Yeah. While I can understand wanting to be able to reset a user's password as an administrator of other users (eg. an IT department supporting those who forget their master password), it's also a security problem to allow such a feature. Basically, all user accounts under an organization would need to be encrypted with two separate passwords: the user's, as well as the IT/admin/company "master key". Having all users' passwords encrypted with a master key password to allow resets means all users' passwords across the entire organization can be compromised by a single IT employee's master key password.
Personally, I'm ecstatic that there is no recovery process to reset or recover a Bitwarden master password. No security questions. No email reset. No one-time use login codes (which would need to be stored somewhere not encrypted by a user's secret key in order to verify). Again, I can understand why an IT department would want that, but all that does is open up attack vectors that are very easy for an attacker to abuse.
The whole point of the master password is it's the ONE AND ONLY password you cannot forget or lose. One... lousy... password.
Personally, I'm ecstatic that there is no recovery process to reset or recover a Bitwarden master password. No security questions. No email reset. No one-time use login codes (which would need to be stored somewhere not encrypted by a user's secret key in order to verify). Again, I can understand why an IT department would want that, but all that does is open up attack vectors that are very easy for an attacker to abuse.
The whole point of the master password is it's the ONE AND ONLY password you cannot forget or lose. One... lousy... password.