Account recovery delay and in-app notification

I did see this when I first searched. My request is a duplicate

Account Recovery/Delete delay with notification

The intent of this feature is to address the fact that while your Bitwarden account may be secure, your email account might not be, and a malicious attacker may be able to horribly disrupt your Bitwarden account even if they cannot access the contents.

An alternative is to have the ability to recover your deleted vault within a certain time-frame if you still know the master password.

Feature function

  • What will this feature do differently?
    • An option to add a configurable delay to account recovery
      • Optionally long enough that a you won’t be in for a surprise at the end of a vacation, crazy week, extended service outage, etc
    • Display a warning to all sessions that a recovery or delete request has been issues
    • An option to dismiss the request
      • And possibly dismiss all future requests for some timeframe
        • Possibly limited to some upper bound, long enough to give the real account owner enough time to secure their email or change addresses
  • What benefits will this feature bring?
    • Protection from denial of service from a compromised email account/address

Related topics + references

A post was merged into an existing topic: Passwordless Account Deletion Should Be Delayed/Reversable