I think the Master password hint is not perfect for the cases of some memory loss, amnesia, Alzheimer’s, car accident, etc.
Right now if you forgot your Bitwarden Master password, Bitwarden suggests sending a hint to your email. But presumably, if you don’t remember your Bitwarden Master Password, you won’t remember your email password, so you won’t be able even to get your hint. Especially, if the password from your email was autogenerated and also kept in Bitwarden.
I find such a hypothetical scenario, a single point of failure, which can make your life even harder. Imagine you in the car accident. You lost your memory. You cannot turn on your phone, because after its reboot, fingerprint or FaceID are not enough, it asks for a password, which you forgot. You don’t remember any phone numbers. Maybe they are in Google Contacts, but you cannot log in to it without a password anyway. You cannot access your internet banking etc
You might call me a drama queen, but let’s discuss this very unlikely to happen scenario.
I have a suggestion.
Let’s add a button after requesting a password hint. I have no access to my email.
If a customer clicks this button, Bitwarden shows the message Your request to retrieve password hint was registered, please come back in 24 hours
Bitwarden send an email Somebody requested your password hint which they can retrieve in 24 hours. Click here to cancel that request. Please also ensure that your connection between your master password and master password hint is not obvious for potential hackers
If the link from the letter was not clicked, then in 24 hours you can be given your master hint
I think 24 hours delay somehow protects from hacking your account. But obviously, it is not a bullet-proof, so another suggestion
Regularly, let’s say once a month, Bitwarden shows a popup Please ensure you can recover your master password from your master password hint, but ensure that potential hackers won’t be able to get your password from your hint
Suggestion: If that is the case, you can write the password hint on a piece of paper. Then, store the paper safely, like in your wallet or somewhere in your room.
The problem with your suggestion above, is while it could be right, most users here at BW won’t agree because it will reduce the security level. It is not easy to fulfill the needs for both sides.
There’s no need. Because by default, BW ask for the password each time you want to unlock your vault. The more you enter the same password, the easier for you to remember.
I am sorry I think you are missing the point of this topic. Yes, knowing your master password by heart is an important task for everyday use. But in case if you lost your memory, you have a master password hint. And I just suggested to ensure that master password hint should be good enough to remember your master password after memory loss
My password hint is something like, “there is no password hint”.
If I forget it then it is written down. If I forget it and lose that bot of paper then there is no way to access my passwords.
Different people must decide how they want to have backup versions of the master password, or they can decide not to keep such a copy. That is for them to decide.
Alternative ways of getting to the vault are security risks, as big companies which insist on such alternative methods (like Microsoft) show. I’m not the world’s greatest fan of Google, but their Advanced Protection shows promise and I do have it turned on for important accounts
Have you ever taken a look at the Emergency Access?
“Emergency Access enables users to designate and manage trusted emergency contacts, who may request access to their Vault with a configurable level of permissions.”
The problem with ONLINE password hint is hackers can easily guess your master password, that is if your hint is easy to guess. On the other hand, if that hint is difficult to guess, then, it is useless in case of memory loss, because the user himself won’t be able to guess. It is hard to find a hint that can balance between the two.
The best would be to write your hint, which is easy to guess, on paper and store it somewhere safe offline.
