Security Classes / Risk Level

When I added my entries from KeePassXC into Bitwarden, I thought about changing the password for some entries (up to now I have 20 digits, now I have 25 digits).

Here I recognized that my password entries have different risk levels:

  • Low: Entries where a password leak is harmless (like some forums or download sites where registered users get a “donation” version.
  • Medium: Entries where a password leak would be more dangerous, but not critical (like access to hotels, car rentals, etc)
  • High: A password leak would be critical, like Amazon, Paypal, shares, bank accounts, etc.

Please do not discuss here, if the examples are correct or should be moved to an other group.
These are just examples.

I just want to suggest that users can cluster their passwords to these 3 risk levels.
Maybe Bitwarden automatically suggests risk levels for some very popular pages.

These Risk Levels can be considered in the password reports (passwords with a high risk should be changed first).
And also in the Inactive 2FA Report.

Maybe there are other usages for this classification.

I didn’t quite get what is the point of these “risk levels”. Since you are using a password manager, there shouldn’t be a difference between the passwords of a “low” and “high” risk item. They are all random generated, and since they are 20+ characters long, they are way…way out of reach from any common password cracking attacks.

You mentioned changing the password of a “high” risk item. However, you didn’t mention why and when? Because periodically changing a password does nothing for your security. Since the password itself is already unbreakable, either your computer or the server must be hacked (databreach). Only in those cases it makes sense to change it.

I have also been thinking about this. I’d like to be able to set accounts I don’t really care about as low security, and then not be required to log in to use those credentials.