Yep, doesn’t solve for all cases, but hopefully it helps someone
I agree with that and I don’t think this helps the two-people-share-one-collection issue. In our case I am the one with the paid account, my husband has the free account. I finally managed to convince him to use Biwarden though so that’s a win right there
As I mentioned before I created this “family vault” with one shared collection, but once I put items in there, they remain shared forever. It’s a very convoluted solution to (what I consider) a simple matter.
Don’t get me wrong, I LOVE Bitwarden. I fled Lastpass when LogMeIn purchased them and probably signed up for Bitwarden in their first week of existence. I have no complaints at all, except this recent difficulty of sharing passwords with the one I love… which I consider to be unnecessarily difficult.
I’m happy to hear that you guys are paying attention though
I must have missed it when I set up the Organization/Collection because I found out randomly in Reddit that deleting from Org/Collection also deletes it permanently from my vault(as I dig deeper in Reddit, it turns out it was already transferred out from my vault to the collection when I “share”). Then why call it “share”? It’s more like transferring to a new vault. It’s misleading and confusing. If I hadn’t stumble upon the post on Reddit, I wouldn’t have realized the password I deleted from the Collection was gone and that it won’t be in my person vault because it was transferred out when “share”. You need to provide documents/instructions to user how Org works truly. This can be a real shock to many.
In case it is useful to anyone else, here are links to a few other related posts and feature requests I found when I was trying to figure out how Bitwarden sharing works:
I agree with many points made above about how there could be major and minor changes to improve the situation (change the terminology from “share” to “transfer ownership” for example). However there are a few simple changes that Bitwarden could make that I think would both add functionality and make the whole sharing/ownership feature easier to use and understand. I.e. I think this would add value without changing any existing work flows or terminology:
- Make the OWNERSHIP field always visible in the standard item view window. This would make it easier to see/understand who owns an item. Currently this field only exists in the “ADD ITEM” window.
- Make the OWNERSHIP field editable (if you have ownership/edit permissions to the item). This would allow you to move an item between organizations or from an organization to your personal vault (achieving the holy grail goal of unsharing an item without cloning/recreating it)
- Much like requests 1 and 2, make the list view (multi-item) gear “Share” option always visible
For items 1 and 2 this OWNERSHIP field is already present, you just have to unhide it, how hard could that be?
For item 3 there may be unforeseen complexities when you select a mix of shared and unshared items, so this could be more difficult. However it certainly wouldn’t be impossible to have a warning popup stating something like “some items are already shared, any existing sharing permissions will be overwritten”.
@tgreer thoughts? Any chance Bitwarden would ever implement these “easy” changes?
@tgreer Bitwarden needs to have a big warning when you go to export your vault! A warning that only personal vault items are exported, not shared items. This warning could then link to a help page that explains that if you want to export shared items then you must perform an export from the organization that owns the shared items.
The current export help page should also have this note/warning in the “Export a Personal Vault” section.
Yes, once you understand how sharing and organizations work this is obvious. Unfortunately (for reasons stated above) it’s not intuitive how sharing works. Until I read this thread I was blissfully ignorant of the the fact that my personal vault exports excluded any item I’ve shared!
@jimj fair point - I’ve updated the help docs and requested a warning be added to our export functions.
Regarding the sharing changes, I don’t have any updates on direction currently, but we are absolutely looking to make things easier.
I shared a folder of passwords with my brother. Then realised I didn’t want 1 of the passwords to be shared. I deleted it from the Organisation. It was also deleted from my own list of passwords too? So I recovered it from the bin. Then it was still shared but put down as “no collection”. I didn’t want it to be shared at all. It seems a bit complicated to be forced to delete the item and add it again. Luckily I only did it for 1.
After reading other comments, here’s my notes;
If a password remembered the “Author” then it might help manage unsharing.
I don’t want the organization to have a ‘copy’ of my password or any way to keep my password if I unshare it. If it was a very important password and I made a mistake then it should be easier than this to fix my mistake.
I would like to state my desired functionality. I realize some people will want the exact same thing, while others will not want this. Perhaps Bitwarden can be flexible enough to accommodate multiple models and types of users.
All I want is to be able to share and unshare items between the primary account and an organization (or just another Bitwarden account). That’s literally it. I don’t need anything else.
I don’t need to track who had access to the item and when. I don’t need to track changes to the item (anyone with access to the item can edit it however they like). I don’t need alerts or flags. I don’t need bells and whistles. I don’t need anything fancy. I just would like the simple ability to truly share an item and unshare it. KISS (Keep it Simple…).
Most of what you want is possible, did you see this post?
That is not ‘un-sharing’, that is changing access permissions and you are still not the owner. I think Bitwarden understands what is required here but I’m just not sure this will be implemented soon based on their roadmap. Unless this is something they’ll squeeze in at some point.
