Master Password no longer works, though I never changed it

Today I went to use a password, and was unable to unlock my password vault on both my windows 10 PC and my andoid phone. I have biometric set up, and on both devices it is requesting email/master-password, and on both devices I’m getting the error that email/password don’t match, though both have been the same for months and months.

Possibly related to update to bitwarden app that just happenend. Perhaps only due to a restart requiring re-login which I was then unable to do.

Fortunately I had another computer that was able to be unlocked via biometrics (it had NOT yet updated the bitwarden app since it was sleeping!). While I cannot export the vault (since that requires master password) I was able to painstakingly open each item and cut/paste into a txt file to recover my items.
IMHO, it’s an odd logic to not allow an export given I had access to all the passwords… and could change the timeout to “never”.

  1. Given I never changed my master password, what happened? Did it get corrupted on the bitwarden server? Did I get hacked and for fun they changed my master password but din’t (that I can tell) use any of the passwords?

  2. Hey all, rember to export your vault and back it up! Anything can happen (company goes out of business, etc) and you’ll be glad you have some backup of all those generated and impossible to rember passwords! I nearly lost my entire digital life given email recovery sometimes uses other email accounts, all of which had passwords that where locked away!


Hello @Nala - welcome to the forums! And sorry to hear about your recent issues logging in to Bitwarden.

I hate to say it, but there are dozens of threads that read just like yours on the forums, where users are certain they are typing in their credentials correctly but Bitwarden doesn’t let them in. The vast majority have been reported as solved when the user realized they weren’t, in fact, using the correct credentials. It is a very easy mistake to make.

My best advice is to first check BOTH your email and password character by character to ensure it is perfect. A missing character in the email address for your account or a misplaced capital letter in the password is enough to get your credentials rejected. Try lots of different combinations of possibilities if it still doesn’t work. Hopefully you find it quickly.

And I think you provide excellent advice about exporting and backing up your passwords. I would also add that making a paper “backup” of your login email and password is exceptionally important as well. Cheers!

Yip, and just like all those threads also said, I’ve “been there and done that”

Seen the threads about folks who “washed” it by pasting it into a txt doc and copy/paste and had joy.
Tried that, no joy. I’d suspect some “language” change where an “a” is now a Unicode “a” instead of an ASCII “a” or something, but given it’s on multiple device types (windows PC, android phone), and both the actual app and the browser doodad, that sort of thing seems unlikely.

It was a phrase that I knew very well, and tried it over multiple sessions, and multiple devices.
Clearly it was either hacked (on my end) or somehow my account was corrupted on the server.

I was able to find a device that still let me biometric my way in w/o master password (it was asleep, and I prevented the bitwarden app update).

Interestingly enough while I was unable to export the vault due to not being able to enter the master, I was able to painfully select each item and ‘select all’,‘cut’,‘paste’ to a txt file. Seems odd to require a password to export when the painful way works…

Anyway, I’ve deleted the account, and am now re-populating the new account.
With plans to make backups!

I believe the reason for requiring a master password re-prompt on export is to impede someone who has momentary access to your open vault from exporting all your secrets in just a few seconds. This sort of thing might happen in an office setting where you step away from your PC for just a moment and forget to lock the desktop, for example.

I have never heard of an account becoming corrupted on the server, so that is probably not what happened. If you suspect you were hacked, it would most likely be a key logger on one of your devices, unfortunately. Hope you find it, if that’s the actual cause.

I had a problem with my yubikey validating. Turns out Gboard didn’t have the right language input enabled. Adding that and then going through the process worked just fine.

I’d keep this in mind when troubleshooting Android/mobile.

1 Like