I created an admin account and set the password. It looks like this password is also the master password. I created some test users and they are asked for the master password to unlock the vault after authenticating. But if regular users know the master password they can log in as the admin account and wreck havoc. There’s no way that’s how this works right? What’s going on here?
Every user should be invited to to the organization where they can choose their own master password. You definitely don’t want to share the Admin’s master password with your users!
Every user has their own password but they don’t get to make their master password. Users are being prompted for the master password and only the admin master password works.
Master password just means the password each user chose to secure their Bitwarden vault.
It does not refer to the Admin master password specifically.
3 Likes