It is certainly possible to delete your old account, and even to transfer your Premium subscription credit to your new account. There is even a self-serve link for deletion of personal accounts (that can be used without logging in). However, you will need to get assistance from Support to delete an organization vault for which you no longer have access to the admin account, and to transfer your Premium subscription.
That is disappointing, indeed. Did you ask them to do what I had suggested above?
Further, I would suggest asking them if they are able to review the PITR transactions for your account and check how many times there were changes to the stored master password hash and protected user key in the past seven days.
If they haven’t checked this, then they don’t really have any basis to conclude that “you are entering the wrong password”.
Sadly, welcome to “the club”. Those of us who continually drum on “backups and contingency plans” tend to have also gained admittance via the school of hard knocks. The one good thing that came out of my knock is that I will always have a backup, even if somewhat dated.
No need to lose that $10 (or fraction thereof). Create a new account and then have support move the premium license from the old to new account before deleting the old one.
Got confirmation that there are no master password changes to my account. I am a little confused what this means now but I still requested a restoration.
This means that your master password should be the same now as it has been in the past 7 days. Since your new email address has been confirmed to be correct, there are only two possibilities:
You are entering the wrong password (or email address) when logging in, or your device is mangling some of the entered characters (for example, by automatically changing quotation marks from " to “), or you have selected the wrong server.
Somehow, the master password hash stored on Bitwarden’s servers was corrupted when you changed you email address.
In most cases of failed logins, the culprit would be #1. Thus, you are going to have to convince the Support rep that this is not so for your case, by laying out as much evidence as you can.
Have you ever changed your master password since you first registered for your Bitwarden account? If not, that should be a point in your favor (IMO); if yes, the time elapsed since the most recent password change could be considered. How often do you type out your master password? You said before that you “type it in several times a day”, which is the main reason that I personally are giving you the benefit of the doubt; if you can quantify this more (e.g., “at least 3–4 times a day, 7 days of the week”), that might make a more convincing argument. Do you have an emergency sheet? That would also be strong evidence that you are not typing the wrong password (unless you’ve changed your master password and neglected to update your emergency sheet).
P.S. Bitwarden used to have an “interactive cryptography” tool (archived here), which was helpful to troubleshoot these types of issues. However, you won’t be able to use it if your KDF settings were changed to use Argon2id instead of PBKDF2, and even if not, you’d have to modify some of the script code to match recent changes to Bitwarden’s hashing algorithms. I bring this up because there is a remote possibility that you could prove that when computing the master password hash using your master password (the one you’ve been trying) and your old email address, the computed hash would match the old hash that is captured in Bitwarden’s PITR logs. If the Support team is able to confirm this, it would/should prove that the new master password hash is corrupted.
Aye, the fact that I typed in my master password to make the e-mail change, then wanting to login again maybe 30 seconds later (since you automatically get logged out) and the password does not work anymore - I think this is a very strong case to believe me, haha.
I tried it on 5 different devices so I don’t expect there to be some input, network or something else error.
My last master password change was at least a year back, if not longer.
Part of 3 networks. My main internet which directly connected to my PC, my mobile phone (in that case not connected via WIFI to my main internet of course), a tablet and a Surface device. I also gave it a shot on my partners mobile phone which even has a different provider.
Since I am still waiting for support to answer, I came to think of it.
How can I make sure such thing never happens again? And to what end does the emergency sheet help me (I created one for the new account) in trying to recover my account? Is the only option a hardware key? And even then, would the hardware key still work with corrupted data?
Emergency sheets can help in the case of forgetting the master password, needing the 2FA recovery code etc. (–> human memory is not reliable, you could have an accident resulting in memory loss…). It also can help your loved ones to get access, in case you can’t access Bitwarden yourself temporarily or indefinitely. (“digital legacy”)
You would have to specify what you mean by “can help a hardware key”. You can use a hardware security key both for 2FA (FIDO2-“passkey”-2FA) and for “login-with-passkey”.
The former is the most secure form of 2FA for Bitwarden - but it still needs the master password also for logging in. And the latter (“login-with-passkey”) can log you in without a master password (when it’s set up with encryption), but it still doesn’t replace the master password entirely at the moment. (hence, e.g. this feature request: Options to allow Passkeys to authorize actions and account/security changes protected by Master Password)
And though, both are great options in general (and hopefully will get expanded capabilties), both wouldn’t help if your vault gets corrupted. [PS/Edit: Though it might have make it possible to at least still be able to login to the web vault – see this comment from @grb for the explanation.] (emergency access wouldn’t help in that case either, I think)
Aye, good advice. Got already emergency sheets and backups for both of us.
Getting a bit anxious about my request as it’s now only 1 day and a few hours left as @grb mentioned. I know timezones and all that but I haven’t heard from support since Wednesday.
I think that setting up one or more hardware keys for Login with Passkey (with encryption enabled) would have helped you in this situation, because (to my knowledge) the authentication and decryption processes that occur during Login with Passkey are independent of those that occur during Login with Master Password. Thus, even if the Master Password Hash becomes corrupted, you should still be able to log in using the hardware key.
Great news! The bitwarden support team restored my account to the old E-Mail/Login/state and I instantly could log in again and make a backup. I then imported all the changed passwords/accounts from the newly created bitwarden account and made a backup again. I then was holding my breath, changed the E-Mail again to the desired one and - this time it did work!
That was quiet the emotional ride and was doubting myself a little bit - still curious what happened. I will try my best that all of that never happens again with regular backups, security sheets and emergency access.
Thank you everyone who helped and wasn’t doubting me! Especially thanks to @grb@marlin@Nail1684 and the official support team!