As mentioned before some competitors already offer this feature. Last time I used Lastpass, this was an option there: Lastpass to automatically login the websites and change my duplicate and exposed passwords.
LastPass user here. While I voted for this because itâs a nice feature that LastPass offers, there should also be an expectation thatâs set. Of the 700+ passwords I have stored in my LastPass vault, there may be 15-20 that work with the automatic password change and itâs always the very popular sites like Facebook, Instagram, Amazon, etcâŚThe ability to automatically change passwords on any site just wouldnât be a reasonable expectation.
2 Likes
Correct, it wouldnât be. But at the same time that isnât a good reason not to implement because it still is immediately useful for the most popular sites especially for a basic user who might not even signed up to a ton of sites to begin with, and more sites will become supported as time goes on.
So we all agree that this feature would be great to have, with just the one drawback that it is impossible to build, as proven by the fact that even LastPass can only make it work for a couple of dozen sites.
How about we build a solution that does not involve the impossibly difficult task of interacting directly with change password pages. I suggest a solution that gives the user a simple interface containing the old and new password, and the ability to copy/paste the old and new password into the change password page of any given site, and update the password in the database when done. Itâs totally doable, it will work for all websites, and it will not be hard for users to understand.
I wrote up a fairly detailed proposal for this a while ago, linking here:
Thatâs the neat part of the fact that Bitwarden is an open source project though!
Users could do the scripting (by following Bitwardenâs instructions) and then submit them for approval. That saves them a lot of work, and makes it so that usersâs requested sites actually get implemented and kept up to date
2 Likes
This is my situation:
I have dozens of passwords in a notebook (yes, in paper). So, I am new to passwords managers. Then I choose Bitwarden for a try (yes, its free). Then, I add every site / password I have. But, I have some passwords repeated in some websites. So, I ask, I need to use the password generator to change my old passwords for strong new passwords, but, oh my God, there is a lot of work to do. So, this feature is required in Bitwarden. When I enter in any site, I ask to change the password in that website, then bitwarden software prompts a new password and I only have to add the suggestion and save it in bitwarden and in the website. That would be cool.
I think a naive implementation is provide a âchange passwordâ botton for each site, and click it helps to jump to the change password page of that website.
In the most ideal case, old password is filled automaticly by the browser plugin, and new password can be generated by just one click, and another click to confirm the change.
I agree that making the password changing process easier would be much more realistic. I had to put in quite a lot of work to get all my passwords changed when I saw all the repeated passwords after I got bitwarden premium. Perhaps combining this with an expiry date to remind you to change passwords regularly could be a good idea?
1 Like
As a developer myself, I think the way to implement something like this would be to create a rules engine/framework that can follow steps to reset a password for a given site. My vision would be something like:
- A user wants to automatically reset their password for a given site. That site is not yet in the list of âknown sitesâ for Bitwarden, so they begin a ârecordingâ session in Bitwarden that records the fields and URLs for resetting the password.
- Recording is completed and tested with the userâs new passwords.
- Recording is submitted for approval or some sort of voting process.
- Recording receives enough votes or an approval and it is then added to the list of âknown sitesâ for automatic password reset in Bitwarden.
This puts the power in the hands of the users, without needing any development knowledge. I am fully aware that building this is not trivial, but itâs also much simpler than manually coding every site.
Thoughts on whether or not this method would be viable and can be implemented? I have a very old, highly used password. It is used across nearly a thousand sites. Iâd like to change it, but manually doing it for every site is too overwhelming, so it remains insecure. I briefly (read: incredibly briefly) considered importing my passwords back to LastPass just to automatically change this password in as many places as possible.
Hi, as a person who had a gig for a multinational security company that was creating a new product that was supposed to do this - I can tell you that itâs very difficult. Keep in mind that I worked at the bottom feeder department. However, the goal of our team was to record certain sessions on thousands of domains. Imagine the nastiest adult content to the most visited sites.
It was a nightmare. Every website behaves differently and has the password change on different pages. Popups were an issue. Email verification was an issue. Every iteration of the prototype seemed worse. Eventually, the project was scrapped, but my nightmares live on.
My take on this: Unless some standard is introduced about password change. I donât believe it can be reliably done. Internet is a too wild, bug ridden place.