How to check exposed passwords

It would be handy to search for passwords or part of them.

I was trying to ID which a/c’s might have been compromised when some passwords associated with my domain/emails were found on the dark web.
Currently, i’d have to manually view and check each and every entry to see which if any match or export my entire list to a spreadsheet to then search and filter there (which is what I’ve done) but not happy having a detailed list on my computer even for a day or so, just in case…!

Hi @AndrewY, the Vault Health Reports in the Bitwarden Web Vault includes an Exposed Passwords Report which can identify passwords that have been uncovered in known data breaches that were released publicly or sold on the dark web by hackers.

Thanks for that, I had been unable to find the reports option.
Searching for specific passwords would still be a handy addition…

To check singularly exposed passwords, you can click on the checkmark to the right of any password field.

1 Like


I looked at the exposed password page.
I see many password stated as exposed. But some are just local notes which has never leave the Bitwarden infrastructure.

How those passwords could possibly be exposed except if the all application is leaking?


Hello @astein - welcome to the community forums!

Your password probably matches by coincidence. The exposed password report does not state that YOUR use of the password was the source of the leak - it could have been the credentials of someone else that leaked and your password just happens to be identical. This is very common with weak passwords.

I remember requesting that PWs be included in search criteria a good while ago. Do you think that capability will ever be added, or would doing so be a security risk, or is it too difficult to implement? I’m getting by without it, but it would have been a nice feature when I went through hundreds of accounts and updated all of my weak passwords a year ago, especially those that appeared on leaked lists. Exporting the vault and searching in Excel or a text editor could have worked to find them, but that just opens a whole bunch of other security holes I chose not to explore. Cheers.