I just changed a master password and forgot it. I had it generated in the Bitwarden desktop app but it didn’t seem to save and now I forgot it.
I know the general form of the password - it’s not too long.
Question: how many login attempts do we get? I’m thinking I can try to figure it out.
Something that might help - is there a set of words used in the generator? How does it pick the words?
@Zooce Welcome to the forum!
FYI, I changed your topic title to be more accurate (was: “Just changed master password and it didn’t save in bitwarden”).
I don’t think there is a fixed upper limit on the number of login attempts that you get, but after 9 failed attempts, you will have to solve an hCaptcha with each further attempt.
The word list used in Bitwarden’s password generator is the EFF large word list, which contains 7776 words.
Is it possible that you may have another laptop or computer that is logged in to Bitwarden, but that is turned off or at least doesn’t have Bitwarden running at the moment? If so, let us know, and do not open any Bitwarden app on that device while awaiting further instructions. It may be possible to gain some valuable information from such a device.
I believe we have another laptop with the Bitwarden browser extension on it that hasn’t been turned on in a while. Will that help?
Yes, that could be helpful for purposes of recovering (some of) your vault contents, if you are unable to get back in to your vault with the new master password, and if you don’t have any vault backups.
If the browser extension on that laptop was logged in (but locked) when you last used it, and if you still remember the old master password (or the PIN that you’d use for unlocking), then you may be able to export the vault contents as they existed when you last used the browser extension on that laptop.
What browser was the extension installed on?
I don’t know - it was probably Chrome, but I know she has Firefox and Safari as well- its a Macbook Air.
OK. You may have to try a few things, then.
Is it accurate that you do not have backups? If you have a backup (e.g., a recent vault export), then you’re not going to need to jump through the following hoops.
To attempt to recover data from the laptop, it is essential that Bitwarden is prevented from connecting to the internet (because this will cause your browser extension to log out, wiping all data). My recommendation would be to turn off your WiFi router before powering up the laptop. After powering up the laptop, immediately put it in Airplane mode (or otherwise disable internet connectivity).
Once the laptop is securely off-grid, you need to find the Bitwarden data folder. The location is different depending on which browser Bitwarden was used on, as explained in the documentation:
~/Library/Application Support/Google/Chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb
~/Library/Application Support/Firefox/Profiles/your_profile/storage/default/moz-extension+++[UUID]^userContextID=[integer]
~/Library/Safari/Databases
~/Library/Application Support/Microsoft Edge/Default/Extensions
The Chrome folder path may be slightly different if you are using a profile other than the default. For Firefox, you need the UUID value, which you can find by entering about:debugging#/runtime/this-firefox in the Firefox browser address bar.
Look for any file with a .json file extension in the above locations (especially a file named data.json) — except for Chrome, where the relevant files have the extension .log. I only have personal experience with the Chrome browser extension, so if you were using Bitwarden on a different browser, I will have to make some educated guesses about how to help you.
Let me know what you find.
Doh. I assume you have checked here on the app used to generate the password
So this is along the lines of what I thought you were going to say. So once I find this file. How can I decrypt it?
If the internet is disconnected I’m assuming I can still unlock the browser extension and get access to the unsynced vault - do I have that right?
(Oh and you’re correct about not having a backup of that one anywhere.)
So I had settings to lock the vault after 1 minute, so I couldn’t get back in. If I log into my other account, can I see the password history across accounts - I’m guessing no?
OK, wait, is your vault still logged in but locked? When you change the master password, Bitwarden deauthorizes all sessions, which causes all your apps to be logged out if connected to the internet.
Please clarify whether you currently have any apps that are logged in but locked, and if so, what specific type of client app (desktop, browser extension, etc.)?
Yes, but I would highly recommend first making a backup copy of the entire data folder (the folders I mentioned above) before opening the browser.
After backing up the data folder and unlocking the browser extension (with the internet still disconnected), go to Settings > Export vault, and choose the plain (unencrypted) .json format. Then export your vault contents (you will need your old master password).
Okay, so I have two Bitwarden accounts (one for me and one for my wife). It’s my wife’s account that we are currently trying to recover. I generated the passphrase with on the Linux desktop app - I don’t remember if I was logged into my account or hers. I can still log into my own account.
On my wife’s laptop, which has been powered off for a few weeks - so that’s the one I’m thinking we can try to recover it from.
I did log into my wife’s account on my Linux desktop app right before doing this.
Before changing the master password in her Web Vault? And it didn’t get logged out yet? If so immediately disconnect that computer (the computer with the Linux desktop app) from the internet!
No it did log me out.
If you still have an active session of the Linux Desktop app logged in from before when you changed her master password, then the data file that you will want to back up is the data.json file in one of these two folders:
~/.config/Bitwarden~/snap/bitwarden/current/.config/BitwardenBut, as I noted above, you are on borrowed time — as soon as that Desktop app pings the Bitwraden server, it will get logged out from your wife’s account, wiping the all vault data from the data.json file.
Edit: Nevermind, just saw your reposne.
If you were logged into your account when generating the passphrase, then the method suggested by @DoctorB above should show you what passphrase was generated (the generator history is specific to each client app installation, so you would have to check this from your Linux Desktop app, while logged in to your own account).
It worked. I was able to export her vault with the old password and it turns out it was a very recent version so we’re good.
Thank you for your help - literally life saving.
And yes - I’ve learned a major lesson from this…(many lessons in fact).
This has happened to me too when updating vault item passwords using bitwarden’s password generator and I’m highly technically savy.
How this happened to me is when I generated the password using the generator it auto copies or you click copy and then go to click out of it. But instead you have to click save on the password generator screen. Luckily the password history has saved me when this happened.
*on chrome browser extension
I’m glad you were able to get the password back.
I too am highly technically savvy…I just made a really dumb mistake - one that I will never make again.