Password change history

Store a history of edits on an item’s passwords. This would allow users to recover any changes that were by mistake or are needed at a later date for some reason.

GitHub issue: Add history to all fields · Issue #33 · bitwarden/server · GitHub

Would really, really appreciate this feature.

4 Likes

I updated that request. It was 2 in 1.

2 Likes

Modification of password being highly more important then auditing other fields.

1 Like

@J3D73C4 But it can be hard to predict which fields will contain passwords… I sometimes have them masked like this:

But sometimes have stuff stored without masking. They’re still passwords, though (accidentally deleting something could potentially be quite annoying).

4 Likes

Storing the modification date of a password is really needed for security reasons.
Like for the “Advanced Breach Check”:
https://community.bitwarden.com/t/advanced-breach-check/214

2 Likes

it sounds like you are setting yourself up for this situation: https://xkcd.com/1172/

1 Like

Is there a way to get an email if this feature is ever added?

Bitwarden looks like the best password manager, but I’m not able to use it or suggest it to anyone until this one feature is there.

1 Like

Is there anything we can do to help?

1 Like

Just an encouragement to bump this up in the feature Queue, if possible along with the
Password modification date: Vault items last revision date

We just had an incident where one of the users on a shared Collection wiped out a whole group of passwords with an attempted batch upload. Fortunately, we have a full external archive. But easily visible date-stamp (with an optional view to see who made the change) would be a very positive improvement for BW.

5 Likes

I was a Lastpass user and I am migrating to Bitwarden now. This was life saving in certain scenarios. I believe this is a must have feature.

1 Like

Any field edit at all should spawn a copy creation of the old record before writing the new, either stored alongside the main record (displayed somehow as a “history” concept) or even in a “wastebasket” or separate “history” folder.
It is a major pain having to manually copy out the password field into a new field, save the record, and only then being able to use the password generator to create a new one.
Even this dialogue box I’m typing into right now auto-saves changes and has an “undo” buffer.

1 Like

This one really burned me. I’m switching over from 1Password and just assumed there would be history on changed fields. So, I go to log into an account that is super security senitive and it prompts me to change my password due to experation. I do, using the BW generator, but I pick one that is too long for this paticular site and it rejects the new password. But at that point, I no longer knew the original password as the field was overwritten and I’m locked out. That then wasted two hours of aditional work to get an account reset due to how anal that paticular organization is. Now I know to make a copy first of the current password somewhere before attempting a password change, which is messy, but doable. But it is likely that most people comeing over from Lastpass, 1Password, and others would have the same assumtion about password history being in place.

2 Likes

I started using Bitwarden because of convenience, despire not having local storage. Now I have to rethink it. The history should be a priority after any securty fixes. I just registered for this. Accidentally changed the password of my e-mail when I wanted to change something else. So by doing that I thought I lost everything completely, because losing the password in Protonmail and not having a recovery e-mail means that’s it. So this feature that I would have never thought of was the first thing that came to my mind. Thankfully I had the same password in another record connected with the e-mail, normally I use a different generated password for every single website. There needs to be a history of the last saved password of given record.

1 Like

I see I am late to the party on this thread. I thought it pertinent to mention that in the meantime backing up your vault by exporting a CSV file to be saved in a safe place could save you a bunch of heart ache. That is what I did. Certainly you want to follow needed security when exporting the csv file but if you do what others mentioned above you will kiss the file when it saves your [email protected]@! My .02

2 Likes

Is there a way to get an email if this feature is ever added?

That’s not a bad idea to get a newsletter with the recent changes. But I believe it would be hard to keep every single platform updated since there’s already GitHub with all that stuff. It’s a nice one, though.

Just watch this topic to get email notifications, I’m sure it will be mentioned here when the feature is added…

1 Like

This would be very helpful!

This would be very helpful

Really looking forward to this feature. I just spent hours recovering an account because I needed the old password.