that's a big part of what it is and we all have to be aware of that as individuals and business is so hey I just wanted to talk on that and change focus a little bit to you guys and you know what makes you guys you know I think stand out in the industry um you've got the the self-hosted and the hosted option which is amazing you can self-host with a Docker container you can do a full Linux Windows Mac install um there's obviously pros and cons for them but maybe I'd start with the open
source element you know and why that's important and you know you do do you've got code reviews that are transparent you mentioned transparency is super important for you guys so how does that open source element to it you know give you guys an advantage when someone's comparing one solution to another yeah so if you think about it if somebody came up to you and said hey you can go ahead and give me all your stuff trust me I've got a safe in my house I'll take care of it trust me it's fine
I would versus being able to go into a bank and seeing their safe and safe deposit boxes and say hey can I take a look around you take a look around no problem um which would you feel more more comfortable with and they would you would it be like oh yeah don't don't worry I got this safe it's hidden in my house somewhere you're never going to find it yeah like that's it that that's security through obscurity um and while some people may look at that as an advantage um some it may just be too much of a
crutch um and and to us our transparency is a really big policy for us we want to be transparent everything that we do all of our code is available for anybody to look at and trust me if somebody found a way to crack it we would certainly have known by now yeah um and we have like as I had um really talked about before this Groundswell of support of um of the open source community that we've had uh all these security researchers people who really care about security are looking at this code and picking over
every single thing that we do submitting bug reports uh just making sure that everything is as tight as possible and that sort of transparency just just having the Geniuses out there um audit our stuff like really as really as a huge strength to security no absolutely and I think that that um you know kind of endears a lot of confidence in the product as well the fact that it is out there and having to hide and is being picked apart you know you would think daily by someone some some of these guys would be you know thinking
about as a personal challenge to try and you know make bit Ward and you know a little bit weaker or whatever it might be and that's a nature of Open Source they're trying to crack it themselves but they're kind of the good guys so you you've got good guys working for you to make this software better while the bad guys are trying to sort of you know effectively crack it for the bad purposes so the fact that it's out there is is quite cool I think um and also the fact that you know it that in itself
endears yourself to the community the fact that you've got this self-hosted version versus the what was the background in in allowing this dual stack approach uh to the product so the the approaches well our Founders always been a proponent open source you find a lot of developers um really are proponent open source and it was something that was really missing at the time when he was looking at the community as it was it was an open source password manager that wasn't fragmented that had support of of a
dedicated team and you know that's where a lot of our value comes in is the support and and having um professionals work on it rather than just a a project that might be worked on by guys in their spare time um we have you know a full professional team dedicated to open source and um being a part of the community where people are able to contribute so one of the things that we do is that we we also take contributions from the community members as well yeah yeah so they they you know they might say hey I didn't
like the way this UI element was working um here's how I fixed it and we actually had uh we recently implemented a dark mode in our the web application that came from a community pool request wow there you go everyone's gonna have dark mode right like dark mode is super important and critical critical you know it makes everything a lot safer but no but it's a really good example of something where you know you guys you know your core focus is one way but then while that's important it's not super
important so why not let the community you know um do a contribution and get it in there that's amazing yeah and this way too like it's people are invested in the product as well and you know we we have uh we every month we have a vault hours which is our version of an office hours right when people just come in and ask us questions and actually you're welcome to join us we're having ones the last Friday of this month come come and join us and I'll link some hard questions and yeah so last Friday of
each month is when you have this old house actually I'll definitely make a link in the show notes for that and yeah you can find it at bitworld.com events um we have them there and people try to stump us and it's it's fun yeah look I must say to me I'm not I'm not completely you know entrenched into that side of into that world but on the periphery I I can tell it would be a really fiery and interesting sort of conversation so yeah I read Reddit so I know what goes on um but no hey um I think as well I just
wanted to finish that point on the self-hosted part like I know that that's about all right that's what I ended up going with so I ended up going self-hosted I deployed on an Amazon light sale Linux VM have a lot of control over you know what I can do because that's me because because I love tinkering with technology I think that speaks to a lot of people and that's why we've seen like I I had a Twitter thread talking about what you know password management tool to use and bit warden came up constantly during a very popular
thread because that self-hosting element so I think it's a big part of it um in your mind why what's the good versus bad of that like of the self-hosted versus you know just doing and using it as a SAS application effectively yeah going back to open source no I'm kidding I got derailed there when I was talking about no self-hosting um so self-hosting is is very important not not too many password managers allow yourself host right now I think there's always exactly you yeah um and you know as you said you know Kings of the
kingdom and I I mean obviously we try to we we're we we say here here's how we do it you don't need to trust us we can host it on our Cloud no problem we're Azure we're based in the US East Coast we talk about that all the time but um that's not good enough for some people who have like really high security like imagine like Fortune 50 companies um or federal agencies yes um they prefer to cell phones they have the capability to do so so um some people even will air gap you know their their password Management
