Add "view password" and pop up confirmation when changing master password

Feature name

Add “view password” and pop up confirmation when changing master password

Feature function

Since Master Password is very important, confirmation pop up and view password toggle to make sure no typo would be helpful

As I recently changed my Master password and exported my vault, i noticed that all Masterpassword fields in the Web Vault do not have the “Eye”-Icon to reveal the password, which is a potential source for Typos if i cannot double-check what i entered.

Good callout @Tomster! I’ll have to research to see if this was intentional or not.

Update - captured as a to-do. Thanks for the request!

2 Likes

The view password eye to see what your typing is there when you just create an entry from within the app but when you use the + symbol to add an entry directly from an app or website the view password eye is missing so you can not see exactly what you’re typing while you create the entry. Please add this.

This will be addressed in the next release :slight_smile:

I think this would be a great feature!

Has this been changed yet? as I don’t see a way to see the new password :grimacing: I’m paranoid that I will enter something different.

Evidently, this has not yet been implemented for the master password change form.

As a work-around of sorts, you can create a vault item in your browser extension, which uses two custom fields with the names newMasterPassword and masterPasswordRetype, respectively, with the values of both set to the new master password. Set the URI to https://vault.bitwarden.com/#/settings/security/change-password, and URI matching to “Exact”. A screenshot is shown below. Now, you should be able to auto-fill Bitwarden’s master password change form after viewing the new master password that you entered into the two custom fields.

1 Like

@grb I will give that a go thanks. Is that safer than typing the new password in word and copying and pasting it into Bitwarden.

You would of thought that Bitwarden would of made it so you could see it, seeing as when you first sign up you can see the password you are typing.

Placing sensitive information in the system clipboard is generally considered somewhat risky.

1 Like

Yes for three reasons:

  1. The clipboard is not a great place for passwords, as other apps on your PC can see it.
  2. Word creates backup files, so a copy of your password may linger on the PC.
  3. Word does weird character transformations at times (e.g. changing regular ASCII quotes to 66-99 quotes), which can result in you not setting what you think you did.

Using notepad is better, but even better is storing it in Bitwarden, as @grc suggested.

1 Like

This worked perfectly :+1:

2 Likes

Bitwarden should allow us to reveal the password when we are changing our master password. This would avoid typos and be a lifesaver in case you make the same typo twice. Your master password is everything in Bitwarden. I cannot believe this has not been implemented by now after all these years. Every other password manager allows this.

@Running_Reptile Welcome to the forum!

I moved your post into an existing feature request. To support this request, scroll to the top of the thread, and click the Vote button.

Also, until something like this is implemented, a work-around has been suggested here:

Other than word, are any apps able to retain data even after clipboard is cleared? If so, what needs to be done to delete that data - restart computer?

If an app has scraped your password from the system clipboard, it can do anything it want with that information — save it on disk, transmit it to a server database, etc. It won’t matter if you clear the clipboard or reboot your computer after the nosey app has obtained a copy of the clipboard contents.

Your only surefire defense is to completely avoid using Copy/Paste for sensitive information.

Even the tab-capable version of Windows notepad can retain data over a reboot. In that case, the trick is to close the tab instead of quitting the app.

There are times when one needs to copy/paste sensitive data, but when possible one should use other techniques such as drag-and-drop, auto-fill, and when it becomes available for local apps, auto-type.