I have noticed that Bitwarden does not have a password reset option. I do have some concern over this. What if the password hash database files get corrupted. Then user’s may unfairly get locked out of their accounts.
What do the Bitwarden employees think of Tutanota’s system of password resetting. The recovery seed is only known to the user and is a second key that can decrypt the private key used for decrypting the user’s information?
Even IF this feature would become reality a user should NEVER rely upon any software to be the end all to their digital lives! OpSec (not my user here, LOL) dictates that all users backup their vault data by exporting it to an encrypted secure location ------- PERIOD!!
Then should the unthinkable happen, and even if any software solution the Bitwarden team comes up with fails, YOU have taken responsibility and are all good! In that case delete your account and recreate it using the same email account. Then simply import your saved export and in under 5 minutes its like it never happened.
The reset framework in Emergency Access will eventually allow us to bring some-sort of password reset functionality. We have it as a backlog item and are giving it the utmost consideration, naturally due to the sensitivity of the feature.
If the encrypted header data got corrupted, the data is lost anyway. There is no recovery. Nearly all encrypted systems work this way. One way to reduce this risk is to keep multiple copies of the critical data in several locations. For example, your encrypted harddrive might keep these data at different offsets of the HD as it would be unlikely for all of those locations to become corrupted without the entire HD being a lost cause anyway.
I do like the concept that Tutanota has for this recovery process. As long as it remains zero-knowledge, I would like to have some sort of “password recovery” process.