I forgot master password but have access to vault through chrome extention and I can use all features through the extention which do not need master password.
Is it possible to retrieve or reset my master password through the extension?
@yahiadal Hi!
I think your situation is more or less the same as in this post: Change password without knowing the Master one so please follow the advice given there.
Thanks for your reply.
I saw the link you pointed to but was not helpful for my case.
What i did is that: I found an old export file from bitwaurden.I imported it to chrome password manager.I updated the passwords which were changed by getting them from bitw into chrome pass manager which I am using now to test everything is ok where then I export the passwords from chrome and import them to newly created bitw account(to be done later)
Okay, but to repeat it here for other readers - in the link, there was an answer to your initial question (“Is it possible to retrieve or reset my master password through the extension?”), which is: no, you can’t change or “retrieve” the master password without having your current one…
Sounds good!
Be sure to watch out for everything you have in your vault, like additional notes in your login items, all other item types, attachments if you have any, … I guess passkeys in your vault can’t be retrieved…
For your new account: make an emergency sheet with your master password, 2FA recovery code etc. on it.
And I guess you already know, that you can delete your old Bitwarden account afterwards. You only need access to the email address for that, not the master password.
Thank you for your advises.
Best regards.
This. An emergency sheet is the only way to recover a Master Password.
@yahiadal Welcome to the forum!
If you don’t have a recent export, there is a way to export your vault data from the unlocked browser extension (bypassing the master password prompt). Let us know if you need assistance with this.
If you have a Premium account, then enter the expression >attachments:*
into the search bar, and download any file attachments that are found.
Importantly, after downloading all file attachments, to prevent losing your current vault data (in case you are going to attempt to create an updated export),you need to disconnect the device from the internet, and do not log out of your browser extension.
I do need assistance with this.
Thanks
Try the following procedure (which I’ve tested for version 2024.6.2 of the Chrome browser extension; minor adjustments may be necessary for other versions):
-
Open and unlock the browser extension, and then use the pop-out button to open the browser extension in a floating browser window.
-
With the floating browser extension window in focus, press F12 to open the DevTools window.
-
In the DevTools window, select the Sources tab in the top navigation menu, then use the left-hand navigation tree to navigate to
webpack://
→libs
→tools/export/vault-export
→vault-export-ui/src/components
→export.component.ts
, and click on theexport.component.ts
file to view its source code. -
Scroll to Line 251 (
const userVerified = await this.verifyUser();
) of the source code, and left-click once on the line number (251
) in the left column to set a breakpoint. The line number should be highlighted as shown in the screenshot below:
-
Go back to the floating browser extension window, and press F5 to refresh the window contents.
-
In the floating browser extension window, go to Settings → Vault → Export vault.
-
Set the File Format to
.json
, and click the Submit button in the upper right corner. If you prefer, you could also select the.json (Encrypted)
file format, but only if you specify the Password-Protected Export Type when you get to the next screen. -
As you proceed with the export, you will see the notice “Paused” in the browser extension window, and the DevTools window will pop up into the foreground.
-
In the DevTools window, select the Console tab in the top navigation menu, and at the
>
prompt in the console, typethis.doExport()
(lowercase, except for the capitalE
), then hit Enter. -
In the DevTools window, select the Sources tab in the top navigation menu, and then press F8 to resume code execution. Alternatively, you can also press the “play” button in the DevTools window or in the floating browser extension window.
-
At this point, the export should be created in your Downloads folder (you should see a new file with a name like
bitwarden_export_20240725183559
there), or the browser may prompt you for a location to save the file.
Let me know how it goes.
P.S. There used to be a much simpler method, as explained by @Quexten in this Reddit comment, but it doesn’t seem to work anymore.
It works like a charm.I was able to get a json backup.I’ll proceed to cancel my old account and open a new one then import the exported data.
Thank you very much
You’re welcome, glad it worked for you! Don’t forget to download your file attachments before deleting your old account (if you have any), since attached files are not included in the .json
export.
Actually, the previous method does work when you don’t refresh the page after execution and just enter a random password when prompted (or at least it seems to work for me).
Maybe I just haven’t updated my Bitwarden client
After further testing, I see that the “short” method does still work in Chrome (at least in version 2024.6.2), but I am unable to make it work in Edge (also version 2024.6.2), or in Firefox (version 2024.6.3). Hoping that @Quexten will see this and have some time to clarify.
Works in Firefox in 2024.7.1 Web for me. Is this specifically about the browser extension (Firefox/Edge, i.e Manifest v2?), if so where are you injecting the script?
Edit: @grb In firefox / edge, if you inject it in the background context instead of in the popup context of the extension, it still works.
Would you mind briefly explaining how to switch the context from foreground to background when injecting the new definition for compareAndUpdateKeyHash
?
Ah, sorry about that. The extensions have multiple contexts, the foreground “popup” when you have the extension open. You access this by hitting f12 or right-click + inspect. And the background (either a background page in manifestv2, or a service worker in manifest v3) that you get access to if you go to about:debugging, and then navigate to the extensions and click inspect for the bitwarden extension.
For context, in manifest v2, these share a lot of services/objects, which has caused some memory issues and bugs in the past. In manifest v3, foreground and background have to communicate with each other through a defined communication interface. Some services, such as the cryptoService are duplicated. I did not debug it thoroughly but it seems that for manifestv2 for checking the password hash, this gets routed to the background crypto service.
Thank you, that worked great in Firefox (I assume that Edge and other Mv2 browsers can be handled in the same way).