Generated passwords / passphrases: only list and store copied / "used" one's in the generator history

mutilator · May 11, 2025, 5:47pm

Hi,

In 1Password, only generated passwords that you’ve actually copied are stored in the history.

Bitwarden simply saves every generated password there, even if you’ve only opened it once. This really annoys me.

I would be happy if BW only stored the generated passwords that you’ve actually copied there.

In all BW versions, of course.

Greetings

The suggestion from @DenBesten is great.

Nail1684 · May 11, 2025, 6:11pm

Such a behaviour would make me uneasy. If I ever not copied a password - but e.g. wrote it down with pen & paper (for whatever reason) - then that would mean, I couldn’t recover that password.

mutilator · May 11, 2025, 7:58pm

But you should only see the password that you copied or used.

Nail1684 · May 11, 2025, 8:07pm

Again, every generated password I e.g. wrote down on paper only would be lost then.

I indeed prefer every generated password to be stored in the history - to prevent inadvertent data loss.

grb · May 11, 2025, 9:06pm

Writing down generated passwords on paper occasionally is appropriate, but for most Bitwarden users, there would be little or no reason to not also store the hand-written password in the vault. Thus, I suspect that your scenario is a corner case.

Personally, I would prefer if the password generator history did not save every password that is generated when one first opens the generator (before adjusting settings) or the passwords that are generated while one is in the process of making configuration changes.

I would be happy with an option to only keep passwords in the history if they have been “used” (by clicking Use this password), or copied (by using the copy button or by using highlighting and the browser’s copy function), or dragged-and-dropped, etc.

Alternatively, the saving of irrelevant passwords could be prevented by not automatically generating a password when the generator is opened or when settings are changed: leave the displayed password blank until one clicks some explicit “Generate” button. Of course, this would introduce an extra click, which has its won problems.

Nail1684 · May 11, 2025, 10:02pm

E.g. creating a new master password with the generator, that many people probably don’t want to store in their vault, could be a very serious “corner case”. (I guess we can quibble now if someone still “copies”/“uses” it - or if it is only typed manually and would bypass the generator history then…)

PS: I just changed the title to make it more explicit.
(before, it was “Password history only copied passwords”)

grb · May 11, 2025, 10:51pm

In that case:

You will have written down the password on your emergency sheet, so the probability of losing your master password is extremely low.
There is no reason not to store your master password in your vault (as long as it is also stored outside your vault); saving the generated password would not only preserve an extra copy of the password (in addition to the hand-written copy), but should also result in the password being saved in the password history.
If someone who feels that storing the master password in the Bitwarden vault creates a security vulnerability, then (if they are rational) they should also feel that preserving the generated master password in the password history would create an equivalent security vulnerability.

Nail1684 · May 11, 2025, 11:00pm

Of course. But I think I know one or two people who quickly change their master password, don’t write it down immediately - and who were rescued by the generator history. (BTW, it mustn’t be your own master password… also setting things up for others might be a case, where you don’t want to store those generated credentials in your own vault).

Different topic now. I wouldn’t say “no reason” though. For the case, someone could get access to an unlocked vault (e.g. right-now stolen mobile devices…), having the master password accessible would give complete control (e.g. to export immediately)…

BTW, I have my master password in my vault… Though, indeed, the last weeks I think of changing that. (not decided yet)

Good point. Though, the generator history should be deleted with deleting the client’s data, I think. (as the history only “lives” in the client apps… BTW, maybe a good argument against a synced generator history… )

grb · May 11, 2025, 11:27pm

The key to avoid data loss is to always first record the generated password (in any location/medium of choice), and only then transfer the generated password from the saved record to the password input field of the registration or password change form. Transferring passwords directly from the generator into the form field is always risky. Even the password history is not a failsafe — the password history is lost if using the Web Vault and closing the tab, or if using the Desktop app and generating passwords without unlocking the vault, or if using any other client app and either logging out or losing access to the device.

grb · May 11, 2025, 11:51pm

@Nail1684 If you are by what I wrote, please ask a question, so that I can clarify what I meant.

DenBesten · May 12, 2025, 1:23am

This right here is why I am not a fan of the autofill overlay having a pre-built password when on a new login page. Using it is absolutely setting one’s self up for failure.

mutilator · May 12, 2025, 1:38pm

So you’re all saying this isn’t a good suggestion?

DenBesten · May 12, 2025, 3:14pm

Only showing generated passwords that have been used does have merit, although to address @Nail1684’s concern, perhaps there could be a “show all” checkbox.

grb · May 12, 2025, 3:45pm

I’m in favor.

I think that @DenBesten has come up with a good variation of the original proposal: Continue to save all passwords in the local history, but allow the user to set a filter to only display passwords that have been “used”.

mutilator · May 12, 2025, 4:13pm

I think the idea is very good. @DenBesten
@grb I would be happy if this suggestion would make it into the product.