I’ve set up a BW vault for myself, with a premium subscription. Now I would like to do the same for a technologically disinterested family member. I am wondering what the pros and cons of the following three approaches would be:
I set up an account for them, store their master password in my own vault, and log in to their vault whenever any vault items need to be added or edited.
I create an organization under my own account, place all of their vault items in a shared collection, and configure user rights so that I have full read/write access and they have read-only access.
Same as Option #2, but I create the organization under their account instead of under my own account (I don’t know whether there is any practical difference between these two scenarios).
Furthermore, is it possible to set up their vault so that they will never have to log in with their master password (except for the first time), and always unlock with biometrics? Or does the 30-day limit for “offline vault sessions” apply (i.e., does “offline” mean time between logins, or does it literally mean time disconnected from the internet?)?
Great question, and a common scenario, I think. I have run into it myself, and I opted with your scenario #2. That seemed easiest for both of us. The trick is getting the other user to remember to share any new logins they create in their personal vault to the organization, if that’s something you require.
Regarding logging out of your vault, I have heard users state that they use the Vault Timeout option = Never and they have not needed their master password in two years. That suggests to me that it is possible to go a long period without entering a password, but I can’t verify this. I suspect that if you are using Bitwarden at least once every 30 days, it will stay logged in. Hope that helps!
I’d probably create an account for them (#1), then log in with both accounts on your device. That way they don’t need to remember to save new entries to a certain organization which you’d then remain oblivious to if they’d forget.
If you set the vault timeout action to ‘Lock’ and create a unique PIN for them to use should biometrics fail, then they should never need to know the master password. I wouldn’t recommend extending the vault timeout past 15 mins.
David: What would be the advantage of setting up an organization if we don’t have any shared logins between us?
For adding new login items, the workflow I imagine would be: They create a login on some website (without involving Bitwarden) and later tell me the password verbally; I then add the login to their vault and update the password to a Bitwarden-generated random password. I would use some workflow of this nature whether I choose Option #1, #2, or #3 – so that they won’t have to learn anything about using Bitwarden other than how to unlock the vault and how to autofill their login credentials.
I’d prefer not to set the vault time-out to “Never”, as this saves the account encryption key in persistent storage on the harddrive, which I’d like to avoid if possible. I’m hoping you’re right about the 30-day limit being reset each time one has a Bitwarden client app running while an internet connection is available (perhaps it resets on each sync?), but it would be nice to get definitive confirmation about this. @bw-admin ?
If you don’t have any shared passwords, then I guess #1 would work fine. I was just relating what I do with my wife, with whom we do have shared logins.
Regarding the 30-day limit, I did create a thread on this a long while ago but never received a definitive answer.
Thanks, DH. I know very little about organizations and collections, so I wasn’t sure if there would be some benefit to Options #2 or #3 beyond the ability to have shared logins.
What about another use case – in which I myself occasionally need access to a collection of logins (for which I know the credentials, but which I do not regularly use, and therefore do not want intermingled with my personal vault items). I’m thinking I could set up an organization with myself as the owner (and only user, really), but using Access Control to unassign myself from accessing the collection. According to the documentation, I would still have access through the Organization Vault, but the items would not be available in my personal vault. Is this a good solution, or is there a better way to accomplish this? I could set up a separate account for this purpose, but my understanding of Terms of Service is that I am only allowed one free account (which I already have, in addition to my premium account).
I think putting the items in a folder within my own vault would still bring up those items as autofill options, if my personal vault contains logins on the same site.
Yes, that’s exactly what I did to archive my old passwords - I think I posted about it on a thread somewhere here. It works well.
But now with the new Filter Vaults feature, this method works even better. You don’t even have to meddle with access controls, just set you filter to your personal vault only and none of your ‘organization’ vault items will appear in your searches.
Just remember that you have to export your organizational vault separately from your personal vault when you go to backup your Bitwarden data. Cheers!
I have setup Bitwarden for my mom, but not with a family account, but her own account. I basically know the master password. There is a loss of privacy but since I have to login to her accounts to fix stuff any way it was ok by her.
She can’t seemed to type in password over 5 characters long, so the bitwarden is setup so that it does not log her out, but require a pin login. On devices that have biometrics, I used that instead.
Each of her account have generated password. She does not know what the password is. When she needs to change her password, she contacts me.
She does not understand how to get the 2FA. For example, she doesn’t understand how to look up TOTP or even SMS. What i did was to store the 2FA into the account (requires premium), so that she can just paste the 2FA when prompted. This seems to work. Often this is done automatically.
I also limited her devices to her home computer, a phone and a tablet. I then setup Bitwarden on the 3 devices and 2fa for the bitwarden and have bitwarden remember the 2fa so it does not prompt for it in the future for that device.
I setup autofill on page load.
I change all of security question and put them into the notes and tell her to look into the note if she needs to answer questions.
I back up her vault periodically in case she screws up the vault.