Master password lost? All hope is not lost!

Ask the Community Password Manager
, , ,
1

Want to share with the community a script that I created to kind of survive a situation where I lost my master password but could still login to the the browser extension using TouchID. As the passwords are there and visible, I figured I could extract them!

The script is: Script to dump all login items from Bitwarden browser extension · GitHub. It should produce a JSON file that you can later on import in a new account. Yep sorry, but no way to recover your master password and I would say that’s a good news!

As it says in the header:

  • Open the Bitwarden extension window and detach it
  • Press shortcut to open developer tools (⌥+⌘+I in macOS Chrome for instance)
  • Filter to show only logins as this script was meant for that only :slight_smile:
  • Copy/Paste script in console and be patient!

NOTE: the script will fail if you have two items that have the same title and username (cleanup before running it!)

If that helps anyone!

2

Thanks for sharing your work. However, I think there is a much easier way to accomplish this, by entering a single line of code into the Dev Tools console after you have unlocked your browser extension. This has been discussed in a few different threads on the Community Forum and on Reddit.

3

Yep saw that after posting my script :sweat_smile:

1 Like
4

BTW found an even more straightforward way to recover my account:

  • Create a new account
  • Create an organization
  • Enable Master Password Recovery in Organization
  • Invite old user to organization
  • Click link in Mail
  • Login with Device with other user
  • Quick and restart Desktop app and authorize
  • Accept invitation
  • With new user confirm in organization
  • Reset master password
5

I assume that if this method isn’t still available, you’re still locked out?

6

Interesting approach!

What does this mean?

7

@nbonamy That’s from your original post in this thread:

Just for a clear terminology: what you mean here can only be unlocking – and not login. Which is an important difference, as you can only unlock when you are logged in. (if you’re logged out, you can only log in)

Now to your last post:

This is an interesting approach but I think there are at least some hurdles - and I’m not sure if it would work in the end:

If at all, that would have to be an Enterprise organization, since only those have Account recovery. (so no free organization and no Families organization would work for that) – Hm, there is a 7-day free trial period. :thinking:

Here’s a potential problem I think: this link leads you to the web vault. And you could only use Login with device in the web vault now, if you logged in there before (in that same browser, and the browser “remembers” that). Otherwise you can’t use Login with device in the web vault.

Second problem: the browser extension can’t approve a login with device request. (at least not yet) So in your case, you would have needed a logged in desktop app or mobile app to be able to approve the request.

Honestly, I don’t know – if you made it into the web vault – if you then could enroll in account recovery without having to enter the master password at least once. :thinking:

If that would work, it would be an interesting alternative.

8

Correct. This should be enabled.

9

Maybe my setup but I need to do that for the login request to appear

10

Worked for me but I am using a self-hosted Vaultwarden so could create an organization

11

And what does to “quick the desktop app” mean?

PS: Ah, did you mean “quit the desktop app”?!

12

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.