Inside WEB vault trying to recover password

so i screwed up using a laptop keyboard, and changed my password with a TYPO in it.

luckily I got in using a yubikey , but can’t change master password, can’t export vault , the fingerprint seems useless.

am I screwed ?

all this began because i was tryng to delete some old entries and the trash can does not appears for them , sending emails for help were not useful no matter the screen shots I sent

so amd I screwed ?

Does that mean, you have a “login-with-passkeys”-passkey on that YubiKey, making it possible you can still login to the web vault?

PS: Okay, I justed tested it with logging in via passkey - unfortunately, export is indeed only possible with the master password when you login with passkey (in some cases, export from the web vault also works with an email OTP verification code)… so if you can access the web vault, and don’t have another export, you are indeed lucky, I would say, as you can still access - and export - (almost) everything. The bad news is, you have to do the export manually, item for item.

Don’t forget anything. Usernames, passwords, TOTP seed codes, notes, attachments, cards, identities, … I guess, passkeys can’t be exported now, but you should be able to create new ones afterwards, when you have the other login credentials.

PPS: Regarding your title… there is no way to recover/reset or whatever the Bitwarden master password - your only chance would be to “guess” it…

1 Like

If there is a typo in your master password, you may be able to re-create it. Presumably you know what you intended the master password to be. Open a text editor, and use the same laptop keyboard to type that master password over and over, at different typing speeds. Maybe you will see certain typos among the entered passwords, and that could give you a hint about what mistyped versions of your master password you might test.

For example, in your post above, you mistyped “trying” as “tryng” twice (once in the text and once in the title, although the latter typo has since been corrected) — so if your master password was supposed to contain the letter “i”, you might try omitting it. You also seem to have a tendency to insert spaces before punctuation, so if your master password contains punctuation, that may be another thing to try.

Note: To test candidates for the mistyped master password, do not attempt to log in with the guessed master password (this could get your account locked, if you fail too many times). Instead, either try the passwords in the export tool, or try to use them to unlock your vault after locking.

1 Like

I have tried what I thought was the new password , I also tried the community password that has a number withing the master password m. nothing .

I do have a question , I was able to add my other 2 email accounts as “takeover” and I replied to both.

so to take over my account do do I use my standard original email in this account is under OR do I use the MSN email i set up as takeover ? or the gmail address to take it over ?

would that allow me to use a new master password ?

best regards Roman

too late I did try too many and it does say locked, my memory is bad a do not remember how I was able to use the youbi key and get back into the vault.

for now I set the vault time to lock to 999999 hours , hope that works for now

but i do need help with account takeover at 2 other emails I have and are verified as takeover, when I attempt the takeover do I use the msn email account or the original rtoledo2002 — yahoo ?

hate this laptop keyboard must be the mouse pad

best regards roman

In the Web Vault, go to Settings > Emergency Access. See what email addresses are listed under the section “Trusted emergency contacts”. In a separate browser tab, log in to the Web Vault by specifying a username matching one of the email addresses that were listed as “Trusted emergency contacts” in your main account; hopefully, you do have the master password for the Bitwarden account used as the emergency contact. When logged in, go to Settings > Emergency Access and initiate emergency access.

I tried passkeys , it asks for the master password, on other web sites passkeys just gets you in, NOT bitwarden . on my youbey keys I have their OTP app numbers that it gives you and i find no where that can be entered or even tried , and I bet that needs the master password that gets me into all accounts.

there’s no google authentication i know off

so pretty much all these things do not get you in , and are a WASTE of time.

for now I created another paid account with my gmail account only for me , NOT the whole family , so i can have access to my 7 important accounts , even though they use google authentication or text to verify a code.

I sure wish Lastpass had not been so bone headed cause they had a " last known password " feature to recover it , maybe that was part of their stupidity , but saved me once.
I’m headed off to one password to see how they do it

again thanks evryone

OK, I guess we misunderstood what you meant when you previously said that you “got in using a yubikey”.

Good luck!

:waving_hand:

Oh yes… and I seem to have misunderstood your title @rtoledo2002 as you were now already inside the web vault, trying to recover what you can…

That doesn’t help you now, obviously, but with Bitwarden, you can also store passkeys “with encryption” so that you won’t have to type in the master password any longer. (actually, that’s what I thought you had in your hands right now, misinterpreting what you wrote…)

Good luck, also!

