Technical Explanation of Password Recovery

Hey Bitwarden Community,

I am asking myself how Bitwarden (and may other Password Managers too) offers the ability to recover passwords (on a technical level).
Bitwarden follows the Zero-Knowledge-Encryption principle, which means they only store encrypted data and didn’t know my password. Additionally, most cryptographic algorithms only allow one private key, such as RSA (I am not sure about the procotols used by Bitwarden). I assume they are using my password to calculate a private key, which is also not stored. Regarding those facts, there should be only one possibility to decrypt my data, my password.
How is it possible, to recover a password using an authorized phone or a token. Bitwarden shouldn’t be able to create such a token/code, because they don’t know my password.
I would be really happy, if someone could explain it. Technical explanations are welcome!
I am also happy for any suggestion regarding documentation or source code of Bitwarden.
Thank you very much!


Simple: It is not possible to recover a lost master password. Bitwarden does not offer this service.

1 Like

Bitwarden cannot recover a forgotten password ever, but they have implemented a process to allow both Emergency Access and Admin Password Reset which allows for recovery access to the account in a secure manner while retaining a zero-knowledge architecture.
This is given that the admin password reset or emergency access is set up with the account prior to losing access.

A technical explanation can be found here,

1 Like