I think this is a good workaround, until there is a better option - at least this works for me/my family setup
If I’m the administrator or owner of an organisation, I should have all the power.
So just give administrators the power to move the ownership of credentials to single members of the organisation. Probably to myself, which is possible as I am also a member of the organisation.
With great power comes great responsibility and it should not be the business of my service provider (Bitwarden) to hinder me in managing the data to my liking. No matter if my decision is stupid or not. Is there anything that speaks against it?
I agree that software and services (in general) have gotten rediculously dumbed-down in recent years.
For example, I once had a Google Gmail email account. Even though Bitwarden stored my username and password, Google wouldn’t let me log in to my own account because my “password could have been compromised”. Really? That’s my problem, not theirs. It’s the whole point of a password: create it with sufficient entropy and keep it secret or understand that your account is no longer private.
But no… Google wouldn’t let me into my own Gmail account with my own password even after talking with their support multiple times and writing to their executives. I’ve never had a Google account since then, and I likely never will.
Give account owners maximum power, and let us be responsible for our actions.
I think I found a solution, a bit heavy but I’ve tried it and it worked.
I’ll try to explain at best
- Go to your organization, and in a collection, click on the gear icon at the far right of the line of a credential you want the ownership back.
- Click on Collections
- Here for any reasons, you have the possibility to uncheck all collections (not possible from your individual vault page)
- This will make this credential appear in collection “Unassigned”
- Then go to Tools tab (still in organisation) and export all into CSV.
- Clean the file and keep only those unassigned.
- Then go back to your indivitual vault page, and click on Tools tab.
- Finally, import the filtered CSV and Voila: Credential is back in your individual vault.
Don’t forget to delete the credential into unassigned collection and all the CSV files after!!!
Enjoy ! Glad I found this too
Yes, this is the typical way of dealing with shared credentials if you shared too many, but this is also the issue, on top of the fact that sharing is basically “giving it away” rather than “giving access to”, which is a security issue on its own.
This thread has been going for three years. Early on a dev suggested the verbiage should be renamed to ‘transfer’. It’s still called ‘share’. So in the end literally nothing has been done.
How is this not a priority, or at least documented a little better? I went through the same steps some others did here - looked for an easy way to unshare passwords that I OWN from the ‘organization’ for reasons that are my private business, and found no way to take these back except deleting them and manually recreating them in my vault. Why do I no longer own my own passwords? Why do I have to delete and recreate instead of simply revoking access to them? What if there was a time factor? What if I needed this revoked immediately? My answer is to try to be fast enough to copy the details and then delete it before something bad happens?
People share things and then want to stop sharing them. It should be easy and intuitive to do both.
From a security perspective, the current method makes little sense. From a consumer perspective, the lack of movement on the issue is disappointing. From a developer perspective, it sounds like some folks are overthinking the request, or perhaps sharing was over-engineered in the first place. I’m thinking that might be the case, since it seems to move the entire item out instead of just flagging an account to be able to view the item where it is.
I guess I don’t have a choice but to do it your way. But gosh, if this isn’t a big glaring flaw in otherwise flawless software…
Definitely lots of opinions floating in this thread
We are going to change the verbiage soon, currently looking at changing from ‘Share’ to ‘Move’ - since you are explicitly moving an item from your private vault to a shared vault, where it can then be shared.
Should be named “Irreversible Move” as you only have the option to move it in one direction, not both, or “Give away ownership” as you’re not anymore the owner of the credentials after “sharing”. Otherwise you’re implying a reversible action, which it is not unless you use workarounds.
@akcoding The function is named share because you are transferring the credentials to a shared vault… you are indeed sharing it… with a big twist… you are giving away your ownership over the credentials and you are in fact just throwing them away from your vault to another one from which you may not be able to recover them.
I would personally label this as a security concern on various levels. As a “normal” customer this is frustrating as hell if you want to give different levels of access to your credentials to different people and you’re changing, sharing and unsharing them on a daily basis… Not to mention the clutter you’re creating if you want to do so safely… From the development point of view, I said a while back (above) what the best fix to it could be with minimal impact on the system, but it’s not up to me to change it.
The product seems to be very oriented towards enterprises, rather than normal customers. Because of that I believe they didn’t change it yet and don’t actually have plans to change it from taking a look at their roadmap… unless some bic boi will decide their enterprise needs better sharing capabilities.
It really is a shame, as this was the only remaining feature that I needed to be properly implemented (arguably, because I have a few other security concerns for the account authentication). I think this will be my last year of subscribing if it’s not fixed (and from the looks of it, it won’t be fixed anytime soon), as the family plan doesn’t bring me anything useful for actual families… since we’re not functioning like a business…
I suppose that will be true for me as well. This is a good product in many respects - it just isn’t designed for this use and it seems clear from the developer responses that it will not be changed.
Thank you for the replies.