✅ Automatic Vault Health alerts

Any ETA as to when this feature will arrive?

Add the ability for Bitwarden users to schedule and/or automate the Reports for:

• Exposed passwords
• Reused passwords
• Weak passwords
• Unsecure websites
• Inactive two-step login
• Data breach

Add an option that allows a cadenced (daily / weekly / monthly / etc.) email digest to be sent to the user with results of the reports.

Add an option to only send an email digest if a report flags something new (e.g. a new two-step opportunity or a breached password).

Dipping into the topic. One feature that is seriously lacking from business/enterprise angle is Org/MSP wide dashboard of:

• Password quality, for instance per registered user (foo.bar@example.com has X weak passwords in their vault)
• Leaked password (foo.bar@example.com has X leaked passwords in their vault)
• Missing MFA (foo.bar@example.com has X logins that are missing MFA)

Currently MSP seems to have per org visibility to secrets stored in collections.

Upon creation, import, or update of a password, automatically trigger the exposed/weak/reused check to halt the creation of insecure passwords. The current process requires a user to manually click the “checkmark” before saving and a vast majority of people do not use this function.

My enterprise organization has migrated from another password solution to Bitwarden. While importing passwords from our previous solution, technicians were unaware that they needed to manually click the “checkmark” to check that password for exposure, weakness, or reuse. We now have a very large collection of passwords on the Exposed, Weak, and Reused reports that will require manual remediation and cleanup.

Proactively protect users from creating weak passwords by automatically checking a new/imported/updated item and populating a notification pop-up to warn users prior to clicking “save.” You could even include a requirement for a user to check a box to override the warning. Include this activity as part of the event logs.

These features are the difference between a true Enterprise product and a commercial version. Large enterprises need to halt insecure activities proactively, not allow a user to create a weak password and offer me a simple report to reactively remediate items.

Hi, any update on this topic?

I did not find anything on the roadmap yet

It’s one of the things I’m looking forward to the most, not only does it make the function more efficient and simple, but it substantially increases the safety of users, who will have a better chance of dealing with leaks.

Another example of this function is the one used by NordPass:

Feature Request: End User Security Centre

Description: We propose the creation of an End User Security Centre within Bitwarden. This feature would provide users with a security score based on the strength and reuse of their passwords. Additionally, it would offer the following functionalities:

1. Password Security Score:

• Users receive a score reflecting the strength and uniqueness of their passwords.
• Scores are calculated based on factors such as password complexity, reuse, and exposure in data breaches.

2. Admin Oversight:

• Administrators can view the security scores of their team members.
• This visibility allows admins to identify users who may need additional training on password security.

3. Dark Web Monitoring:

• Users are alerted if any of their stored email addresses are found on the dark web.
• This feature helps users take immediate action to secure their accounts.

4. Best Practice Tips:

• The Security Centre provides users with tips on creating strong passwords and maintaining good security habits.
• Regular updates and reminders to encourage continuous improvement in security practices.

Benefits:

• Enhances overall security awareness among users.
• Empowers admins to proactively address security weaknesses.
• Provides timely alerts to prevent potential account compromises.
• Encourages best practices in password management.

@goodhead83 I moved your post into this existing feature request to the same topic.

Hi there,
As an admin using the enterprise plan, it would be amazing if the Data Breach Report that’s available for individual accounts could be made available to admins so we can search our verified domains. Look to HIBP for the data I’d look for in terms of the data available across domains and the setup. Even if the reports aren’t weekly but monthly, that would also be great. Right now, if I want to look up an individual’s email address for a breach, it’s a manual process.
Thanks!

Note: I changed the title to refer to all reports. As I understand it, a majority of the posts here – including the OP – wanted this feature for more or less all reports and not only for “data breach”. I think this should be reflected in the title. (and I think it does make sense to “unite” the same request for all reports in this one feature request)

(the previous title was: “Vault Health Dashboard - Data Breach Report should do automatic lookups and alerts”)

Hello,

since 2021 many people are telling you, that you should add a feature, that automatically runs the data breach report. (maybe when opening the vault, after unlocking the bitwarden addon idk, something like this)
This is one of the reasons why people are leaving bitwarden, they need this feature.
I also thought to include bitwarden in my company but without that feature, I can’t really consider it.

This can’t be real, that you need to do this manually each time.

For testing I bought the premium private subscription, because I thought this has been added after 4! years, but no still not even on the roadmap.

Thank you, and I really hope you implement this soon.

@Whompy Welcome to the forum!

I moved your post into this existing feature request to the same topic.

FYI, if it has been less than 30 days, you have the option to contact Customer Support to request a refund.

Feature name

• As a user, when I’m about to login on a website, I see a warning that my password is compromised, weak or reused, so that I know my password needs to be changed on this website

Feature function

• When I’m about to login on a website and I open the BW browser extension or mobile app, I would see a warning icon
• When looking at the details of this id in BW, it would tell me that this password is weak or reused or was breached
• Basically, the intent is to bring the valuable information of BW reports into a place that is very visible: when I’m about to login.
• The BW reports are super valuable, but I need to remember to check them manually. I would like something more in my face!

Related topics + references

• Similar to the warning that Firefox displays when a password has been breached

@narF A belated “welcome” to the forum!

It sounds like your request (for an in-app/in-extension warning icon or banner) is the same as the feature being requested in the topic Vault Health Dashboard - All Reports should do automatic lookups and alerts.

If you agree (or if you do not respond within a week), I will merge your post (and the 3 associated votes) into the other thread. If you believe that your feature request should remain distinct, then please add some clarification as to how your proposal differs from that has been suggested in the other topic.

Update:

@narF, your post has been merged into the existing feature request.

I also would love to see this feature. I just purchased premium expecting it would do this

Should be implemented now in the Browser extensions, according to the release notes. Thanks very much

Vault health alerts and password coaching: As a new feature for Premium plans, browser extensions will now alert users that they should update a password when it’s detected that the password is weak, re-used, or exposed and recommend that they be updated.

Hm, yeah… though it’s limited to passwords (weak / re-used / exposed or breached) – e.g. it doesn’t seem to also be a “breach report” for the used email addresses of all login items.