this post was submitted on 10 Aug 2023
334 points (93.0% liked)
Memes
45663 readers
977 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
just a side note for everyone out there that uses bitwarden: you can reset your password with just your email. that means the admin can see your passwords. The only 3 upstream password managers that don't have that "feature" are 1Password, lastpass and keypass (not counting gpg-based script in bash n friends). Lastpass is obviously a mediocre solution (too many breaches), keypass isn't for everyone (UX). 1Password is a very solid solution and it has public security audits
I've got nothing with agilebits/1Password - i just use it after spending days researching (also I'm a former IT security engineer)
It's so out of context it's almost untrue.
Bitwarden can't find or change your password, and their admins absolutely can't see them either.
You're talking about the "admin password reset" feature offered to organizations (and which doesn't concern lambdas users at all), which must be explicitly activated and which allows admins not to see our password, but to trigger a password reset with notification to the user.
Once the password has been reset, all you have to do is change it, and nobody else has access to it.
https://bitwarden.com/help/forgot-master-password/
https://bitwarden.com/help/account-recovery/
If that were true that it wouldn't be just a side note because it would render the whole Bitwarden product useless. It'd pretty much mean that they are not encrypting passwords at all, so even worse than infamous LastPass. But as the other comment pointed out, it's pretty much not like that.
No you can't reset your bitwarden master password with just an email. I invite you to try and let is know how it went.
Been using Bitwarden since it was on horrendous light blue theme, and I'm fully aware that users cannot easily reset their master password through email ever since.