Lost Master Password/ Account Recovery

System for Account Recovery for lost password

Feature Function

  • Currently, BitWarden does not have any sort of feature that allows its users to recover their account in the event that the master password is lost.
  • A feature that allows the user to add a phone number and/or alternate email to allow for a password reset for the main purpose of account recovery.

Other password vaults and websites, such as Lastpass and Google, include similar functions that are secure. I believe that this feature will help many users if they were to lose access to the account, instead of having to delete the account and lose all saved passwords.

I have concerns about what you are asking for. BW is ZERO KNOWLEDGE by design which means only YOU can access your data. If BW could simply use another email or reset this or that, then under duress from a Gov or something along those lines your data could be pwned!

An alternate email password reset mechanism would simply allow the powers that be to lean on the email provider and they can read your emails at will. Power hackers could do the same thing.

I have no major issues if the BW team wants to enable such a feature as long as MY account can opt out. Don’t be offended but knowing the importance of the Master Password, how can someone not have it recorded in several places? Unimaginable to me.

5 Likes

I would rather this “feature” was not implemented as it is a large security risk. However, if it was introduced I would much rather that it was an opt-in feature, rather than an opt-out one.

I agree with you on the desirability of people having several copies of their Master Password, stored in a suitably secure fashion.

1 Like

I agree, This is NOT a desirable feature and I would leave BitWarden if it was implemented

Bitwarden encryption depends on my master password and this is why its so secure

1 Like

Basically, if you can’t remember one, strong password to your vault, you are a looser… I also think that this is a strong security risk and better prefer to not have this implemented.

As others have said, BW is zero knowledge meaning there is NOTHING they can do to give anyone access. That said, the do have an “Emergency Access” feature for premium accounts. It requires another account to operate, but if you wanted to use for yourself, you could create a kind of back-up account with a strong password that you have saved off somewhere.

But really, if you’re the kind of person to forget their password, write it down and put it somewhere safe. Contrary to what many people say about wittering down passwords, it’s not that bad. The overwhelming majority of attacks are remote. Unless it’s the police or court order, you don’t hear about people physically breaking in to steal passwords.

2 Likes

I agree with everyone above - this is NOT a feature I want to see implemented.

Sometimes I wish we could cast a vote to DOWN-VOTE a suggestion. I would gladly use one of mine here.

2 Likes

YES. BITWARDEN ADMIN: PLEASE ADD ACCOUNT RECOVERY VIA PHONE AS AN OPT-IN FEATURE ON ALL FREE ACCOUNTS. THIS IS A BASIC SERVICE RELIABILITY STANDARD, A NECESSARY PILLAR OF SECURITY FOR THE THREAT MODEL OF THE COMMON USER.

I’m not upset but it needs to be pointed out. Here’s the rational for my stance:

Most average users (towards which the BW service is oriented) do not use a secondary email address so it does not make sense to have them set that up.

There is no justification for forcing draconian measures of “security” on all users, all to paradoxically force the risk of them losing ALL of their critical login credentials with the loss (or recent change) of a master password. That doesn’t make ANYONE feel secure.

Security / privacy over convenience or vice versa should aim to be the decision of each individual user by default. As this matter does not affect other users, this is one such instance where the user should be allowed to decide.

Since secure services commonly operate features like these without surrendering any sensitive data to the admin or others - protecting phone numbers and not using web links or 2FA access codes - it would still be zero knowledge if implemented. If we want a safe preset for the security obsessed, configure new accounts to have it disabled by default and give a security warning whenever they go to enable it, but really all that is needed is not to have a phone number put on the account at all.

And since people typically keep phone numbers they would associate with a service like this for life, porting them when switching providers, sending a reset confirmation code to a cellular device is not really a big security risk either unless your cellular device is so compromised you don’t trust it with receiving a password reset code to put into a secure web page. And if that’s the case, then why trust it with your 2FA codes and your BW vault both on the same device? We’re not making a bearable amount of sense if we begin to fear cellular devices of users, so we need to lose that thinking.

Lastly, the reason this not only needs to be an option but needs to be active on all free accounts is because it not only builds confidence to encourage users to upgrade, but if, for example, the user has to wait for a renewal or temporarily downgrade for any reason in the future and loses that recovery feature at exactly the same time the account becomes inaccessible and said user is on the threshold of a financial or medical crises where the a login becomes critical, this can become the demise of any company claiming “user access” reliability of their service. And yes, that’s exactly where BW is situated in the lineup of service options. Yet can your support team help that person in time to meet their critical deadlines if it’s outside of business hours? If they are locked out and a huge fallout of events spirals out of control in their life because of that occurrence and because of it their lives are now decimated, not good. You don’t want to have your service’s name attached to that tragedy in the public eye. Just a handful of reviews like that could blow you away. We’re talking scorching online references on common app comparison websites, which is likely - a person’s grief turning into a very long very agonizing and very personal hunt to squash your service for the sake of unpaid damages in their life. None of us want to see BW fall prey to something like that.

But the bottom line is that a large portion of the market will begin quickly idenfiying those critical features being absent or not and they will NOT NOT NOT risk losing access to their logins once they’ve already experienced the pain of it. Not even for a few hours. So not having this feature would effectively keep many nontechnical users from putting greater confidence (and funding) into the service. And it’s not just that your competitors will have this feature which will cut into your prospective market share, but ask the question why they don’t bar this feature if it’s such a security risk. I’m not closed to evidenced concerns from knowledgeable security advisors here or elsewhere, but as the network engineer who has deployed and supported security solutions in government and private sectors, I’ve never personally considered a phone “account restore” feature as a security risk. That said, I wouldn’t ever advise using SMS as your 2FA method, which is an entirely different set of risks. Hopefully everybody here is differentiating between those two because they’re NOT the same level of security risk whatsoever.

Bitwarden, I appreciate your offering. It’s a great service and I am getting allot out of it already. But please do yourselves and us a favor and just add this feature. There’s no firm case not to and all these reasons you definitely should

No, there should be no such option to do that. It will provide a huge security risk.

Users should secure their own master passwords, and for emergency cases there is emergency contact option.

If user fears that he can forget his master password, then he can type it in a piece of paper and store it in a safe place, or he can put it as an encrypted file into one of his fav storage services.

3 Likes

I agree 100% with Aaron. In my case I can’t log in to my vault because I unistalled the autenticator app and cannot use the 2 steps login because it is a snake bitting its tail thing, I need the autenticator to log in and need to first log in to be able to use the autenticator app… And because I cannot export shared passwords from the extension i have to copy each one manually… I know the sistem is supposed to be safe but not so safe that it is not pratical… Or your passwords are so safe that not even you can access them… Please fix this issues as an opt-in feature!

Patricia - see my response to your nearly identical post here - you can still get into your vault: