Risk Insights
Enterprise organizations can use Risk Insights to review applications with at-risk credentials that are stored within your Bitwarden organization by its members. Using this report, select critical applications and notify organization members that they need to take action on at-risk passwords.
Risk Insights provides easy co-located visibility for admins into which credentials are at-risk, it does not grant administrators direct access to passwords they don't otherwise have access to.
note
Risk Insights does not allow admin visibility into items for which the organization is not the owner. To ensure full visibility into all potential at-risk credentials, Bitwarden recommends activating the Enforce organization data ownership policy so that all data is owned by the organization.
The Risk Insights report lists all applications saved as items within your Bitwarden organization. Each application represents the set of all items with a URI that matches a given web service (for example, the "Atlassian" application may contain 26 "Total passwords", indicating there are 26 items that contain credentials for logging into Atlassian) and contains:
Column | Description |
|---|---|
Application | The name of the application that is at-risk. |
At-risk passwords | The number of passwords associated with the application that are at-risk. |
Total passwords | The total number of passwords associated with the application. |
At-risk members | The number of members who have access to the at-risk passwords associated with the application. |
Total members | The total number of members who have access to the application. |
warning
By surfacing a list of all applications for which organization members have credentials, Risk Insights can also help administrators detect the use of unsanctioned applications as well as those which could be migrated to single sign-on (SSO) authentication through an IdP.
A password is determined to be at-risk if it is weak, exposed, or re-used within the organization. This analysis is done with the same tools used in the Weak passwords report, Exposed passwords report, and Reused passwords report. As is the case for running reports manually, the analysis done by Risk Insights is done locally to preserve zero-knowledge and protect your data integrity and anonymity.
Using Risk Insights, administrators can preemptively assess which applications they want prioritized for members to take action on. The report can be narrowed down from All applications for which there credentials stored within your organization to only those you select as the current Critical applications to take action on.
tip
Marking a distinction between Critical applications and All applications is an important tool for ensuring organization members are encouraged to take quick action on the applications that matter most.
One important function of Risk Insights is the ability to dispatch notifications to members informing them they need to take action on a critical at-risk password. Dispatching these notifications in targeted waves will help prevent member alert fatigue and resultant delays in remediation.
Applications marked critical are those which will have notifications dispatched to organization members informing them that they need to take action on at-risk passwords. To mark applications critical, toggle one or more checkboxes and select select the Mark app as critical button:
Requesting password changes will dispatch notifications to organization members informing them that they need to take action on at-risk passwords. Members will receive notifications both in their email inbox and as a banner in a Bitwarden browser extensions they're logged in to.
tip
Before dispatching your first password change requests, or as part of employee Bitwarden training, we recommend:
Informing members that these emails are legitimate and should not be ignored.
Providing members with [instructions for how to take action on password change requests](link).
To request password changes on all applications currently marked critical, navigate to the Critical applications view and select Request password changes:
As members take action on password change requests, and as credentials are added to your organization for new members and new applications, the contents of this report will change. It is critically important that Risk Insights be treated as a continuous exercise. To update the report, take note of the Data last updated timestamp and select the Refresh button.