Vault Health Dashboard - Data Breach Report should do automatic lookups and alerts

Bitwarden Outpost

I was actually expecting to get this with premium: Items should be checked automatically and have a little indicator for weak, duplicated, compromised passwords. Data breaches should be announced via OS notification and a big red banner in every BW app.

I think the current browser-only manual reports are „nice to have“, but nothing more. The consistency of automated checks is far more beneficial than sporadic manual reports on the website. Especially for the ones that we are forcing to use BW (let’s call them family).

Here you can see what I was describing (1Password‘s Watchtower): https://watchtower.1password.com/
Edit (shows exactly what I mean): Use Watchtower to find account details you need to change | 1Password

1 Like

I second this especially for less tech savvy family members who I suspect would never check manually but if they get an alert they’d have a look.

3 Likes

Trey Greer once said that such a feature would require the vault to be unlock or decrypted every time, which is not very safe. There probably might be a better way.

Once a day it could do while you have it open or provide a prompt to initiate it. I believe 1Password checks once a day but I don’t know how they have implemented it.

1 Like

I don’t know how 1P does it, but like MONKiPASS says, checks could be done when the vault is unlocked. For data breaches maybe the service could have it‘s own (secure) database of just the sites in your vault, so it can work independently and warn you if need be.

2 Likes

This would be great! If you are logged in and the vault is unlocked, in theory, it should be able to detect. As others say, once a day would be fine and it could be run as the vault unlocks.

1 Like

Integrate a recurrent automatically checks for all the passwords in the vault to make sure that none of them has been in a data breach via Have I been pwned .

1 Like

I third this. This should be a feature. Typing usernames for multiple usernames in the “Data breach report” is cumbersome.

1 Like

Having a health check run in the (non web) apps when open would be great for instantly notifying users on if passwords need to be changed

1 Like

I have friends that use 1password and Watchtower is the reason they picked 1password over Bitwarden. I agree this feature would go a long way towards matching 1password’s feature set.

1 Like

Hello All,

Had an idea to extend the reporting functions of Bitwarden.

  • When a password has been found to be compromised by a recent leak it should be able to send you an email alert saying your password has been found to be compromised, so you can update it and avoid losing data etc ASAP.

  • Monthly or weekly reports on whether your passwords are weak, being reused or 2fa isn’t used on the account could also be sent out too, keeping you up to date on your security.

  • Adding on to this, passwords older than 3,6 or 12 months old could also be notified for organisations that need to keep them updated.

I would imagine this would be more of a premium feature rather than a free one since you’d be paying for the service.

Let me know what you guys think!

1 Like

Feature name

  • Data Breach Report should do automatic lookups and alerts

Feature function

  • We have to add manually email addresses that we want to lookup. The thing is some people have a lot of different email addresses. For example, I have more than 20 email addresses and aliases. So the feature function would be to configure an automatic lookup for all email addresses contained in a vault’s item, in addition to the manual lookup. Automatic alerts would be useful as well. What I would like to see at best is something similar to 1Password Watchtower, or at least something similar as LastPass Security dashboard.
  • This feature would bring better visibility and alerts for users, and users won’t have to manually check each of their email addresses randomly. Also, it would offer a more convenient security dashboard to users.
15 Likes

I definitely agree that these features need to be developed in Bitwarden as well. It would make Bitwarden easier to use and make it much smoother and faster. Also, password scanning for leaks would add security to passwords, so these are must-have features.

1 Like

Thanks for the feedback, the team is planning for this type of functionality.

8 Likes

Glad to have found this thread as I was about to post something similar. Any time frame for when this would be implemented?

1 Like

Hey @Colosus1 we updated the roadmap and will be sure to share more information as it becomes available :+1:

3 Likes

Feature function

  • At the moment I have to run the reports manually (in Web Vault)
  • My idea and expectation is to run each report automatically (once a day or more)
  • When security issues would be found, notification should be pushed (on mobile device and via email)
4 Likes

This would be perfect.

1 Like

This is pretty much the main feature I’m missing in Bitwarden. It would also be nice if this future dashboard would also be accessible from the desktop and mobile app. It would create more peace of mind and be much more intuïtive than accessing the web vault and going to reports. And when you visit the website, or look at an (possibly) compromised password, an alert would be helpful too.

I hope this suggestion will get more votes, because I think many users will greatly appreciate it.

6 Likes

This feature needs to be prioritized higher than it is.

1 Like