| > When you rotate an encryption key, you must immediately log out of any logged-in sessions on Bitwarden client applications (Desktop App, Browser Extension, Mobile App, etc). […] > Making changes in a session with a "stale" encryption key will cause data corruption that will make your data unrecoverable. I love Bitwarden but this is just… borderline hilarious. Laughing nervously. God damn it, don’t write a damn “help” article about it, create a P0 bug, fix it asap and write a post-mortem. Field report: I tried to see this UX in action and while it is indeed bad, there are some redeeming factors: - By default, you don’t rotate encryption key when you change master password. This is opt-in. I’m not qualified to say whether this is a good default or not. - If you do, a full modal warning pops up explaining to log out or wait an hour: - They invalidate the sessions automatically, but this is delayed. AIUI you have to tick the box, not read the warning, hurry to a different device and modify the vault, and have pissed off the cache invalidation gods all at the same time to reach corruption. |