I just changed my master password yesterday. I wrote the master password down immediately and there is no ambiguity as to what the password is. When I tried to log back in, the new master password is not accepted. I tried the old one and it is not accepted either. I have tried getting a password hint but I haven’t received an email the half doxen times I’ve tried it, and they’re not in spam. I did not change my email, and I get emails all the time from BW with no problem so I’m at a loss.
I am still logged into the browser extension and my mobile app. I can log into the browser by using the mobile app. I can get to all of my passwords but when I try to export them - as suggested by numerous support threads I’ve read here - I am required to input a password that SHOULD be working but isn’t. This is a glaring, silly problem, because it doesn’t help secure me from any situations - anyone that has access to exporting my passwords has unfettered access to my devices and the entirety of my passwords without needing a password, RIGHT NOW - but it absolutely hamstrings me from recovery that BW itself is telling me to do.
I’m shocked at how this has worked out. I am freaking out because I have so much information here that is about to become impossible to retrieve. I’ve changed my master password before with no problem. It was incredibly fortunate that I didn’t tell BW to log everything out or I would be monumentally screwed.
Why isn’t the email working? Emails are not in spam. It’s the same email that BW has sent me emails for years. What else can I do to fix this mess?
Normally, Bitwarden automatically logs out (deauthorizes) all your sessions when you do a master password change (usually within an hour of the change), so it is critically important that you disconnect your devices that still have logged-in Bitwarden clients from the internet — immediately!
As long as the device is off-line, it will not receive notice about the session de-authorization, and you should be able to remain logged-in long enough to do a vault export as explained below).
You should be able to by-pass the master password requirement for vault exports, if you feel comfortable using DevTools. I have provided a set of instructions here — the instructions are from 2024, so a few details will have changed since then, but users have reported as recently as last month that the procedure still works, with minor adjustments to some of the line numbers (see here and here).
There is also a simpler technique, linked in the P.S. of my detailed post. However, if you are using a non-Chrome browser (specifically, browsers still using “Manifest v2”), then you will have to refer to the follow-up discussion just after my original post, and read the instructions provided here.
If you let me know what browser and operating system you are using, I might be able to provide more specific instructions for your extension.
Is it possible that you did not select the correct server region (bitwarden.com vs. bitwarden.eu) while on the login form?
Other than that, I would strongly recommend that you contact support to check if there could have been a back-end corruption of your account data. If they find such an issue, then they should be able to restore your account from a backup (but only if it has been less than 7 days since the password change).
Don’t delay disconnecting your logged-in devices from the internet. Or, if you must connect your computer to the internet, refrain from opening the browser that has your logged-in browser extension.
There are some things you could do to mitigate what happened to the OP:
Before changing the master password, email, or password hint, make sure you export your vault first. Changing the information (or rotating the account encryption key) has been known to cause vault corruption, which may be what happened in this case.
Writing down the new master password, even using copying and pasting, might help with the common twitching fingers and temporary dyslexia.
Emails from Bitwarden might be unreliable for accessing your account. It probably wouldn’t have helped the OP (because it likely is a vault corruption). Have alternatives 2FAs rather than your email.
Typically, for any users (new and old), I would recommend the following practices to keep your Bitwarden account safe and accessible:
Use at least 4+ word randomly generated passphrase
Enable 2FAs, at least TOTP authenticator or hardware keys.
Have an emergency sheet, writing down your account email, password, and 2FA recovery code; your email account credentials may be essential as well.
Export your vault regularly.
Have safe cybersecurity practices and stay away from malware, phishing, and scams.
Normally, Bitwarden automatically logs out (deauthorizes) all your sessions when you do a master password change (usually within an hour of the change), so it is critically important that you disconnect your devices that still have logged-in Bitwarden clients from the internet — immediately!