Solutions um on a self-host instance so uh there's it's it's honestly a really popular um we have we have a Blog about like how to how to do a cell phones and it's one always constantly one of our most popular pages that we have interesting isn't it yeah yeah and so there's a lot of demand for it and it just it just seems like a no-brainer um I think the reason that you don't see it very commonly is that it some people may imagine that it's difficult to monetize um we have a we have a licensing system
for like you just saw how many license you want and you know you've done a little license file um but it's uh we we work with those people we um they we've had some of the the big companies with self-host that we're self-hosting um give us feature requests and you know we worked with them and their coders to to write it out but yeah the the pros and cons of it obviously you can you can you you don't have to trust a cloud you can control your own data you can keep it on your own network you can put it
behind um some people put it behind a reverse proxy firewalls uh anything you could possibly imagine when you self-host it you have full control of the data um the challenge with that is that you know with say for example as I said Azure um where we host we have pretty decent redundancy and uptime yeah um which is you know the the benefit of having a big data center with um several different systems and containers pulled up and instances running so we really just need to think about your own capabilities of keeping
your network your own personal Network secure um and making sure you have backups and that you have the tech know-how to put it together but like if you look at the bit one clients which are the end you the end devices like the desktop application your mobile application um at the login screen all you have to do is is enter your um your address and it will just all those will just work right away it's not like you have to try and sideload anything yeah which again is cool I think a lot of a lot of the hardcore Tech guys love having you know
being Masters their own destiny a little bit to that extent um and you're right there's a whole heap of reasons why you know the hoisted version isn't um applicable for some industry Enterprise government whatever it might be um you how do you kind of phrases in the best way if there is an issue so say if someone's personal self-hosted Vault gets breached in some way or gets compromised how is that dealt with is it dealt with in the same way that it would be if a self-hosted one was was breached or
compromised or is it one all in you know there wouldn't be that situation I'm just trying to think of like an absolute Con in self-hosting if something bad happened to that someone got hold of the VM got hold of the infrastructure that hosted you know that instance could anything go wrong in that in that way um if somebody got the data file itself without the master password encryption key um it would be the same scenario as cloud like there's nothing they'd be able to do with it without putting a lot
of effort into it if somebody got into your network and through I don't know like some sort of desktop sharing application um and managed to install some malware man in the middle attack like there's no defense against that sort of thing so yeah um which I guess is a sign which I guess is the same as hosted right like if someone's in the middle of your of your transaction they're going to raid you putting in the master password key anyway and but then again that that limits it to an individual impact as
opposed to a a global impact of all customers right that's right and then basically what I talked about uh security through obscurity before about like keep yourself it's about it's about your own obscurity like how obscure are you um as a person and an individual like are hackers really going to care about you and what they can get out of you you would have to be specifically targeted it yeah and to a certain extent hackers uh fairly well the big time organized ones are efficient right they they want
to get the most for as little work possible and an individual spending you know weeks or months trying to crack one individual is is not as efficient as trying to crack a platform that has hundreds of thousands of people's data on there right yeah and the the biggest threat really is uh fishing uh social engineering attacks um that's one reason that Warden makes sure that everything in your vault is encrypted when it goes up to the cloud because um the less information that someone can get a hold of in the event of a breach
the safer you are um that way you know people are saying like oh this person has an account on this website and on this website let me try to engineer a way to get a hold of them with their email address so it's um I don't know try to stay as secure as possible that's it that comes down to and I I think in my world I talk about you know for example in the backup world you can you take a good back up you can recover it um but then what will happen is you know you could still have some sort of weakness at the
front of your network and then the back end of your network so it's a holistic approach to security it's you can't just rely on a tool to you know feel safe it's it's it's more than that and I think it's the same with password managers right there's an end-to-end approach to it there's education with with end users with your with your employers with your family members everything so it's a total end-to-end approach to that um just on individual and business impact so you obviously have an
individual focus and then a business focus as well just just talk a little bit about why that's important to bit Warden yeah well bit Warden has a big vision of a it's a big Vision it's it's imagine a world where nobody gets hacked you can find that on our on our website and it's actually one of the reasons why password isn't in and isn't in our name because we're envisioning you know being more than just passwords and authentication um but we really want it to be available to everybody and that's that's a big
reason why we still have a fully free fully featured free accounts and um the everything could possibly need as a password manager is available to everybody in the world for free um and we're the only leading password manager that still has a fully featured free version whereas um uh some competitors have started um don't don't offer them anymore or have put limits on them so that that really is not as useful but we just want everybody to be secure everywhere on any device that they have and uh it's it's that that speaks to both
individuals and businesses now on the business side of thing what's really important for us is management self-hosting is really important for a lot of businesses user management we have this great Trinity of um of users groups and collections uh collections being shared um folders of passwords uh that you can assign access to for everyone is really incredibly scalable and you know and Enterprise policies where you can enforce certain uh security across the entire company and offering other features like SSO
