Hello everyone,
recent information has brought to light that Bitwarden has a really low KDF iteration on cloud-hosted (5,000) and a relatively low default on self-hosted instances (~100,000).
This can easily be changed on the Web UI for the Instance, but be warned – you will be logout out of all devices and sessions once these settings has been changed!
Here is how you do it:
- Log into Bitwarden, here
- Check the upper-right corner, and press the down arrow
- Go to “Account settings”
- Under “Security”
- Onto the Tab for “Keys”
- Enter your Master password and select the KDF algorithm and the KDF iterations.
- For algorithm, I choose PBKDF2 SHA-256 and set my iterations to 500,000
- If the settings fit your requirements, simply press “Change KDF”, remember that pressing this will force you to set up all your devices again
![](https://kleb.dev/wp-content/uploads/2023/03/KDF-1.png)
![](https://kleb.dev/wp-content/uploads/2023/03/KDF-2.png)
If you still had issues, or the guide is not working or just simple found spelling mistake, found a better or even simpler solution, let me know!
Thank you for reading, hopefully it was helpful.
Best regards,
– Kleb/Leon