Maybe they could allow you to brute-force your password without CAPTCHAs?
Comment on Any strategies for guessing a passphrase that I am missing one word of?
WtfEvenIsExistence@lemmy.ca 9 months agoI don’t have paid plans, but even if you did, how does support even help? Isn’t it supposed to be end to end encrypted?
xigoi@lemmy.sdf.org 9 months ago
Asthmatic_Goose@lemm.ee 9 months ago
“Hello, Bitwarden? I’d like to hack one of your customer’s accounts that I do not know the password to, allowing me to access all of the passwords you are storing for them. I mean me. Because it’s my account, I promise. Pretty please?”
xigoi@lemmy.sdf.org 9 months ago
But they do know most of the password…
SolOrion@sh.itjust.works 9 months ago
Doesn’t matter. Passwords aren’t stored as plain text in any scenario where it is even remotely important to security. It’s entirely too easy to access otherwise.
They have absolutely no way to confirm your password us accurate unless it’s accurate.
WtfEvenIsExistence@lemmy.ca 9 months ago
I doubt they’d do that. That’d just allow anyone to claim to be the rightful owner and get an easy way to brute force.
Might as well send me the hash of the password and let me locally brute force it.
Hmm… maybe I should ask. I doubt they do it tho.
Hildegarde@lemmy.world 9 months ago
Paid enterprise customers can configure bitwarden to have an emergency account recovery option. This lets them recover access to bitwarden using the orginization’s private key.
Its not an option normal users have. Good luck remembering your password.
HeyThisIsntTheYMCA@lemmy.world 9 months ago
You’ve just given me a good reason to pay for bitwarden (if my password wasn’t “photo photo photo gift map” and I was never going to forget that)