I have all the passwords I need in Bitwarden. Some I cannot change, some have been assigned, some have been shared, they are not mine to change. Some of the weak passwords do not need to be any stronger. Some of the weak passwords cannot be any stronger. I keep archival cards to keep track of old accounts and the last active password used. I can see the appeal of the feature. I have nearly 100 passwords being flagged as at risk based on the reports. I have assessed the risk and accept it. I would now like to have the warning gone. I do not reuse passwords for important accounts. I do not use weak passwords for important accounts. My experience with this feature is very poor. I have already reached ignore the warning stage.
2 Likes
I just thought Bitwarden leaked all my passwords lol. Definitely not a good look to declare ALL passwords of a user as at-risk all of a sudden… I only wanna see that warning in case my password was found on dark web or there was a massive breach recently or something actually serious
1 Like
I guess your vault contains a lot of duplicate items? If not, the warnings should probably be taken seriously. Have you run the Vault Health Reports?
Can’t upvote because I’m “locked”
But I am a paid user, and my feedback is the same as all the above:
- the passwords in question aren’t mine to change
- the fact that they are duplicated is known and not a concern
- the banner doesn’t explain why the password is at risk, which is double-plus-ungood.
Without a way to dismiss the banner, if one of these passwords is leaked, or otherwise compromised in a way that is important to me, I won’t know, because I’ll have been ignoring what is secretly a “password is duplicated” banner that I cannot dismiss, and there’s no apparent distinction between that any other risks.
3 Likes
Yeah I came here to give a scenario like this exactly because in cases of active directory I have multiple formats like outlined above using the same password.
@SamBleckley @jhlasnik Welcome to the forum to both of you!
You’re only “locked” because you have a new forum account and just have to spend a little bit more time on the forum to get “promoted” to the next trust level (Discourse forum trust level system). Then you’ll be able to vote for feature requests.
Dismissing a risk that was never explained is still going to end up with banner blindness. We need to know the risk. I came here for this on an account with a 18 character alphanumeric that is used nowhere else and I only get to assume bitwarden says its at risk due to no symbol characters. I don’t know it, for all I know Comcast (who doesn’t let me use symbol characters) was also breached. We need to know the reason, and be able to dismiss it when we’ve determined the actual risk level.
(Ridiculously they force alphanumeric only but also mfa)
@computererds Welcome to the forum!
To help determine whether what you’re seeing is a bug, please run the three relevant Vault Health reports (exposed/reused/weak passwords), and check whether your Comcast login appears in any of those reports; also check your Trash folder to see if there are any deleted items that contain the Comcast password.
1 Like
Ty–it’s a bug, it turned up on no reports. Nbd if I could dismiss it. Oddly still can’t add my vote to this after several hours. I’ll leave it up and try tomorrow.
And you checked the Trash, as well? FYI, bugs should be reported on Github; bug reports are more successful if Bitwarden staff are able to reproduce the issue, so the more details you can provide, the better.
You’ll need to spend a little more time reading additional topics on the forum before your forum trust level is upgraded to basic member (allowing you to vote).
Yes, nothing in the trash except for the old stale logins I’d just deleted going through the reports. I’m not worried about a one off weird entry alert bug. I’d rather not take someone’s time on that when hopefully they’ll be dismiss-able soon.
Voted for this feature request. As currently implemented, the “Change at-risk password” message will undoubtedly induce Boy-Who-Cried-Wolf syndrome. And simply making the URL link go to the website of the login is useless.
1 Like
You have to allow google tags to be able to get your trust level up to vote. Informational for anyone else blocking them.
Also upvoted. I think the banner is overall a helpful and important feature, and one that I would expect from a first-class password manager.
However, I would still like the ability to “Acknowledge and Dismiss” or at least “Acknowledge and Snooze” the warning for situations where I have more context than Bitwarden does (or can’t currently change the password for reasons outside my control).
This is important for all the reasons already express in the request and discussion, and because I have a real-world example:
- One of my consulting roles requires login with a password composed of a fixed id plus a complex hardware-based token. The fixed portion is 8 numeric characters.
- In this case, Bitwarden is absolutely right! The “password” I have stored in the app is weak. The problem is that Bitwarden doesn’t know what I know: that there is no way to access any system with just that password.
- I should be able to dismiss the warning for this entry, without disabling the feature, based on what I know that Bitwarden doesn’t.
1 Like