Doubt about master password

If the master password is not known to the Bitwarden server, could it also happen that two users choose the same master password?

Best regards

1 Like

I guess it is possible. The chances are low as in playing the lottery; however almost every week someone wins.
If you have doubts about Bitwarden’s security this might be of help: Security FAQs | Bitwarden Help & Support

3 Likes

It wouldn’t matter if two users have the same master password as your master password is salted with your email address and two people can’t sign up for an account with the same email.

3 Likes

This would be a problem everywhere. For any service, the password you choose could be the same as someone else’s. However, this is not an issue because you would need to know the person’s login user name as well.

The longer you make your password, the less likely they will be like another person’s password.

2 Likes

To avoid this or to - even worse - see our passwords on this list we use Bitwarden to create our passwords! :smiley:

He’s talking about master password, so it’s best not to have bitwarden generate one. The password generated would be hard to remember resulting in the lost of an entire vault if you are not careful.

1 Like

Mine is. Just typed it several times per day and after about a week or so (even the fingers) knew it by heart. Wife learned it too. I also have it written in a safe place. But I have to admit that life has become much easier since Bitwarden supports Windows Hello.

My mom can’t seemed to type in her password even she is reading from a piece of paper. I ended up using a yubikey to emit a static password, so she can just press the button and have it type it out. The password is partial, she types out a part that she can remember and the key type out the rest. That way if the key is stolen, they still can’t use it without the other part of the password. By then, I can go and change it before they figure it out.

This is not what I call the most secure of setup, but we have to find a balance between feasibility and security. If I create a master password she can login, it will just be too weak.

For mobile, it’s just fingerprint.

1 Like