I assigned logins to my team members. I had some issues with one login and I asked her to share screen on Zoom so I can assist her to solve the problem.
When she logged in using the credentials I provided using Bitwarden Organisation vault, she clicked on the card and selected auto fill option, all information was filled on chrome’s login page and then she clicked on “Show Password” by accident and boom the password was visible.
Just so you know she is a user and I selected “Hide Password” and “Read Only” options. Despite these restrictions she could see all the passwords assigned to her. To check I called another team member to jump on a Zoom call and checked the same and she could see all the passwords as well.
When they can see all the login details then what is the point of paying Bitwarden, I can pass all the user names and passwords to the team and they don’t need to use Bitwarden. I don’t see the privacy or security using softwares like Bitwarden if others can see all the passwords I sotred in Bitwaden.
Did anyone else encountered the same issue? Appreciate if some one could suggest a solution to this.
Thanks
Hi @MS_Rao - sorry to hear about the issues you encountered with hiding passwords from your users. It may be that there is a configuration issue occurring, and that is why your two users were able to use the Show Password button, which you expected to have been disabled for them in their individual user access permissions.
What Groups were the two users assigned to, and is it possible that one or more of those groups was configured to provide access?
One other question - you said she “logged in using the credentials I provided”… did she set up her own BW account? What credentials did you pass to her? She should have had her own login with a password that only she knows.
She has her own BW account… and used her BW login password. I meant credentials I stored in my BW account… sorry for the confusion
Hi dh,
Both of them are users and I created different collections and folders for each team member as they need different logins according to their role in the organisation. I have attached a snapshot. Hope that would help.
Just to elaborate I assigned Paypal to her, she went to paypal website and used autofil option and then clicked on show password. I am not allowed to add more than one media so I couldn’t attach another snapshot.
You should also check the Access Control assigned to any Groups the two users were assigned to. I suspect the Group access allows them permission to view the passwords.
Thanks for the prompt response David,
for some reason I don’t have the Group option under Manage tab. That is something I need to look at why I don’t have that option.