Hello,
How can I delete all password history?
I couldn’t find the answer anywhere unfortunately and it may have security issue using this software.
Thank you
1 Like
Hey there, there isn’t currently an option to clear password history, but if you export your account and then import, the password history is not exported, so it will be cleared, or you can just generate several passwords to clear the queue for a single item.
Just take care to ensure your vault data is safely backed up before making any changes to the export file.
- Export Vault Data | Bitwarden Help & Support
- Condition a Bitwarden .csv or .json | Bitwarden Help & Support
Can you provide more information on needing the ability to clear the history?
1 Like
Hallo,
there are an option on the firefox extension to clear Password history!
Removal of password history is a security feature that must be present in any password manager.
Any idea if this feature is being worked on?
2 Likes
Please explain the use-case in which leaking the old, inactive passwords for an account is a security issue, while at the same time, leaking the current password for that account is not a security concern?
Both old or current password are a security concern
1 Like
@Wiuto For that use-case (deleting both old and new passwords), may I suggest simply deleting the vault item in question, or using Purge Vault (for clearing all items)?
I am only interested in deleting old password history
1 Like
In that case, I am still interested in hearing your answer to my previous question: “Please explain the use-case in which leaking the old, inactive passwords for an account is a security issue, while at the same time, leaking the current password for that account is not a security concern?”
The only people who could possibly see your old passwords in the password history are individuals who have full access to your vault and are also able to see all of your current passwords. Therefore, I’m having trouble understanding what security benefit could accrue from preventing such an individual from seeing your old passwords while allowing them to see your current passwords.
We use secure notes within our company, combined with PGP encryption. Sometimes people forget the additional PGP encryption and first save the information plain text. In a shared environment that would mean that this info is available. That would be the reason to get rid of these older passwords.
Furthermore, with the recent Lastpass hacks, I would not want to share older passwords. Especially if these are not generated. So would be great if there was a possibility to delete the history
Yes even i wanted to delete my old password but was to find…
@AlexvdBaan Thank you for attempting to answer my question about the use-case for deleting the password history. Unfortunately, I do not fully understand your response. I gather that your concern is related to shared credentials that exist in one or more collections of your organization. However, you refer to secure notes which do not store a password history — therefore, there would be no password history to delete from those items.
You also refer to the Lastpass breach, from which I infer that you have some concern that your organization vault may be compromised in the future. You can effectively defend against this possibility by using strong master passwords (in which case a stolen vault will be uncrackable), but in the unlikely event that an attacker successfully gains access to your vault contents — what is the reason that you are more concerned with the attacker having access to old, inactive passwords than with their access to current, actively used passwords?
@corrin Welcome to the forum!
I am not sure if you have read all the comments in this thread, but two workaround options were described in a previous comment.
In addition, no one in this thread has yet been able to clearly explain the reason for wanting to clear the password history, so if you have an explanation for your use-case, it would be helpful if you could share it.
Hello, the reason is really simple and not complex at all to understand.
We don’t want to share older passwords and we want to delete them forever.
Because some people can manually generate password and the way they do it can can show the logic in generating those password.
Apparently Bitwarden is not willing to add this option
Thank you for providing some information about the reason for your interest in this feature. Let me see if I have understood:
-
Your organization has at least one naïve user (whom I will refer to as “N.U.” in what follows), who has the bad habit of manually entering deterministic (non-random) passwords for all login items that they create (instead of using Bitwarden’s password generator to create a unique, random password).
-
This user (“N.U.”) has editing permissions for at least one shared collection in the organization, and regularly creates new login items in the shared collection.
-
As a manager/administrator/owner of one (or more) of these collections, you have to frequently update the shared credentials that were created by “N.U.”, and change the manually created, deterministic password to a secure, randomly generated password. Doing so causes the original password to be stored in the password history.
-
However, because “N.U.” also uses the same deterministic password scheme for the private passwords in their personal collection, it is hypothetically possible for other users in your organization to access the private (non-shared) accounts belonging to “N.U.”, simply by following the deterministic pattern that can be observed in the shared passwords that had been created by N.U. for the organization (which other users are able to view in the password history).
-
Thus, to protect the private accounts belonging to “N.U.” from being compromised by unscrupulous members of your organization, you would like the option to purge the password history from any shared vault items that were created by “N.U.”.
As you can see, I had to fill in a lot of blanks to make sense of the “really simple” scenario that you had described. Does the above accurately capture your use-case? Perhaps I’ve misunderstood some details, or made some assumptions that are inaccurate — if so please provide a more detailed description of your use-case.
You can make a feature request. Feature requests are usually more successful if the use-case scenarios are well-described and make sense.
I replied on the feature request on this post Being able to delete password history people can vote
2 Likes
Use case for deleting password history for a particular entry:
In an organization, i clone my entry for a new user account on a website where i’m the admin, then i share it. Now it has my password in the history and a savvy user could get the admin password
3 Likes