✅ Password hygiene report

I’d like a Password Checkup feature that highlights passwords that are old, reused, or insecure.

1 Like

This could be implemented with the “Advanced Breach Check”:
https://community.bitwarden.com/t/advanced-breach-check/214

3 Likes

Something similar to Dashlane’s Security Dashboard functionality would be fantastic:

  • List how many (and which) of your passwords are weak
  • List how many (and which) of your passwords are duplicates
  • For Teams/Enterprise the ability to see how many weak passwords each user has (but not which ones)

In addition to storing and managing our passwords I feel strongly that Teams/Enterprise plans should help administrators oversee and enforce stronger password habits from our users.

2 Likes

This is a fantastic and crucial idea! @OLLI_S, I like the Advanced Breach Check, but this is a bit different. @zachMade, I couldn’t agree more. The Dashlane Security Dashboard is fantastic. I LOVE Dashlane (in comparison to LastPass anyway). I moved over to Bitwarden because I like the idea of FOSS and I didn’t like the pushiness of Dashlane with automatic logins. The Security Dashboard, however, was amazing. It reports both the robustness of your password and whether or not it’s been used on more than one account. Helps maintain good hygiene. Crucial for those (like my mother and sister) who pay very little attention to such details unless prompted.

Also, I really hope this issue has been responsibly resolved:
https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a

5 Likes

I’m very interested in this point. What would be a next step?

1 Like

LastPass has something like this too, which is sort-of gamified (“what’s your score” etc). The service basically compares all the passwords you’ve saved and suggests to change duplicate ones (in some cases automatically, but that’s fairly unreliable).

I used to do periodic runs to chip away at the backlog and raise my score. It would be fun to have something like this in BW too.

I really like LastPass’s all in one report for all of those issues instead of having to go check them item by item.
One wholistic report is much nicer.
I think LastPass also let you see your staff’s scores which is helpful to keep your team in check.

It would be great to get the score totals for the people in your organisation too in order to ensure your organisation’s passwords are secure.

I think it’s important to know:

  • If it’s compromised (unchanged since a leak / breach - haveibeenpwned)

  • Weak passwords

  • duplicate / reused passwords

And then an easy link or option to open the site and change the password for each item.

I like how lastpass warns and links to things like these where they password hasn’t been changed since the breach - not only a specific haveibeenpwned results:

.

3 Likes

This would be very helpful. Is there any plan to implement it?

And not forget passwords used twice

I’ve switched to free decentralized Password manager called Myki which also boasts this feature. Called the dashboard, I find this very useful.
Bitwarden has a lot of catching up and security fixing to do to get up to LastPass, Myki, etc… At least that’s what I personally think

I am currently contemplating switching to BitWarden, but so far the main issue I have is that SafeInCloud seems to support a few more features. I just would prefer the openness of the source code.

MyKi seems to be the most suspicious of the password manager to me. Feels like a classic start up who wants venture capitalist to come in and buff it up so they can sell out.

While Bitwarden is run by someone who feels more down to Earth and actually wanting to help people.

2 Likes

Well it’s been around for a few years and doing some research on the company showed that it’s in fact quite good. And is actually able to execute a good functioning password manager that has both the benefits of being an offline password manager together with the ability to sync with various devices. It even managed to achieve quite a few feats, becoming the top 5 of Apple’s list of Password managers being one of them. Not to mention built in autofill 2FA so no need to use authy for codes. :stuck_out_tongue:

I think your suspicions are a bit unfounded. Bitwarden is great, but Myki offers a bit more plus the whole fact that it doesnt store any of the passwords in the cloud thus limiting the ability to get hacked like what happened to LastPass a few years ago.

Just came across this, it seems that they are considering to shift from close source to open source in the near future. When this happens Bitwarden will have a big rival on their hands.

The ability to conduct a hygiene report across the whole team would be fantastic.
It’s important to know that none of the team members are endangering security in that way.

2 Likes

Fingers crossed this one is added. A very useful feature.

I wonder if it would be possible to search through the vault for a specific password so that if you were to suspect a one had been breached or used more than once then you could easily search to see which accounts need changing?

Not having to click one each password / login one by one to do a haveibeenpwned check on them would be nice.

1 Like

I just registered to ask for this, would be great.
What I don’t understand is why any dev doesn’t come here to say that they will or not implement the feature to cease our worries. Not even a word.

Having something like this would make it really easy to convince my friends and family to switch to using a password manager.