Let’s say I die, and shortly after my subscription ends and for wathever reason it doesn’t get auto-renewed.
I assume my emergency contacts will get access to my account. Do they also get access to my uploaded files? Asking as this is a premium feature, and as per Premium Renewal | Bitwarden you can’t download files if you are a free user.
@had7382 Welcome to the forum!
For a definitive answer to your question, I would suggest that you reach out to Customer Support using the contact form.
I suspect that the answer depends on whether the emergency access grantee has been given “View” access or “Take-over” access. With “Take-over” access, the grantee will define a new master password for your account, and will then use your email address (Bitwarden username) and the new master password to log in to your account as you. Thus, I suspect that they will not have access to your attachments until they upgrade your account to Premium again.
On the other hand, if the emergency access grantee only has “View” access, then the documentation states states that they will be able to view “all items in your individual vault, including passwords of login items and attachments”. Unfortunately, the Bitwarden help documentation is not always 100% accurate, so I would not take the quoted statement as a guarantee that your file attachments would be accessible under all possible scenarios. It may be that the emergency access grantee can only view the file attachments in your vault if your account still has Premium status (and/or if the grantee has a Premium subscription for their own account). Best to either experiment, or to seek a definitive clarification from Bitwarden Customer Support.
One suggestion to avoid this is to purchase account credit for your account, to ensure that it will auto-renew even if your credit cards have expired.
FYI, this will not happen automatically. The emergency contact needs to first initiate emergency access from the Web Vault app, then wait until the configured Wait Time has expired, and finally go back to the Web Vault app to access your vault.
Also, if the emergency access grantee has “Take-over” access, then they need to be aware that the “New Device Verification” requirements may prevent them from logging in to your vault, unless you have disabled “New Device Verification” for your account (something that is very risky to do unless you have enabled two-step login), or the emergency contact has access to your physical devices (and can log in using an app or browser extension where you have previously used Bitwarden), or the emergency contact has access to the email account that is used as your Bitwarden username.
Thanks for your feedback, @grb!
I contacted support as suggested.
One suggestion to avoid this is to purchase account credit or your account, to ensure that it will auto-renew even if your credit cards have expired.
That’s a good idea, thanks! I think I might do that. However more questions come to mind now 
. What happends if Bitwarden increases the prices and I don’t have enough credit? For a normal renewal, what is used first, credit or other billing methods? I don’t see this info in the documentation.
[…] the “New Device Verification” requirements may prevent them from logging in to your vault
Thanks for this as well, I guess I need to follow up. But it seems that Bitwarden accepted it as a bug, so a fix should come in future?
Account credit is always used first. If there are no other payment methods in your account (e.g., credit cards), then you’d need to make sure that the available balance in your account credit will be sufficient to cover future renewal fees (including possible rate increases). What I do is to keep an account credit balance equivalent to several years’ of subscription fees (using the current rate), and then top off the account credit balance after each renewal cycle. Keeping more than the minimum annual fee in my account credit serves as a buffer to accommodate possible rate increases.
Time will tell…
If you get a response, please share any new information that they may provide.
Answer from support:
“View” permission users:
“Takeover” permission:
Additionally, regarding the bug mentioned above
"After speaking with my team, they confirmed that there is currently a bug that is preventing emergency contacts with “View” permission from viewing attachments but this is currently being worked on and should be resolved in a future release."
So long story short, what I get from here is that it does not matter whether my account has premium (and the same goes for the emergency contacts accounts)
Now my opinion: I don’t like that emergency contacts with View access will not be able to download attachments, even if they are premium.
Thanks for the update, but unfortunately, some of these “answers” don’t make much sense.
Since September, 2024, no user (not even the original owner of the vault) can view any file attachments without downloading them. Even before that time, viewing PDF attachments was buggy, and viewing other types of files without downloading them was never possible (there is even a long-standing Feature Request asking for this functionality).
Thus, I find it very difficult to believe that Emergency Access grantees have (or are supposed to have) some ability to view file attachments without downloading them — “bug” or no “bug”.
Were there any qualifiers mentioned that narrow the scope of the above claims? Did the support representative actually understand the scenario in your question, that the owner of the vault no longer has an active Premium subscription when take-over happens? Is the claim contingent on the assumption that the Emergency Access grantee has a Premium subscription themselves?
Basically, if we take the response at face value, and assume that what is claimed is always true under all circumstances (no qualifying constraints), then this would provide a simple mechanism for getting some Premium benefits (specifically, the use of file attachments) for free:
If what the support representative wrote you is accurate, then after the take-over, the Free account will have perpetual access to the file attachments feature, being able to download and modify (i.e., upload) file attachments to the vault that was taken over, without ever paying a Premium subscription fee.
I recommend that you respond to the customer support representative and ask them to read this comment and give you a response to what I’ve pointed out as apparent inconsistencies in their previous claims. This comment is available at the following link:
As noted in my comment above, I believe that some of what you were told may not have been accurate. Perhaps the customer support representative that you interacted with is new to the team and still learning the ropes. Hopefully, someone in Customer Support will be able to clarify the discrepancies that I’ve noted above.
A different take…
My priority is to provide access to my vault in a way that is pretty much bulletproof because I will not be able to answer any questions or provide any support.
Emergency access does not fit the bill well for me because there are too many moving parts that can go wrong, such as the contact rebuilding their vault, the contact losing access to their own vault (e.g. by switching to a competitor), or me changing my encryption settings. And, as @had7382 mentioned, there is no easy way of verifing that all scenarios behave.
My solution is an emergency kit that includes my vault’s TOTP secret. Alongside it are step-by-step instructions for using it, including configuring Google Authenticator (uugh, but simple) to generate the TOTP code. I keep a copy alongside my will and other important legal documents inside an “if when I die” envelope.
Is this the case? And by “encryption settings”, do you mean your KDF settings or something else? Is there a source for this claim, or have you tested it yourself? There is no relevant warning in the documentation, and the described implementation details suggest that Emergency Access would not be affected by modified KDF settings — although it is unclear from the description whether Emergency Access would survive a rotation of the user encryption key.
The Security Whitepaper states: “the grantor’s User Symmetric Key is encrypted using the grantee’s RSA Public Key and stored with the invitation”. So, anything that results in a new symmetric key requires that that the grantee’s copy be regenerated.
What I don’t know is if regenerating the Symmetric Key automatically regenerates the grantee’s copy. But even if it does that is a rarely used and even more rarely tested workflow. Since “simple things fail in simple ways”, I really want my contingency plans to be as simple and well-tested as possible.
Is there an option to request support here? Something like @admin (there are a few, which one?) I agree on what you say, and looks like you are quite knowlegable, but I don’t want to be doing ping pong between the forum and email support, copy-pasting text back and forward. Plus, it seems to me that it would be better for everyone if this conversation with support were public. After all, is not a scenario specific to me but a general one.
The email thread I had with support was 3 emails, in one the stated that “emergency contacts who are granted “Takeover” permission, they will still have the ability to view attachments, regardless of the subscription status for either users”. So for “Takeover” premium or not doesn’t matter apparently.