Best Procedure for Changing a Password?

I’m about to change a lot of passwords. I want to

  1. Copy the old password to the Notes section in Bitwarden
  2. Generate a new password
  3. Fill out the form on the web site, which usually involves entering the old and new passwords.

Have you come up with an ideal procedure (order of steps) for doing this (using the web, extension, or app)?

I’m on Mac OS 13.6.1 (22G313) using Brave.

Try the method I have described here, using the browser extension:

I’m experimenting, and here’s the procedure I’m using, and I’m wondering if there is something better:

  1. Use BW to go to the web site
  2. Use BW extension to log in
  3. Navigate to change password
  4. Use BW extension to fill in existing password
  5. Clear new password field(s)
  6. View item in BW
  7. Choose Edit in the Item dialog
  8. Copy the existing password to the Notes field (optional)
  9. Select Regenerate password
  10. Tap Select
  11. Choose Save
  12. Choose Copy Password
  13. Paste new password into New Password field(s)
  14. Logout and Login again

That’s a lot of steps, and I have over a hundred sites whose passwords need changing.

A feature request: perhaps a button for change password could perform steps 7-12 automatically.

Yes, in my opinion, the method I had linked above is better. I will paste it below, with some minor edits.

First, when you plan to devote some time to changing a large batch of passwords, temporarily extend your Vault Timeout period, as well as your Clipboard clearing interval (if configured); this will prevent time-outs from interfering with your work. In the instructions below, I assume that you have already unlocked your browser extension and navigated to the password change form where you wish to make a password change. I also assume that your vault already contains a stored login item for this website, and that you are using the default URI Match Detection setting (Base Domain).

  1. Open the browser extension, and click the “view” icon next to the item shown at the top of the Tab page (“view” icon looks like a card with three bulleted lines) — this opens the vault item associated with the current website.

  2. Copy the existing password to the clipboard, by clicking the Copy icon next to the password field ().

  3. Click the “Edit” button (upper right corner).

  4. Click the Generate Password icon (:arrows_counterclockwise:) to the right of the password field.

  5. Click “Yes” in response to the “Overwrite Password” warning.

  6. (Optional: If desired, make adjustments to the password generator settings. A good default is to set the password length to 15, with a mix of at least 1 uppercase letter, lowercase letter, number, and special character.)

  7. Click the “Select” button (upper right corner).

  8. Click the “Save” button (upper right corner).

  9. Click the “Auto-fill” button at the bottom of the displayed item information (if you have a large notes section, you may have to scroll down to see the “Auto-fill” button).

  10. On the website’s password change form, the new password should now have been transferred to all password entry fields (including the password confirmation field). If one of the password fields on the form is “Old Password”, then delete the new password from that field and paste in your old password (which you had copied to the clipboard in Step 2 above).

  11. Submit the password change form.

 

It may seem like a long process when written out like this, but the work flow is quite natural, and you’ll get the hang of it quickly. If you get an error (because of the website’s password rules), then you should start over (but skip Step 2 if you have to start over; do not copy the password again, since this would replace the old password that is still in the clipboard). If you should lose the original password from the clipboard, you will be able to retrieve it from Bitwarden’s password history (open the item for viewing, scroll all the way to the bottom, and click on the number shown after “Password history”).

2 Likes

Grb’s system works well.

Here are some tips I’ve learned from changing a lot of passwords:

  1. When you generate a new password, note the last two characters. That way, if you mess up and don’t save or otherwise lose the password you set, you can use the Password History function to find it (it’s not necessarily the last one generated).

  1. You’ll want to choose generation parameters that are accepted by most sites.

  2. Every site has its own non-standard (aargh!) menu structure, so it can be hard to find the place to change your password. Another option is to just choose “Forgot my password” when logging in. That also eliminates steps 8 and 13 in Grb’s protocol.