Admin password reset for Family Organisations

Feature name

  • Admin password reset for family organizations

Feature function

  • Expand a feature that already exists for enterprise (password reset) to Personal Organisation plans
  • This will allow people to help out their family members who forget their password.

Hello,
I am a 1Password switcher, and giving Bitwarden a test drive before switching over my family. Since my mom often forgets her master password, the ‘account recovery’ feature that 1Password has is killer (Recover accounts for family or team members | 1Password).
I was happy to see that Bitwarden recently implemented Admin Password Reset, and then extremely dismayed that Family Organizations had this feature cut out.

It would be amazing if Admin Password Reset could be enabled for Family Organizations as well :slight_smile:

Hi @meritotatic - welcome.

You might want to check out Bitwarden’s Emergency Access feature, particularly account takeovers - it might suit your needs:

https://bitwarden.com/help/article/emergency-access/

Hello David,

Yes I am aware of Emergency Access, but that is about giving another person access to your vault, not about restoring access. It also requires a lot of extra setup.
What’s so nice about 1Password’s account recovery (and would be when bringing Admin/Owner Password Reset to family organizations) is that it’s a ‘batteries included’ thing and doesn’t require setup from the basic user at all.

Thank for for the welcome, by the way!

Well, maybe I am misunderstanding the help page, but this is what it says:

Takeover - Selecting this option will open the Takeover dialog box. Enter and confirm a new master password for the grantor’s account. Once saved, log in to Bitwarden as normal, entering the the grantor’s email address and the created Master Password.

I don’t mean to devalue your suggestion - I was just trying to point out an existing method that may suit your current needs.

I was stunned when I realized that my family membership did not offer a password reset! This should be the first thing you enable for the common family, instead, we need to delete and recreate an account for a member of the family who already finds it too complicated to use, stuff like this makes then not want to use a password manager.

Come on #Bitwarden, what do you need from your community to make this happen? You already have that feature in the other paid services, why not the families?

I really hope you rethink this and finally add this to to family membership as well.

Hello Brian - welcome.

I think you make a good use case for adding an admin password reset to Family Organizations, and I hope this is a feature that Bitwarden will consider implementing.

In the meantime, you might want to look at having your family members setup emergency access for you in case they forget their password again. That way, you can go in and takeover their account and reset their password for them.

https://bitwarden.com/help/article/emergency-access/

Apoogies for the late reply, David, I missed the response reminder.

Yes, I realize that feature exists, but its quite annoying to have to do a whole song and dance for setting it up.
With 1Password (and I presume Admin Password Reset on Enterprise Bitwarden), all the person without access has to do is request a reset. You as head of family / admin then get a message you have to approve, and when you approve the family member that needs a reset can just enter a new password.

With Takeover (if I understand it correctly), the family member must first have requested the admin to be a trusted person, then the admin has to accept, and then in future cases you can reset the family member’s password. Its umpteenth extra steps for something that not only should be built in - the code already exists, its just locked away on the Enterprise side of Bitwarden.

Hi @meritotatic currently the way admin password reset works the zero-knowledge encryption architecture is maintained and the way a personal vault and Organization vault work in relation to each other has changed somewhat for this new feature.

That being said currently users will still need to initiate the change from their personal vault first, according to the support article:

Individual users must be enrolled (either through self-enrollment or using the automatic enrollment policy option) to be eligible for password reset, as enrollment triggers the key exchange that makes Admin Password Reset secure.

Typically this would be automated with enterprise policy that would enable this feature and enroll the user upon the user confirming acceptance to the organization that has this policy enabled. At this time users can also still unenroll themselves from this admin password reset feature and disable this protection.
Edit: I believe this used to be the case but appears to no longer be so, and may have been changed in an update.

Users in Organizations that have enabled the Automatic Enrollment policy option will not be allowed to withdraw from Admin Password Reset. Additionally, manually changing your Master Password or rotating your encryption key will not withdraw you from Admin Password Reset.

I don’t imagine enterprise policies would come to a Families Organization, so this leaves self-enrollment which still requires some end user involvement.

Ideally this could be a great feature for those “Family admins” as I expect many of us here who use Bitwarden personally and eventually bait-and-switch those fiends and family members we are successfully able to use Bitwarden as well. Many other members of the family org may be less technically inclined and could be prone to forgetting their master password.

Hopefully this is something that can be considered and enabled for family organizations.

If this feature was available for the family plan, than me and my family would pay for the family subscription. However, in the current state there is not much that this plan could offer to us. It’s a shame really…

Hi @SenkiAlfonz welcome to the forums!

As someone who regularly helps my elderly parents and in-laws with their computers and online security, I totally get why people are asking for this, and I agree it would be a good improvement.

In the meantime, however, I think what works just fine is to setup an account for each member and keep a copy of their password saved in your vault. That way, if anyone forgets, you can just reset it for them.

If sharing a password seems to risky, then simply set yourself up as an emergency contact for the member and ensure you have account takeover privileges. That way, if they forget their master password, you can initiate an emergency takeover and the family member will have to approve it first via email. Once you are in, you can change the password to something new for them. This is more work, but it means you never need to know their password.

That’s what i was planing to do… We don’t have trust issues, so it is a great solution, but in general it is less than ideal.