Is it possible to search for a password?

Hi Community,
I got a indication from Norton that my email address has been compromised. Unfortunatley it’s not show which service it affectes. However I got an indication how the password starts and ends.
I would like to search my Bitwarden password safe for those signs but the search result does not search in psswords.
Is it possible to use an advanced search for passwords?

Best Regards,
Rouven

1 Like

First of all it sounds very strange, that any online service knows your password in clear text. Normally this should not be possible, because passwords must never be stored in clear text but only as hashes which can not be turne back in to passwords. If Norton is able to tell you parts of your password then I would not trust that service any longer, because they handle user accounts in a very unsecure way!

Furthermore about your question: no, there is no function to search for passwords since passwords are always encrypted and it is not possible to search for encrypted data in Bitwarden. You can only search for text which is not encrypted. Otherwise Bitwarden would have to decrypt every password in your vault and check if the searched text is part of it.

Howeve - you can temporarily export your vault to an unencrypted text file and search there using a text editor (Tools → Export vault → json or csv). But beware: this file is completely unprotected! You MUST delete it immediately afterwards!

Hey Arno,
Thank you for your answer.
I suppose Norton is scanning for my Mail address and git a Response in the darknet with the connected password. So Norton does only have the probably old password of the source.
However I would like to check of this password is still in use.

Best regards

Technical question: When I load Bitwarden as a stand-alone app on my PC, I can click on any entry and then see the password (after clicking “show”). Does the data remain encrypted up to the moment I click on an entry? Does it only decrypt a single entry as it’s requested? Or is your data unencrypted when you open the app?

@awelzel & @astrohip

To clarify a misunderstanding: When your Bitwarden vault is unlocked, all of its contents are decrypted and stored unencrypted in process memory. Safeguards such as hidden fields (•••••••••) and “Master password reprompt” do not add any encryption to the data, they just control how the UI displays the data.

In this case extending the search to password or other hidden fields as well would be a nice feature. I was under the impression, that passwords are only decrypted on the fly to make sure that memory content is as safe as possible.

Alas, the passwords are all encrypted at once when the vault is unlocked. Here is an example of a password stored in the process memory in plain text:

 


Here is the Feature Request for searching by password:

Thanks for the informative reply!

One more question: I have BW always available as an extension to Chrome. No login required. Does this mean my vault is decrypted every time Chrome loads?

BTW, if this info is somewhere online, feel free to link it. Thanks!

Are you required to at least unlock the extension, by entering a PIN or master password, or by using biometrics?

Or have you set your vault timeout to “Never”?

If the latter, then yes, the vault is immediately decrypted as soon as you open the browser. In addition, your vault encryption key is saved on your device with minimal protection, so someone with access to your device (physical access or through malware) can steal your encryption key and encrypted vault cache, and then use the key to decrypt your vault contents.

Thanks again, good info.

Last question (and sorry for going so far off-topic): It’s currently never. If I change it to anything else (PIN, bio, etc), does that change the “vault encryption key” to more secure protection? Either because it’s no longer stored, or because it’s more secure? Or is it still minimally protected?

The recommended way of locking your vault with a PIN is to set a short timeout period, and to ensure that you leave the option to “lock with master password on browser restart” enabled. In that case, your vault encryption key is kept in process memory while the vault is unlocked, and a “protected” (i.e., encrypted) copy of the vault encryption key is kept in process memory while the vault is locked; the vault encryption key (in its unprotected or protected forms) will not be stored in persistent storage (e.g., saved to the harddrive) on your device. But this requires you to enter your master password the first time that you open the extension after restarting the browser.

A somewhat less secure method (but still much better than setting the vault timeout to “Never”) is to unlock with a PIN, but disable the option “Lock with master password on browser restart”. In this case, a protected (encrypted) copy of the vault encryption key is saved on your device in persistent storage, and an attacker with access to your device could copy your vault data and crack your vault off-line, but it would require brute-force guessing of your PIN. Thus, if PIN is something like a four-digit numerical code, it can be brute-forced in a few seconds. However, in the browser extension, Bitwarden allows the PIN to also contain non-numeric characters, so it essentially is an alternative password. Thus, depending on the physical security of your device, you could be reasonably secure with something like a 7-character alphanumeric code for your PIN (which would be about 8 million times stronger than a 4-digit numerical PIN).

1 Like

Thanks, great info. I hope it’s been useful to other readers of this thread.

1 Like