1 Like

yeah I’m inside now , at least the yubikey helped me. I hope the WEB vault honors the time to lock , I put in 999999 that equals to 2000 plus years , IF that works and I don’t mess up Firefox on this laptop , I can remain . but it probably get messed up eventually.

I wan not aware about encrypting passkeys . I think that once your in we should be able to access it . BTW I knew I had set up several ways to log in believing I could get in that way like you can on any web site.

I’m not sure what this will do "security tab " this what it says

Log in with passkey On Beta

Use a generated passkey that will automatically log you in without a password. Biometrics, like facial recognition or fingerprint, or another FIDO2 security method will verify your identity. Learn more about passwordless

then on the two step login, I have authenticator app turned on pretty sure it’s on all 3 yubikeys , as I said earlier the OTP numbers show up on the yubico app on my phone.

I also have passkeys on and yubico OTP on .

seems to me that with 3 FIPS 142 version 5 yubikeys I should get in without the password as you get the OTP sign in .

guess overkill is bitwardens pass to securement

If the FIRST option above works I will let you know

thanks again

NOPE I already had the passkeys option on , i removed it it sends you a code to your email , and that allows you to turn it on, and so I already encryption , so I probably just made it worse . well hope others can profit from my trials and failures

this thread should be a features request for bitwarden.

first one being logging into vault with hardware keys and a OTP to let you log in and change password using the key again on the inside of the vault.

second one is allowing the google authentication that now uses a pin to get inside it on your phone

I’m not going to bother judging it by the email replies I got from them that led me to changing the password

Accidents happen, as you have twice learned. The solution is being ready for them. The two big defenses are creating an emergency kit, and creating occasional backups. Both of these techniques can be applied not just to Bitwarden but also to their competitors.

And, as you have learned with this most recent experience, just before making vault-wide changes (new password, changing email, updating encryption, cleaning up, etc.) is a very good time to freshen the backup. Then, if something does go haywire, it is a relatively simple exercise to delete the old vault, create a new vault and import the backup, avoiding any data loss at all.

If you are planning on “starting over”, check out the *Guide for Getting Started on the Right Foot in Bitwarden™*

Tricks like “last known password” are a dangerous thing because if you suspect a bad actor may have access, it becomes difficult to permanently cut off their access.

1 Like

Honestly, I have no idea what exactly you are talking about here. Both “passkey”-options of Bitwarden (2FA and “login-with-passkey”) don’t send you a code to your email address. :thinking:

What??

Without further explanation, unfortunately I don’t understand what that refers to.

Unfortunately, there is no “should”, I would say. When it’s possible, you either set it up that way - or you didn’t. :man_shrugging:

Not your main problem now, but for the future: don’t reuse your Bitwarden master password for any other account. (similar passwords should be considered as reused passwords, i.e. not longer unique)

I’m not sure if that was already addressed here: you can initiate “account takeover”, if you set that up before, by logging into one of the Bitwarden accounts, that was granted “emergency access” to initiate the “takeover”. You can read more to that here: Emergency Access | Bitwarden

A successful takeover would make it possible to give your “lost-at-the-moment” BW account a new master password, yes:

(see here: Emergency Access | Bitwarden)

UPDATE: so inside ther rtoledo2002 web vault I set my self as a takeover at my rtoledo2 email.

I got this in my rtoledo2 account

Roman Toledo has approved your emergency request. You may now login on the web vault and access their account.

I have read the instruction a bunch of times, but it does not tell me , how to log into the rtoledo2002 vault . do i try to log in using the email rtoledo2 or the email rtoledo2002

it’s the rtoledo2002 I am trying to takeover

I have a NEW bitwarden account under rtoledo2

OK I finally figured it out , I logged into my rtoledo2 account , went to emergency access and clicked the 3 dots and this time it had a takeover button , it let me change to a new passord

woohoo thank you all

IF anyone at bitwarden reads this , you really need to do a HOW TO step by step using 2 emails one for the address you are taking over one one for the grantee , and then showing how the grantee has to go back to the grantee emergency access tab and click on the grantors email 3 dots and click on takeover button

I did not see that in their HELP screens under this subject

consider this closed, hope someone in here can send this to them , I will do that to the last email I got today , BUT they seem to have a serious reading comprehension problem , even when you send the screen shots proving a point