With recent data breaches, I think it might be a good idea to be able to generate and save new passwords for all accounts with one click.
2 Likes
How would the user manage that?
You have to update each password one-by-one on their individual sites. Clobbering all of your passwords at once (one unique password for each login) could be very bad.
No password manager update passwords on the sites automatically, it just stores them for the user in the web vault.
1 Like
I’ve been looking around for an automatic password changer feature on Password Managers as part of the great LastPass exodus.
LastPass had a feature to have an auto password change for each individual password, and LogMeOnce has the option (in premium) for automatically changing ALL passwords. Would LOVE to see that added to Bitwarden.
Description from LogMeOnce:
" Automatic Password Changer : Even if hackers could gain access to an encrypted password by brute-force attack, it would typically take about 40 days for them to crack a 15-character password. Longer passwords would take longer. So, changing your passwords every 30 days would render any brute-forced password useless. But who has the time to change individual passwords every month!? The LogmeOnce Auto Password Changer saves you time. It’s that simple. As shown on this page, you can click individual accounts on the left-hand column or check them all. Then click on the big green button “Change All Passwords Automatically.” let LogMeOnce password manager generate strong passwords. Sit back and enjoy the process—every time you get a fresh password! Scroll down to the bottom of the page to see the most important part—a comprehensive report that lists all your passwords, from weakest to strongest. Any duplicate passwords are also flagged here. You can also initiate a automatic password change for a single website (App). Enjoy and start using Password Changer. No more duplicates or recycling old passwords! This technical information is specifically designed for the feature on this page and optimized for a quick glance. More information can be found in the Support section, Help files, and training videos."
2 Likes
I would not be stupid enough to use something like that. I have records of all my passwords outside of Bitwarden, for obvious reasons.
Not obvious. Please do explain the stupidity. It is an optional feature in LogMeOnce, might not be for everybody.
1 Like
I also miss this feature after moving over from LastPass… the logic is:
- navigate to site’s password change page.
- enter current creds.
- generate new password.
- save on site and in vault.
This was nice to be able to change 5-10 account passwords in one go. Especially if they showed up as weak or reused. Obviously all sites cannot be supported; however, support for just a handful of top sites is useful.
1 Like
Really?
I prefer to know that I have copies of my passwords outside any password manager. Thus, when I adopted Bitwarden, I changed the passwords on all the sites I use but, being new to Bitwarden, I had copies of them outside it just in case.
I am now a lot more experienced with Bitwarden, but I will still be keeping my copies (securely) outside it.
All software has flaws. I’m long enough in the tooth to have seen a fair number of such flaws over the decades, even in well known and formerly well behaved software. The idea of letting some software change the passwords to all my websites, possibly not recording all the changes properly, is as risk and it is not a risk that I will be taking.
Yes. This would be a great edition to BitWarden! I loved this feature of LastPass. I don’t need to know my current password, and I don’t need to know my new password. If BitWarden can log me in and change my password, I don’t care about how it happens as long as it is done securely and I don’t lose access.
I was searching through Feature Requests for this item, and am glad I found it. Hope this bubbles up!
1 Like
It would be great if there were a “Breach trigger”," as well. So in the event my username@domain is breached, Bitwarden would automatically log me in and update my password for that site and send me a notification that it was done and why, and if it was successful or not.
1 Like
Thanks for the feedback all! Bitwarden is working towards a vault health dashboard-type experience to provide automated reporting.
Regarding changing your passwords for you automatically (in single or bulk), for the time being, this will require user intervention as not all websites would be compatible with this method as they are designed with vastly different approaches/standards.
Rest assured, the feedback has been passed to the team and we will continue to monitor standards in this space and find ways to improve the experience.
1 Like
Here’s an idea to mull over: You could set up some type of “macro recorder” that would allow the user to record the process of changing the password manually, and save that “macro recording” with the vault entry in a way that would allow Bitwarden to run the process autonomously in the future.
Perhaps such user-recorded macros could be shared (after vetting) to create a repository of scripts for different websites.
Until standardization of passwords change procedures becomes a reality, something like the concept above is the only way I can imagine that automated password changes could be implemented in a password manager.