Security Questions

Is it true (as someone in another forum suggested) that, if someone hacks / is able to take over your email, they are able to reset or “get” your Bitwarden password?

Also, is it true that manually autofilled passwords (assuming Bitwarden is configured that way) are not stored in cookies or otherwise susceptible to session hijacking?

Are they pretty secure (assuming your AV fails in some way) when input with that method?

Are there any other major concerns to consider?

Any insight is appreciated!

No, you can’t reset your Bitwarden master password with only email. You might find these help articles to be useful:

https://bitwarden.com/help/article/master-password/

https://bitwarden.com/help/article/vault-data/

1 Like

Thanks for the reply and helpful links!

Any thoughts on the cookies / session hijacking question?

Your vault and all the passwords inside are encrypted in memory when in use - they do not get stored in plain text in cookies or anything. But as I stated in your other post, if your local computer is compromised, you are exposing yourself to risk.

There is a wealth of information in the Bitwarden help - I think if you read through some of it yourself, it will answer many questions. Cheers.