Feature Request: "Flash Point" Password Expiration Tool

Feature Requests Password Manager
, ,
1

Feature Request: “Flash Point” Password Expiration Tool

Summary

“Flash Point” is a paranoid security feature designed for damage control after a security breach. It allows users to flag certain passwords (or entire folders) for mandatory updates, with a timestamp showing when the status was applied. This ensures users are reminded to rotate passwords when necessary.

Use Case

Imagine you suspect a partial or full compromise (e.g., leaked credentials, lost device, breached service). Instead of manually tracking which passwords need updates, you can activate Flash Point to highlight all affected credentials and set reminders for immediate action.

Key Features

  • Flash Point Status for Passwords & Folders
    • Users can manually mark individual credentials or entire folders as “Flash Point.”
    • A timestamp (YYYY-MM-DD) records when the status was applied.
    • The date can be edited, but it will always show when the Flash Point was first initiated.
  • Reminders & Notifications
    • Bitwarden reminds users to update Flash Point passwords after a set interval (e.g., 30, 60, 90 days).
    • Optional push/email alerts for approaching deadlines.
  • Bulk Actions for Crisis Management
    • Affected users can reset all Flash Point passwords at once after a confirmed breach.
    • Companies can enforce organization-wide Flash Point resets.
  • Clear UI Indicators
    • Flash Point passwords have a visible warning (e.g., red icon, special tag, or dashboard alert) when used.
    • Sorting/filtering options to view affected credentials quickly.

Why This Feature Matters

:white_check_mark: Damage Control – Helps users react fast after a security breach.
:white_check_mark: Prevention (if automated) – Can serve as a periodic password rotation tool.
:white_check_mark: Customizable & Flexible – Users decide what to mark and when to reset.
:white_check_mark: Enterprise & Individual Use – Useful for personal security as well as IT security policies.

Would love to hear feedback from the community—do you think this would improve Bitwarden’s security approach?

Bad Effects

:warning: Anxiety & Panic – Non-tech users may panic when they see a “change everything now” alert.
:warning: Overuse & Fatigue – If triggered too often, users might start ignoring it (like cookie banners).
:warning: Lockout Risk – If users don’t update passwords quickly, they could lose access to accounts.
:warning: False Alarms – If it triggers incorrectly, users could waste time changing secure passwords unnecessarily.