With recent data breaches, I think it might be a good idea to be able to generate and save new passwords for all accounts with one click.
How would the user manage that?
You have to update each password one-by-one on their individual sites. Clobbering all of your passwords at once (one unique password for each login) could be very bad.
No password manager update passwords on the sites automatically, it just stores them for the user in the web vault.
I’ve been looking around for an automatic password changer feature on Password Managers as part of the great LastPass exodus.
LastPass had a feature to have an auto password change for each individual password, and LogMeOnce has the option (in premium) for automatically changing ALL passwords. Would LOVE to see that added to Bitwarden.
Description from LogMeOnce:
" Automatic Password Changer : Even if hackers could gain access to an encrypted password by brute-force attack, it would typically take about 40 days for them to crack a 15-character password. Longer passwords would take longer. So, changing your passwords every 30 days would render any brute-forced password useless. But who has the time to change individual passwords every month!? The LogmeOnce Auto Password Changer saves you time. It’s that simple. As shown on this page, you can click individual accounts on the left-hand column or check them all. Then click on the big green button “Change All Passwords Automatically.” let LogMeOnce password manager generate strong passwords. Sit back and enjoy the process—every time you get a fresh password! Scroll down to the bottom of the page to see the most important part—a comprehensive report that lists all your passwords, from weakest to strongest. Any duplicate passwords are also flagged here. You can also initiate a automatic password change for a single website (App). Enjoy and start using Password Changer. No more duplicates or recycling old passwords! This technical information is specifically designed for the feature on this page and optimized for a quick glance. More information can be found in the Support section, Help files, and training videos."
I would not be stupid enough to use something like that. I have records of all my passwords outside of Bitwarden, for obvious reasons.
Not obvious. Please do explain the stupidity. It is an optional feature in LogMeOnce, might not be for everybody.
I also miss this feature after moving over from LastPass… the logic is:
- navigate to site’s password change page.
- enter current creds.
- generate new password.
- save on site and in vault.
This was nice to be able to change 5-10 account passwords in one go. Especially if they showed up as weak or reused. Obviously all sites cannot be supported; however, support for just a handful of top sites is useful.
I prefer to know that I have copies of my passwords outside any password manager. Thus, when I adopted Bitwarden, I changed the passwords on all the sites I use but, being new to Bitwarden, I had copies of them outside it just in case.
I am now a lot more experienced with Bitwarden, but I will still be keeping my copies (securely) outside it.
All software has flaws. I’m long enough in the tooth to have seen a fair number of such flaws over the decades, even in well known and formerly well behaved software. The idea of letting some software change the passwords to all my websites, possibly not recording all the changes properly, is as risk and it is not a risk that I will be taking.