Automatic Change Password API - BitWarden changes passwords without user interaction

Feature Name - Auto password change

I know this is a long shot because it involves many stakeholders (most are external), but the implementation itself is not. This would be a great step forward in password hygiene and re-securing compromised accounts.

I would like to request to have an API available where, by clicking the option “renovate password”, it would automatically communicate with the associated website, request a password change and attribute one. Since I already don’t know my password, I also don’t need to know what they’ve been changed to, as when a manual change is done.

  • The benefits it brings are an always strong and secure vault, exponential increase in password hygiene, and the ability to quickly and seamlessly re-secure a vault that has potentially been compromised before the hackers are able to brute force even a single password.

I think if this feature were to be developed, it would instantly stand out among the other password managers, and since it would probably become a standard, it would make BitWarden an even bigger pioneer in this space. If we’re already considering websites having /.well-known/change-password, this would be the next natural step in the process, where they would simply add a snippet to include the API.

1 Like

LastPass did have a feature like that for some major sites like Google and Microsoft.
I never used it, and it’s not there anymore. I do not know why…
On the other hand it feels like kind of easy for major sites and webapps.
You know the steps you have to take to change the password. And it could not be that hard to make a script that do all the steps. Then again if the site changes the behavior of the site, you would need to recreate the script.

A script, like you said, only works in a contained environment. An API would allow any website to easily implement the feature and have a password manager quickly change a password without having to go through the web interface. It would also greatly increase the website’s security as, in the event of having a leak of any sort, they could ask their users to change their passwords, which would be only a click away.

Again, this would allow virtually any website to be secure and allow its users to stay safe within a couple of minutes of a target, personal or business, being breached.