Manually delete an entry from Password History

Please allow to delete a single entry from the password history.
I do not want to delete all entries, just the one I select for deletion.

For a website I have created 3 fields of the type “Hidden”.
Here I stored the 3 “Secret Questions” and the “Secret answers” that must be entered when you forget or change your password.

So I have the following field:

  • Field Name contains “Secret Question 1: What is the worlds best password manager
  • Field Value contains “Bitwarden
    :wink:

Perfect, the answers are masked with “*” as I expected.

When I show my friends and colleagues Bitwarden and try to convince them, I also show them this feature (without unmasking the Values).
But when I have the question visible in the field “Name” then friends might guess the answer.

So I moved the question to the Value field and now I have:

  • Field Name contains “Secret Question 1
  • Field Value contains “What is the worlds best password manager: Bitwarden”.

But now I see the old values in the password history.
I don’t need them and I would like to delete them (they are not really passwords and they inflate the password history).

So please allow to delete a single entry from the password history.
Then I could delete these 3 entries and keep the real password history.

I can add another case why this is important.

  1. I have added a password which I use on other sites
  2. I want to share share this login with an organization. So I want to change the password (and also because this is bad to have one password on multiple sites)
  3. I change the password to autogenerated one
  4. The old password is still shown in my password history so everyone in organization can see it

Right now I have to recreate the entry from scratch, manually copying all fields.

I 'd also like to add another scenario in which this feature is important.

I use a double-blind password system on my password manager, in which I let bitwarden remember and generate the first half of the password, while I use my own, simpler and easy to remember password after it. This is to prevent someone from accessing my true passwords even if they somehow compromise bitwarden.

The problem with password history is that if I accidentally saved my password along with my double blind, even if I change what bitwarden will autofill, it will still remember that double blind. This causes a potential weakness in my password management system, as my password manager now knows my secret other half.

I also consider this very poorly implemented… if you use clone often it will always clone your password history. Which is of course totally wrong for different items… And there is absolutely no way to get rid of an old password in the history. And it is very annoying if you use shared items or plan to share items. I don’t want to share the password history!

… The only possibility is to either do everything manually (and just never use clone, etc.) or to export the whole database to a *.json file, to edit this *.json file (which must obviously include the password history so you can delete it in the file) and then re-upload the *.json file to replace the current vault.

But this seems a very risky option somehow as well…

If I just need to edit the *.json file, it must be similary easy to implement for bitwarden directly, right? So please introduce that I can just delete entries of the password history manually…

Even though this post is a little old, it made me chuckle a bit. I know we’re discussing cybersecurity and all, but this approach seems excessive, considering:
A) your BW password is probably strong (16+ chars)
B) your BW password is probably not used for anything else
C) your BW account is secured using 2FA
D) your 2FA account is probably secured with the same approach as A) and B) (strong password not used for anything else) + a possible biometric
E) you’re probably re-using the same double-blind for every password, so it’s statistically much more likely to have your part of the password be exposed somewhere. And if that’s the case, well, you’re probably security-conscious enough to go ahead and change every single one of your passwords, which kinda defeats one of the main purposes of using a password manager.

If someone could get into your BW account then you’re doing something severely wrong, like writing down your BW Master Password on a post-it, unlocking your 2FA device, leaving them out in the open, then walking away.

The double blind approach sounds interesting in theory, especially for accounts that you want to keep extra-secure, but the reality is that those services typically offer 2FA, and that takes care of that.

What I’m trying to say is that if you’re at the point where you’re considering double blinding your passwords, you’re most likely already taking security precautions that keep your data extremely safe. I don’t see any value added, if anything, downsides like I mentioned in point E). Something you know can be exposed if you constantly put it out on every site, while 2FA at least adds something you have to the mix.