Hey, that’s scary. If I hadn’t been a curious user reading the forums, my emergency access would had been useless when I or my family needed it most!
The text on the “emergency access” option needs to be amended ASAP as a stopgap to make users aware of this gotcha with TOTP/Emergency View, as this has potential to hurt people. What any user would reasonably expect is, “if I got the emergency access, I can log in his bitwarden and get is his credentials for X purposes”. What they get is “hey, I cannot access any of his TOTP accounts!” (exactly the ones that matter).
This shouldn’t (IMHO) be a feature request but a bug and a showstopper one at that.
Just having created emergency accesses myself, I am presented with 2 options (exact text from the page). No mention of any difference between choices other than changing the master password:
View - Can view all items in your own vault.
Takeover - Can reset your account with a new master password.
As a minimum, the “View” text should be something in the lines of "Can view all items in the vault, except TOTP codes, and does not allow auto-fill, too ".
If purchasing a premium account would allow users with Emergency View to get access to TOTP, please state so, too. That would be another possible workaround - if users know it.
If this is a matter of subscription, I would gladly pay another one just to have my emergency view assignee have “full view including TOTPs” when needed. It is useless without it.
The issue with takeover is that I can imagine the following happening:
- I have an emergency and disappear. Family takes over account to log into accounts and investigate.
- I “re-appear” somewhere. Still in a bit of danger, but mostly safe - to get to complete safety, I just need to access one account and… woops. I don’t have access to my bitwarden anymore (was taken over).
Yeah, bit of a stretch, maybe - but can happen.
In any case, more than enough reason to improve the text on “emergency access” with what it does, how it works, limitations and gotchas.
Emergency access is the kind of thing that, if needed, cannot fail.
Better be extra verbose and allow users to make an informed choice.
As emergencies go - people get angry/scared/confused. Imagine a father that got emergency access to the account of his disappeared-while-trekking son. He now thinks he can use location history on his google account, or message history on his facebook account, or private messages anywhere as a lead to find out where his son is - but he cannot as his son was security conscious and had TOTP everywhere… he will be very angry, and at Bitwarden no less.
Sorry to be a bit long and over-the-top, but the View Only emergency access is dangerous as it is, as it can potentially be useless during an emergency. Please fix the wording, at a minimum.
And thanks for the excellent product btw. Whole family uses and loves it!