I was asked to help my wife finding a password. (see also Ergonomics in feature request forum). She appeared not 100% sure that the password was present in the Bitwarden extension or in Chrome itself.
after trying a lot, we settled to first get a fresh password for Bitwarden, and then the one for her website.
We first wrote down a new password, and then welt to vault.bitwarden.com to to use that for Bitwarden. Defining the new password went well, but it was not suitable to access the vault in the browser-extension, in the local app nor in the browser extension. we waited the advised one hour, but no dice…
What could have happened while we were trying? and given the fact that she relies only on her strong memory on how to work with computers, but does not realy know how things are interrelated: What irrational things can she have done before she finally gave up?
On the first page of the login screen, at the bottom, there is an option to select a server (bitwarden.com or bitwarden.eu). Please make sure that you have selected the correct one (i.e., if your wife’s account exists on vault.bitwarden.com, then you must select bitwarden.com as the server for logging in to the browser extension, desktop app, or mobile app).
See documentation for more information (and screenshots):
Your message was the first time I ever heard of the existence of the European server. I never felt the necessity to search for more info than what I got to steer me through the installation and moving passwords from another manager to Bitwarden
This morning I have read everything related to this subject in the documentation.
I failed to see how I can know for sure on which server my or my wife’s vault lives: .com or .eu.
Search for various confirmation emails or verification emails from Bitwarden, which should contain this information.
Log in to the web vaults for both servers (vault.bitwarden.com and vault.bitwarden.eu. You should only be able to log on to web vault on the server where the account exists.
Attempt to sign up for a duplicate account on each server (bitwarden.com or bitwarden.eu) using the same email address that your wife already uses for her Bitwarden account. If the account already exists, then you will get an error; on the other hand, if you are able to successfully create an account on one of the servers, then you should immediately delete that account (to avoid confusion).
When you are still logged in somewhere, I think all apps show something like this (which now is from the browser extension → when you click on your profile symbol)
Or by logging in to the web vault (or any BW client) you can confirm where your account is located. The two BW server regions are separate and not interchangeable – meaning: with an account that was created on the US/.com server region, you can only log in to that US/.com server region… and login to the other server region (EU/.eu) will fail.
I found it after long searching. Definitely Bitwarden.COM, not EU.
As a test I started to try and login for changing my own Bitwarden Main Password on my own machine.
First I logged in to the local vault, made the password visible .
Next logged in to Bitwarden.com, making sure I completed the right email-account , and comparing the two versions of the password, on the screen. They were equal.
But access was denied because of incorrect main password. That means my wife is not allone or to blame…
For us to be able to help you, we need to communicate using unambiguous terminology (in the language of your choice).
What does “local vault” mean to you? Are you perhaps referring to one of the client apps (Desktop app, mobile app, or browser extension)? If you cannot clearly explain it, please post a screenshot, so that we can understand what you are talking about.
Also, I have a suspicion that you may not appreciate that there is an important difference between the terms “Log in” and “Unlock” — and that you may be incorrectly using the term “log in” to refer to unlocking. When you see a button below the password input field, does the button label say Unlock or Log in with master password? Again, posting a screenshot would help clarify some of this ambiguity.
Where and how did you make “the password visible”? Are you referring to a Bitwarden vault item where this password is stored, or are you referring to the password field on the login form?
Using the “Log in” link on the https://bitwarden.com/ site simply redirects you to the US-based Web Vault (vault.bitwarden.com). But please explain exactly where you were seeing the passwords. If you’re talking about the login form for accessing your Bitwarden account, then the master password that you see should match what you have typed — thus, I don’t understand what your test was supposed to prove.
You said that you changed your Bitwarden master password. Where you entering the new password or the old password?
I indeed meant unlocking the vault in the Firefox Browser’s Bitwarden extension.
Typing the password yields a lot of black dots. clicking on the eye next to the password makes it readable. I do that often, because I am a poor typist.
I had missed the redirection. But in Bitwarden.vault I tried to unlock the vault the same way as in the browser, and compared the two versions of the password. They were equal.
In the browser the password was accepted, and I entered the vault.
On vault.bitwarden.com the same long existing password was rejected and I could not enter the vault nor change the password (which I was not intending to do. I just wanted to test the usability of the password on the site. I knew the browser client would accept it.)
Great! Now, while the Firefox browser extension window is still open, please click on the colored circle (with your initials) in the top right corner of the browser extension:
You should now see a screen titled “Account Actions”, as shown in the screenshot below. Please carefully examine what is displayed in the row of gray text that is between your username and the green “active” label:
It reads Bitwarden.com, like I knew from the test in the contribution by Nail1684.
But there is more
I focused so much on possible errors in the long password, that I saw only half an hour go, that I has misspelled the emailaddress. As usual, the answering software then can not specify whether the address or the password is wrong: just that the combination is wrong. So far my Bitwarden
Some earlier I found a piece of paper on which my wife had scribbled some possible forms of her former password. Trying those, I varied some easy misspelling variants and lo and behold, also her Bitwarden obeyed to our keyboard.
Sorry for the time wasted on these non-problems.
Thanks for learning me to think logically. Using your methods might work for me to teach my wife how to use computers.
You should do a few things to protect yourselves in the future:
In the browser extension Settings, under “Account Security”, set the Timeout Action to “Lock”, and set a timeout period that is relatively short. For convenience, you may want to consider enabling the options to unlock with biometrics and/or a PIN. The initial configuration of biometric unlock can be a little complicated (although we can help you with this), but once set up, it will make for a secure and convenient way to access your passwords.
If you have not already done so, configure your Bitwarden accounts to require Two-Step Login using any method other than email codes; make sure to obtain your two-step login recovery code, and record it in a secure location (e.g., your Emergency Sheet; see last bullet point).
On a regular basis, create backups of your vault contents. The easiest and most secure way to do this is to create individual vault exports using the format .json (Encrypted), specifying the Export Type to be “Password Protected” (not “Account Restricted”), and recording the file password in safe location (e.g., your Emergency Sheet; see next bullet point).
Create an Emergency Sheet and store it securely (ideally, also create at least one copy to store in a different location, in case of fire or other catastrophic loss). At a minimum, the sheet should include the server URL, the username (email address), master password, and two-step login recovery code for both of your accounts, as well as the file password(s) for your vault exports (backups).
