Search by password

It would be great if there was a way to search by password, for example in the scenario described here:

I got notified of a compromised password recently, but I don’t know if I still use that password in the hundreds of bitwarden entries I have…

I’m in this boat too, but note that it can also apply to randomized passwords as well. I just received notification that one of my passwords was leaked in a breach, and the notification gave the first few characters of the password. It’s clearly a generated password, but I have no way of knowing which account it’s associated with.

3 Likes

Hi,
I would really like to have this function.
Here is another example of what it can be useful for.
I have logins that I have to use on several login pages.
That means, that I have to use the same username and password to log into multiple web applications.
These are login data from an Active Directory and will change for security reason every month!
To be able to log in to the different web applications with Bitwarden, I have to create a separate login card in Bitwarden for each application, which means that I have a lot of login cards with the same login data.
Changing this password every month is a challenge and robs me unnecessary time.

If I could search for a password (and/or UserName), I would have identified all the logins concerned immediately and could make the change more quickly.
Only searching by user name, will also not solved the problem, because in some web application I have to use my E-Mail address as user name and in other applications my user id (f.ex KB1234) …, but always the same password.
Its a little tricky :wink:

Certainly there are some little tricks that can help …, f.ex to put all this concerned login cards in one folder or to always use a common text string in the name of the login cards, etc …
However, this is not the nice way and is always an unpleasant compromise.

So, I think improving the search tool could help a lot.

Many thanks

You/we can always export the vault and search the resulting text file. @KeiKoo , IIRC, you could also do a search/replace in the export file then reimport it (via the web interface) assuming you keep the work-related password unique to those credentials you want to update.

That being said…I too would like the ability to search without doing an export. And as an extension to what @KeiKoo said regarding creating a folder and putting the logins in question underneath, it might be nice to have an option to set a password at the folder level and have the items underneath inherit the parent password by default - that way, you’d only have to update it in once place.

1 Like

I think exporting to text file is a pretty dangerous action. This always has the danger of accidentally uploading the exported text file (unencrypted) to some file sync (Dropbox, iCloud, …) or backup service (CrashPlan, Backblaze, …). In addition, if you have some malware installed stealing your files, I wouldn’t want to have a plaintext file with my passwords (and 2FA information! and secure notes! and credit card information!) just lying around on my hard disk. Same if the laptop you stored the file to is stolen (and the harddrive is not encrypted).

3 Likes

That’s certainly something to keep in mind but Bitwarden gives you a pretty good warning in advance and I think some amount of common sense can be expected from the majority of Bitwarden’s users.

image

This would be very useful for reasons others have mentioned. In particular, to be able to find password re-use and to rotate after leaks. 1password had some good functionality here. Exporting the vault to do this is far from ideal.

I think I requested this feature long ago as soon as I switched to BW.

One thing about exporting the vault and searching, though, be ever-mindful of those automated backup files that get written all over your disk, including the pagefile and hibernation files on Windows. Notepad.exe is your friend here, albeit limited in functionality.

Likewise. I’m looking at three generated passwords that were found on the dark web, absolutely no idea what sites are involved. We need to be able to trace passwords back to sites!

I’d really like to see this feature implemented as well. I have tons of accounts/passwords that I’ve imported from various sources into bitwarden and being able to locate entries that are using a specific password (or substring of that password) would be invaluable to me.

If they all use the same credentials, why do you have multiple login entries with the same user+pass instead of one entry with multiple URIs? It seems pointless to have multiple entries to me.

This would be very helpful, especially with generated passwords where I can’t recognize which account they belong to out of so many entries in my vault!

I have an exposed password that looks like gibberish, and now I have to go through each and every entry in my vault and view the password and match it to the exposed one. This feature would save hours of manual effort.

Hi @rggjan, Vault Health Reports are available for premium users, including members of paid organizations. The Exposed Passwords Report will show a list of affected accounts.

1 Like

If you’re using the bitwarden CLI utility, jq and Linux, you can do something like this :slight_smile:

bw list items | jq -r '.[] | [.name, .login.password] | @tsv' | grep <your weak password>

You simply extract your vault in JSON and process the output with “jq” to print the entry and the password on one line, you can then filter with a good old grep

When you know one of your passwords is filtered but don’t know the service is hacked, is a must a feature to search the password in Bitwarden database.
Now the only solution is export the database to JSON and seach inside the file, but this is not safe and takes unnecesary steps.
My request is: allow bitwarden search not only name of services, but also passwords!

Today I received another email requesting bitcoin payment because a “hacker” have my password and it is “xxxx”. I recognized this password is mine, but I’m unable to know which service is compromised because Bitwarden don’t allows to search passwords.

The Vault Health Report isn’t finding my exposed randomly generated password. I don’t like being forced to choose between wasting hours searching all my logins or sitting around with an unknown and potentially sensitive account exposed until you guys catch up. It’s not a pleasant experience and I hope this oversight is fixed soon.

Hello @emmarress - I am having trouble understanding your issue. The Vault Health Report clearly identifies the account matching the exposed password, so there should be no difficulty identifying both the login and exact password that matches the exposed information. Can you please elaborate on what information you were hoping to see? Perhaps someone here can help you to obtain what you are looking for, or help you to understand how this service works. Cheers!

Hey @emmarress can you provide a little more information about your request? Where are you finding out/what service are you using to find out about your randomly generated password breach?

@dwbit Knowing where the person discovered a particular password was exposed is not really relevant to the problem. The problem is being able to find all accounts which are using a specific password. It could have been told to the person via word of mouth that it was exposed. Or someone could have discovered sticky note on a desk that was left out that the person knows was previously used for lots of old passwords.

My reason for searching out this issue and finding this feature request is having imported passwords from previous password managers into bitwarden and knowing that previously my password generation methods were not as strict. I would like to go back and change all accounts with a specific password.

Thanks for any attention you and the team could give this.

1 Like

As someone who migrated from 1Password this is a feature that I did use and miss. As an example, work makes me change a particular password every few months. I type it every day. When it’s time to update it I wish I could just search for the password to jump quickly to that entry so that I can update it. I can’t install the client or browser extension on my work laptop.

1 Like