The Vault

The Vault is a password manager hosted by XR. It is a place for rebels to securely store the passwords to their online accounts.

What is a password manager?

A password manager is a tool that lets you store all of your passwords together in a safe place. Browsers such as Firefox have this facility. It allows you to generate and securely store passwords that are very strong (e.g. cj*XknvKPgg9b5) because they are not guessable but you don't have to remember them. Instead, you have to know the one master password to access them. This makes life easier for you and much harder for hackers.

You can store lots of passwords, even ones you created years ago if you wish. And you can also store other codes like bike locks and notes you don't want to lose or leave lying around.

How do I join the Vault?

Ask your XR group's Group Admin to send you an invite to your group's organisation in the Vault. If your group doesn't yet have an organisation see here

  1. Check your emails. You should have received an email: invite-email.png

  2. Click on Join Organization Now.

You will see: joining.png

  1. Click on Create account

You will see:
Screenshot_2021-03-24-Create-account-Bitwarden-Web-Vault.png

Fill in your email address and name (an alias is fine)

It is important to choose a master password that is really hard to guess (the Vault will tell you whether it is a strong password or not) and you shouldn't use this password anywhere else.

Type your master password then click **Submit**.

You have now created an account on the Vault and can begin to use it to store your passwords.

If you want access to the passwords shared by your group you need to do an additional step:

  1. From the Vault homepage click on Settings at the top of the page (circled in red).

    image13.png

  2. Under the My Account section note down your account's fingerprint phrase. This will be a string of five random English words (e.g. alligator-transfer-laziness-macaroni-blue).

    image903.png

  3. Send this fingerprint phrase to your group admin. This will help them to identify you and give you access to the group's passwords.

What if my XR group isn't already using the Vault?

If you want your group to be able to use the Vault, have your group's Secretary, Internal Coordinator, External Coordinator or Group Admin get in touch with the Digital Discussions Applications Team using this forum topic. They can then create the Vault organisation and give you access so you can begin sharing passwords within your group.

How do I use the Vault?

If you want to use the Vault on a mobile phone please refer to the page Accessing the Tools Using a Smartphone or Tablet.

The most straightforward way to use the Vault on your computer is by using a browser extension. To install one of these:

  1. Go to the Download part of the Bitwarden website and scroll down to the Web Browser section:

rMcwebbrowserext.png

  1. Click on the browser that you are using and install the extension.

  2. You should now see a small shield icon at the top-right of the browser window:

    smallericon.png

    If you click on this the following screen should pop up:

    path837.png

    Click on the gear icon in the top-left corner (circled in red).

  3. Under SELF-HOSTED ENVIRONMENT, set the Server URL field to https://vault.extinctionrebellion.uk and click Save.

    Screenshot-from-2021-04-28-11-56-25.png

  4. Click Log in, enter your email address and master password and then click Log in (top-right corner).

Adding new passwords

To add new passwords to the Vault for either new or existing accounts:

  1. Click on the small shield icon at the top right of your browser window:

    smallericon.png

  2. You should see a screen like this (without the black squares):

    path841.png

  3. Click on the + icon in the top-right corner (circled in red). You will see:

    path837.png

  4. Enter your username and password. If you want to generate a random secure password (strongly recommended!), click on the generate password icon circled in red.

  5. Click Save (top-right).

Filling existing passwords

To access the information in the Vault when you want to log in to a website:

  1. Click on the small shield icon at the top right of your browser window:

    smallericon.png

  2. You will now see a screen like this:

    path8423.png

  3. If the correct account appears under LOGINS then click on it and the username and password fields on the website page should automatically be filled.

    If the account is not there then you will need to search for it in the search bar circled in red. Once you have found the correct account you will have to copy and paste the username and password into the website.

Accessing your password history

If you generate a password and forget to save it to the Vault, you can retrieve it:

  1. Click on the small shield icon at the top right of your browser window:

    smallericon.png

  2. Click on Generator (circled in red):

    rqOpath8423.png

  3. Click Password History to access previously generated passwords.

Sharing passwords

You can only share passwords you create within your Organisation in the Vault. The passwords within your organisation can be assigned to Collections, and you can share collections with other people. You have total control over who can see, edit, etc. which collection, and who can invite others.

All this is documented in Get Started with Organizations in the Bitwarden docs. Be aware that our Vault is a self-hosted installation, and there are no charges for using it - always use our Vault, rather than the commercial Bitwarden one.

Removing access

If someone loses their phone, gets arrested, or has their devices compromised, you should remove their access as soon as possible.

The group owners can remove someone's access to the group, or change which collections they have access to, by going to the group, and clicking Manage, People.

What to do if someone leaves your group

If the person has had access to important passwords, you should assume they have a copy of them. So, as well as removing them from your group on the Vault, you should also CHANGE ALL THE PASSWORDS they had access to.

Where else can I find information?