Unlimited password history

I think it would be great to have an option to enable infinite password history, whether that is for the entire account or even just for specific item entries.

Reasoning for this is that many places with strict security use password history as a way to recover an account (or in some instances just verify identity), but using good security practices by having entirely randomized passwords makes this basically impossible.

Runescape is one great example, often requiring a previous passwords history, sometimes dating back to the beginning of the account (and often times wanting a list of all passwords you have).

Not a huge deal but would be a nice to have.

Here’s an example:
Think of someone working in a financial position. Security policies require regular password changes for a financial application or database every 30 days. Legal requirements exist to have the financial data backed up and kept for 7 years. A request comes to restore the financial data for an audit from 6 years, 3 months ago. That person would need to know at least the previous (12*6+3) 75 password changes in order to log back into that restored environment.

I’m not the financial person in the example above but I do have a requirement to track all previously used passwords in the event that a system is restored from a backup for any reason and from any date. Bitwarden currently does not work for me with the current limitation of only tracking the last 5 password changes.

Legal requirements exist to have the financial data backed up and kept for 7 years. A request comes to restore the financial data for an audit from 6 years, 3 months ago. That person would need to know at least the previous (12*6+3) 75 password changes in order to log back into that restored environment.

Wouldn’t they restore all data except for the Login table in that scenario? Then you can login to the restored environment with the current password. I’d find it weird that a system would be designed requiring knowledge of 75 historical passwords.

It’s even weirder since they require you to change password to increase security… then later to used that old password to access backups.

Yeah I’m in agreement here I think. Still it would be nice to have infinite history in the odd situations that it’s needed, such as the aforementioned Runescape account recover type stuff. I mean sure we can just copy and paste the old passwords into the notes section but having it automated would be nicer.

If the audit request is to audit access / permissions to the system, the authentication platform needs to be restored as well.

Typically, restoring old systems for audit purposes, to get old records, to test restoring the entire infrastructure for disaster recovery purposes, etc. are done on isolated networks and intentionally kept away from the live production systems. That means the authentication system (in my case Active Directory) needs to be restored as well.

Feature name:

• Unlimited history password

Feature Description

• Think about this scenario:
• 1. A user forgot their password on a website.
• 2. The site tells the user that recovering the account requires an old password.
• 3. The user does not remember the old password.
• 4. User tries to verify password in Bitwarden.
• 5. Bitwarden only allows 5 recent password versions.
• 6. The user tests the 5 versions of the password, but cannot recover the account.
• 7. The reason this problem is that a version of the password has been overwritten.
• 8. User does not know the overwritten version.
• 9. The solution to the problem would be to have unlimited password versions to avoid this problem.

Clients / Repos Affected:

• Server
• Web
• CLI
• Mobile
• Desktop
• Directory Connector

Timeline to completion (estimate):

ETA: Q4/2020

Unfortunately time travel is still in early alpha-stage…

Does what I said make sense?Its valid?Its true?Yes or no?

Yes, it does make sense. Just check the ETA date in your feature request.
The current year is 2021.

What is ETA / QA?

You estimated that this new feature could be ready in the 4th quarter of last year (2020):

image349×263 3.96 KB

ETA = Estimated Time of Arrival

I am still trying to wrap my mind around this scenario - whose website makes you remember your past 6 or more expired passwords??? Bizarre.

Perhaps the same ones that limit the amount of accepted characters without telling you.

Some ideas related to unlimited password history, other ideas include an unlimited history of passwords and fields.

• https://community.bitwarden.com/t/unlimited-history-option/19514
• History for all fields like Password History

1. Another reference to the unlimited password history would be to compare it to the time machine feature present on Apple’s mac computers, where you have a full backup and can come back if there is a problem: Back up your Mac with Time Machine - Apple Support
2. The cool thing about this is having a copy of everything that was done. This is useful to help prevent password loss. For example, passwords accidentally deleted or by physical(server) or human error. In addition to ensuring the integrity of users’ passwords.

Another reference to the password history that I can comment on is this: https://community.bitwarden.com/t/be-able-to-customize-the-number-of-entries-in-password-history/31912

Here he talks about a feature that customizes the number of entries in the password history

Thanks this is good info to have!

Thanks for your feedback. There are other complementary and interesting ideas that we can mention:

• History for all fields like Password History
• Manually delete an entry from Password History
• Being able to delete password history
• Only store password history when a new password is selected or copied
• Delete history of items - #4 by Charon

Some initial conclusions from reading all these links and posts

1. I think all these matters somehow involve an unlimited history of passwords, items, email, notes.
2. I think it’s seriously important to merge it all into this as a smart history feature. Some believed that unlimited password history is a good feature, but it would have other additional features like changed email history, changed username history, and changed note history.
3. How these fields are created at vault time. All these features are complementary in my view and essential.
4. But since the post is about the unlimited password history feature, consider the links or ideas that talk about it.

idea

1. In order to have an unlimited, reliable and secure password history, it would be necessary to offer the user the following options:

• Option to clear password history in full or in part. That way, the user can select to remove all the passwords from the history or just the one that he wants to remove manually.
• Option where you can set the amount of passwords to be displayed in the password history.
  If you think of the password as just a field to be used, filled in, these features I mentioned are the most essential.

2. I don’t know if these features have been implemented, but for the most part they are interesting and as I said they are good, essential.

Interesting cases:

1. Audit: Know the changed passwords. From the first to the last modification.

• “Reasoning for this is that many places with strict security use password history as a way to recover an account (or in some instances just verify identity), but using good security practices by having entirely randomized passwords makes this basically impossible. Runescape is one great example, often requiring a previous passwords history, sometimes dating back to the beginning of the account (and often times wanting a list of all passwords you have).”

2. Backup: With unlimited password history, we have a complete backup of everything we’ve done or changed, so it’s easy to go back to the newest or oldest version of the password, whether for auditing or security purposes.

• Another reference to the unlimited password history would be to compare it to the time machine feature present on Apple’s mac computers, where you have a full backup and can come back if there is a problem. 1. The cool thing about this is having a copy of everything that was done. This is useful to help prevent password loss. For example, passwords accidentally deleted or by physical(server) or human error. In addition to ensuring the integrity of users’ passwords.
• This feature is present in Evernote, where you have a history of what was changed in the note. If it’s something interesting and feasible, password history is also possible. It would be close to the Evernote feature that has a complete history of notes, but instead of notes, passwords. As far as this is possible, it may have additional features such as field history or notes.

3. We will have the option to define the passwords that will be displayed, as well as the possibility to manually delete the password history or select everything to be removed. Our user freedom would be guarded.

4. I’m not here to criticize anyone, I want everyone to gather ideas so that everything is interesting and within possibilities something good, viable and incredible. That way, we will always have something good and satisfying for everyone.

note

If the user wants to manually delete password history or make a full selection to remove all password history, he needs a confirmation screen to perform this action

other references, complementary ideas or similar

• https://community.bitwarden.com/t/remember-e-mail-history-too/14203
• Require confirmation when clearing the password generator’s history
• Secure Note Edits History
• Version control entire items

This is a great summary here, totally agree with you and thanks for writing this all up!

I also think deleting password history would be critical in this case, especially for organizations that might not want previous passwords to be viewable to people in which the passwords are shared with.