integration and working with your SSO we just really want it to be as easy as possible for people to be secure I think um that's representative as well and the fact that I see the fact that so in this industry open source sometimes people equate that with not really being functional you know Enterprises or businesses right it's kind of there for the community but certainly what you guys are doing is not that you've got the individual element which is important we've talked about the hosted version that talks the tinkerers and the
techies but then you know from a business perspective from an Enterprise perspective you've got to have more than that I think that's reflective of your of your funding as well um so you're into your series B funding in September 22 which is very recent you've got 100 million in series B yeah basically you know help you know drive that next element to the company right so is that part of it as well that you know part of that investment that you're getting um is really leading itself to becoming more than
just passwords going Beyond passwords and I even notice that you guys have got um the the file um feature as well so you can send encrypted data so that's something we haven't talked about right you're more than just passwords yeah absolutely and and it's expanding even more and the funding you're talking about was growth funding uh really just just helping us continue to grow the product and build new things uh we're actually about to we you can find it on our website we're talking about a beta
for Secrets manager which would help developers be secure in their code so they're not finding that they need to hard code in credentials or apis into their code that's cool yeah which is actually to be fair in almost well I won't say that everything but majority of the big breaches that you hear with Viva and API endpoint or whatever and when they get in you see examples of the hackers opening a configuration file and there's the username and password smack bang hard-coded in so that's such a huge uh
weak point in a lot of these attacks yeah especially if something was like never meant to be published if it was just like hey this is just an internal file and accidentally got added never just internal I think that's the big thing right now these days people have to consider the fact that anything that they have internal is potentially external as well so we're we're really focused on um making sure that everybody is safe and secure in an end-to-end encrypted zero knowledge format which is really
the core strength is is making sure everything stays zero knowledge um and to thinking about what we are as a as a company and our focus on uh being completely transparent and hosting open source it really is having the right product at the right time for all these companies that are looking for security with the value and vision of open source security for everybody yeah and just touch on bitwood and send how does that fit in so bitwards is very similar totally end-to-end encryption it's a really cool feature it's available in
all of our clients but basically um you are able to upload a file to the bit Warden servers it gets completely encrypted before it goes up there and then you are given a link that includes the decryption key inside of it that you sent to somebody through secure means and then they are able to access download and then decrypt the file locally so again it's still end to end decryption yeah it's really awesome and you can also set up um like additional password security on top of it too so you have to say hey my
password is my last name your Social Security number whatever your next security not really great but um the um you can also say like how many times it can be accessed or read how long it lasts okay so it's a really great way to be secure in sending files to people um one of the examples I like to use as I say working at a big company and you're about to do a product announcement let's say you're apple and you're like Hey we're releasing the iPhone 28.
um hey can you guys over at this studio make us a commercial for it obviously you would send the images to them through hopefully not email so yeah they can they can access it without being uh you know without getting leaked or scooped or anything like that so taking sensitive documents encrypting like that are there any limitations on that in terms of size or right now 500 megabytes uh exactly 500 mix yeah so yeah typically enough for pretty much anything except for maybe video files um that people and what we're looking at
at possibly raising that um you know everything's if you want to go to our community you can go ahead and look at our uh we have community.bitwarden.com view the forums take a look at the different requests that are out there vote for vote for feature requests and see what gets added to the roadmap awesome that's cool hi uh we're nearly out of time I just want to finish off um finishing off like I usually do um 2023 will be no different in terms of asking these questions so I think the problem statement you know we
dealt with and at the start that's pretty self-explanatory um but what are you guys going to do moving forward you touch it a little bit but you know what what does bit Warden look like um in three or four four or five years how are you going to continually to innovate and disrupt the market because you've clearly already disrupted this Market in a great way so you're going to continue that momentum moving forward yeah so the biggest disruption in the market um well I think I've harped on it a
little too much is being open source uh that's really the biggest it's important it's important and and we're the only leading password manager that that's open source with professional support and um that that's I I think that you're going to see more people do that so there's no there's less risk of source code getting leaked or um you know vulnerabilities being found like that so so to us like that that really that started us is still our disruption for the future um finally we really want to have the um
the um the featured the free version we're always going to have a free Veil a version ready for air because we as I said our vision is password security for everybody in the world and nobody gets hacked and you can't do that by putting like critical features behind a paywall um and so so that's really important and of course being a fan favorite and serving the community and making sure we have a really happy user base that recommends us to other people that takes bit Warden to work those are those are
that really is our growth strategy and the our Marketplace disruption brilliant and I can say a lot of that works for me because I'm I'm now a customer so there you go so um well you know that's it I I was really great to talk to you about bit Warden about the company the history why you guys exist and you know what you guys are doing in this market which is super competitive so hey Ryan thanks for that I'll just finish off by saying if you are subscribed or not subscribed anyone needed a show and you'd like to
hear more or feature on future episodes go to jtwjt.com again um again please subscribe and like on any platform again we're on all those major platforms for podcasting and YouTube so with that I'd like to thank Ryan and bit Warden and we will see you next time on great things with great Tech [Music]