The Vault
Note: This document is a draft because a policy for adding new people to the Vault remains to be decided. When a policy is decided then this will need updating below (marked with PLEASE FIX).
The Vault is a password manager hosted by XR. It is a place for rebels to securely store the passwords to their online accounts.
Having a password manager is the #1 thing that you can do to secure yourself online, so we really recommend using it!
What is a password manager?
A password manager is a tool that lets you store all of your passwords together in a safe place.
Instead of having to remember hundreds of passwords for all of the accounts you've created over the years, you only need to remember one: the (super-secure) master password to your password vault.
Not having to remember the passwords for all of your accounts then means that the passwords you use for websites can be really secure and nearly impossible for a hacker to guess (e.g. cj*XknvKPgg9b5).
Password managers can also be useful for storing secure notes (e.g. the code to unlock your bike padlock).
How do I join the Vault?
To join the Vault you need to do the following things:
-
Vault accounts are provided to any group on the Hub who asks for one.
- If your group doesn't have one, get your Group Admin to ask Digital Discussions Applications team on Mattermost (tell us which group it is for, please). A vault organisation will be created for your group, and the can then invite others to share collections of passwords in that organisation.
- If your group already has an account, just get the group admin of your group to send you an invite to your group's organisation in the Vault.
-
Check your emails. You should have received an email that looks like this:
Click on Join Organization Now.
-
You will then see a screen that looks like this:
Click on Create account. This will take you to a screen that looks like this:
Fill in the fields with your email address, name (an alias is fine) and master password then click Submit.
Important: Put some thought into what your master password should be. It should be really hard to guess (the Vault will tell you whether or not it thinks it is a strong password or not) and you shouldn't use this password anywhere else.*
You have now created an account on the Vault and can begin to use it to store your passwords. However, if you want access to the passwords shared by your group you need to do an additional step:
-
From the Vault homepage click on Settings at the top of the page (circled in red).
-
Under the My Account section note down your account's fingerprint phrase. This will be a string of five random English words (e.g.
alligator-transfer-laziness-macaroni-blue).
-
Send this fingerprint phrase to your group admin. This will help them to identify you and give you access to the group's passwords.
How do I use the Vault?
If you want to use the Vault on a mobile phone please refer to the page Accessing the Tools Using a Smartphone or Tablet.
By far the most straightforward way to use the Vault on your computer is by using a browser extension. To install one of these you should do the following:
- Go to the Download part of the Bitwarden website and scroll down to the Web Browser section:
-
Click on the browser that you are using and install the extension.
-
You should now see a small shield icon at the top-right of the browser window:
If you click on this the following screen should pop up:
Click on the gear icon in the top-left corner (circled in red).
-
Under SELF-HOSTED ENVIRONMENT, set the Server URL field to
https://vault.extinctionrebellion.ukand click Save.
-
Click Log in, enter your email address and master password and then click Log in (top-right corner).
Adding new passwords
To add new passwords to the Vault for either new or existing accounts you need to do the following:
-
Click on the small shield icon at the top right of your browser window:
-
You should see a screen that looks something like this (without the black squares):
-
Click on the + icon in the top-right corner (circled in red). You will then see:
-
Enter your username and password. If you want to generate a random secure password to use (strongly recommended!) then click on the generate password icon (circled in red).
-
Click Save (top-right).
Filling existing passwords
To access the information in the Vault when you want to log in to a website you should:
-
Click on the small shield icon at the top right of your browser window:
-
You will now see a screen that looks like this:
-
If the correct account appears under LOGINS then click on it and the username and password fields on the website page should automatically be filled.
If the account is not there then you will need to search for it in the search bar (circled in red). Once you have found the correct account you will have to copy and paste the username and password into the website.
Accessing your password history
Sometimes you can generate a long, complicated password and then forget to save it to the Vault. To retrieve the password you should:
-
Click on the small shield icon at the top right of your browser window:
-
Click on Generator (circled in red):
-
Click Password History to access previously generated passwords.
Sharing passwords
All this is documented in Get Started with Organizations in the Bitwarden docs. Be aware that our Vault is a self-hosted installation, and there are no charges for using it - always use our Vault, rather than the commercial Bitwarden one.
Removing access
The group owners can remove someone's access to the group, or change what collections they have access to. Just go to the group, and click Manage, People.
If someone loses their phone, gets arrested, or has their devices compromised, you should remove their access as soon as possible.
What to do if someone leaves your group
If the person has had access to important passwords, you should assume they have a copy of them. So, as well as removing them from your group on the Vault, you should also CHANGE ALL THE PASSWORDS they had access to.