Detect password changes

This works well in 1Password

I’ve actually lost the root password to my server once because last-pass didn’t update my password properly. It wasn’t fun spending the whole next day reconfiguring my server from scratch, restoring backups, etc.

EDIT: Not to mention any data loss since the last backup, which would be about 12AM the day prior.

EDIT2: @redquinoa is spot on with password history.

@douglasparker I’m honestly a little mystified that this “password not updated” scenario is seen as unlikely by other users. It’s a nightmare when it happens.

@redquinoa I didn’t start being extra careful with my data / passwords until I got burned. You learn pretty quick once it happens to you, haha.

I’ve definitely had passwords update in LastPass but fail to update on the site for a variety of reasons - including “password too long”(!) and connectivity/server issues. For services that require the old password to update to a new one, this can be quite a problem.

However, more common was that LastPass failed to detect a password change, even after using its generate+populate password feature. My normal workflow was to copy the password before hitting submit so that I could edit manually if needed.

This is non-trivial to detect in all cases, particularly for single page apps - like Discourse here which neither LastPass nor Bitwarden handle successfully.

+1 for this idea. Other PW Managers like LastPass, Enpass, Dashlane all offer this function.

Agreed. I almost lost a password when trying to update a login. The edit function overwrites the old password and if the website doesn’t accept the new one you are hosed. Currently I have to copy paste the new password into an editor until I’m sure the new one is accepted.

This feature should be implemented together with Vault item modification history to prevent accidental overwrite of an old password. This way we can always recover it using the history.

In addition to this, it would be really nice to send an email to the account email whenever a login is detected on a (new) device

This would be great, but it never worked well on Lastpass, I was never sure if it had saved the suggested new password or not. Sometimes I ended up re-resetting the password because something went wrong.

Detecting password changes is tricky. Also in 1Password one has to manually verify changes. Even just storing passwords has to be checked manually as field mappings just aren’t always perfect, understandably.

However, when a password is changed I expect Bitwarden to provide me a prompt to update my vault, preselecting a login but allowing me to select another login or create an entirely new one (on some sites I have multiple accounts, for instance a user account, a ‘john doe’ account and an admin account).

Detecting password changes and storing them requires the password-changes to be stored properly. That’s not implemented in Bitwarden yet (see this feature request ). When something went wrong with a password change while the new password got stored anyway, it should be possible to get back to the previous one easily.

I just cannot justify migration from 1Password to Bitwarden while these two issues aren’t resolved. I’m in no hurry of leaving 1Password as yet, at least not until I am forced to comply with their new and expensive licensing structure. 1 vote for me on this matter.

This is my first post so it may have some newbie anomalies

Password history will improve the update password process but because this is a fundamental function it should be way easier than it is. A variation (or an addition to) password history is to add a New Password box with three actions:

• Generate Generates a new password
• Copy Copies the new password to the clipboard
• Update Copies the new password to the current password

The box could go on the view screen or a new Change Password screen that includes the Current Password box.

It woud be good if the Update icon was red when New Password and Current Password are the same and green when they aren’t

Also, if the right click on the site could include Copy New Password and Copy Current Password

Mark

p.s. an eye to view the new password should be a forth icon. And the generate and copy function could be combined

Detecting password changes has been added to the browser extension for the next version (1.29). It works like this:

If Bitwarden detects a form with exactly 3 password fields on it, we begin to monitor it for submission. If that form is submitted and two of the password fields contain the same value (new password), and the one other field (current password) matches the password for one and only one login in your vault for that website, we then present the “changed password notification” which will update the new password for that login item.

Obviously there are edge cases with some websites that will not meet this strict criteria, but we have to be careful about presenting this notification to users and I think this covers the majority of the use-cases.

We also now have password history starting in 1.29 that can allow a user to recover a lost password if a change password update happens for some incorrect reason and overwrites an existing password.

See screenshot here for a preview:

PzYUz1X.png898×792 32 KB

Update:

We also will detect password changes when logging into the website. If the username matches exactly 1 login already stored in your vault for the given website, but the password does not, the same notification will prompt you to update the password for that login.

This should help catch situations whenever the password change form detection fails and will prompt you on the next time you log into that website with the new password.

Hi,
When will the version 1.29 be available for download?

Thanks

1.29.0 is now available with this feature.

Just got the update, thanks!

Tested it and it works perfect! Thanks!

I was able to figure out how to get to the password history for each item but I don’t think everyone will. Is it possible to add a label that says “Click Here to See” or anything along those lines. It’s not always obvious to click the number.

Closing since this feature is now available.