If I trade in a computer that could not be initialized, will my login information be stolen?

I was using Bitwarden on my old computer.
However, my computer broke and I couldn’t initialize it.
I bought a new computer and traded it in.

My information on the computer I traded in
Can you see it?

How can I avoid being seen?

@hinayu430 Welcome to the forum!

At the time that the computer “broke”:

  • Were any Bitwarden browser extensions, or the Desktop app or Web Vault app logged in? If they were not logged in, then there was no vault data on your computer, so there is no risk of the data being accessed.
  • Were any Bitwarden browser extensions, or the Desktop app or Web Vault app unlocked? In that case, if the computer crash caused a memory dump to be written to your hard drive, then this memory dump may contain your unencrypted vault data.
  • Were any Bitwarden browser extensions or the Desktop app configured to have a Vault Timeout period of “Never”? If so, your vault data can be decrypted using data stored on your computer.
  • Were any Bitwarden browser extensions or the Desktop app locked using a PIN, and if so, had you disabled the option “Lock with Master Password on Restart”? In that case, it will be possible to use a brute-force attack to crack your PIN, thereby allowing the vault data on your computer to be decrypted.
1 Like

If after having read @grb’s comments, you still have an uneasy feeling, you might consider changing your master password and account encryption key. This will cause all of your devices to log out of your vault. There is a limit, though. The “cloud” can not force the broken device to log out of your vault until the next time it is connected to the Internet (if ever). If a determined hacker choses to work off-line, they might have a chance, but a normal refurbisher would likely be foiled.

If you do decide to change your master password, I highly recommend first exporting your vault. Read the linked instructions carefully, use password-protected JSON export, and add the backup password to your emergency sheet. Messing with the encryption is a “potentially dangerous activity”, so it is best to be prepared incase something goes wrong.

You might also think about what else might be on the computer you traded. Do you have documents with confidential information; Does your browser history matter; is it logged into Gmail, Office 365, or other subscription services; etc? When trading in your next computer/phone/tablet, it is best to reformat the hard drive and install a fresh copy of the operating system. If the device is too-broke to do so, either remove the hard drive and reformat it in a different computer, or trade in the computer without a hard drive. This protects all your data, not just not your vault.