When an emergency access request is initiated, the grantor’s web account and the mobile app should have a notification banner at the top of the screen or a red dot on the mm obile app to show that a request has been initiated. Right now we only receive an email regarding the request which may be deleted if our email account is compromised.
3 Likes
Yes. When somebody requests emergency access, I want to see a huge red banner both on my web version as well as the windows 10 version. That is because I get so many emails a day that one could come in and fly by before I even realized it was there, and have no idea that the clock was ticking. Even though I am in the program every day in Windows 10 app, I would not know the clock was ticking at all if I had not caught that email flying by.
3 Likes
I like this idea, and while I have emergency access enabled I guess I’ve never really though about the what if, more so than the intended what happens in the “after” portion so to speak.
As the intended use case for this is to allow access in the event the original account is unable to be accessed, either via disability or death, lost 2FA, or a forgotten master password.
Perhaps a good alternative would be to in a sense “reset” the emergency request timer or invalidate the request all together upon successful account login.
Though this does provide a bit more of a venue for an account take over situation.
1 Like
Continuing the discussion from Emergency access:
Great this feature request has been implemented! Much appreciated 
Just a comment on the implementation (had to open a new topic, as the old one was closed):
I think there should be a very obvious optical alert like e.g. a red banner or yellow/black frame after login into the webvault, if there is a pending take over request.
Just the tag deep down in the settings is just not present enough. The notification email could be undelivered, overlooked, caught as a false positive by a spam-filter, etc. …
Just my thoughts,
paradeiser
2 Likes
A big +1 for this feature request or rather the final polish of the useful emergency access feature.
I agree with the aforementioned concerns. The grantee’s account could be compromised and then it is quite easy to miss the crucial notification via email.
A red banner or another obvious optical alert in all applications seems to be a no-brainer to me. Obviously, I understand that it takes time to implement this feature.
Maybe on option to add people that also get informed via email about an initiated emergency access request would also be helpful. If the grantor is still alive these trusted people (not necessarily grantees) could reach out to see if he’s aware of the process. If he passed away and he granted for example emergency access to one of his siblings, other family members would also be informed that this person/grantee initiated a take over of the account. Maybe an idea for the future. Nonetheless, the banner is more important IMO.
1 Like
+1 this is the only reason i have not enabled this yet. Just a mail is not good enough (delivery issues, spam filters, etc)
2 Likes
Adding my vote and voice to this. In addition to what others have said, I am in Bitwarden almost everyday, but I don’t check my email everyday, and when I do I don’t always have time to get to all my emails.
This feature would also make me more comfortable shortening the emergency access waiting period so that family wouldn’t need to wait so long to access accounts in the event that I actually die.
2 Likes
Hi All,
Some time ago I checked how emergency access works. It looks like after request from trusted person to get access, the email to the owner of Bitwarden account that the access is requested is sent. The request can be rejected if it is not authorized and fake one OR after defined time (for example 24h) of no action the request to trusted person is given. However, (at least) in my case I sometimes do not my email box for several days. That means in case of not rejecting the not authorized request will be accepted. Also I can miss the email if I have plenty of them in my email box.
What I want to suggest to Bitwarden team is that beside the email it would be good that in the phone there is immediate notification. This how it works in Last Pass, and I think it is way more secure and convenient.
What do you think?
1 Like
You could set up a filter in your email to forward emails that come from BitWarden with the Emergency Access subject line (I’m not sure what that is exactly but you can test it to see) to your phone via SMS. Every carrier has an email to SMS gateway as you can see here Email to SMS: How to send text messages for free from your email . That way you’ll get a text message when someone requests access. In fact, even though I do check my email often, I think I’ll do this myself later today.
1 Like
@btcaddicted Welcome to the forum!
You should set the Emergency Access Wait Time to be sufficiently long that you are assured to check you email before the end of the Wait Time interval (in your case, maybe 1 week).
In addition to the excellent suggestion by @JeremyCouch, you should be able to configure some filter in your email client to perform other actions that will get your immediate attention if you receive an emergency access request email (e.g., play a sound and/or display an alert on your desktop).
1 Like
I think it is a good idea. 
I am suprised it doesn’t work that way already but I just tried it and it doesn’t.
1 Like
That’s a great idea in my opinion.
Maybe can we implement it like the « Approve login request » button on mobile ? We click on the notification, log ourselves in if we’re not already, and then approve or deny the request ?
Not sure this button exist on the computer application though.
Also we have to think about how to implement this feature for enterprises, since the « login with device » feature is not available for them.
1 Like
Hi Guys!
thank you for replies.
Jeremy, this is a part or semi solution. The best way imo is to have described by me functionality. The app alarms you then and you can immediately act from the phone. I would add this should alarm automatically and whenever I open the app myself.
Grb, setting 7 days is fine, but not everybody wants to have set such a long time, coz in case if I loose my password for many 7 days without passwords might be real problem, even disaster.
NovaliX, there are different scenarios to consider, like we do not remember password but we are logged in, or we are logged out. It needs to be checked bc I am not sure how everything works. But for sure we should have to have possibility to deny emergency request which should pop up in the phone even if we are not in the app, and should pop up when we enter the app and should demand take action before we could get access to our passwords. Lets talk about it, but I am happy that you like the idea. I also do not know how enterprise version works so we need assistance.
Anyway what I like in Bitwarden in comparison to LastPass is that in Bitwraden you can define are gonna give full access to your account so your friend changes the password and give it to you and you change it for yours BUT alos have possibility to give read only mode. In Last Pass it was only read only so when you gave access you needed to make a new account only which does not make sense for me.
I agree that Bitwarden’s Emergency Access feature is too dangerous to use without some other type of notification in addition to email. The suggested notification banner seems the most straightforward solution.
I would advise others to avoid using the Emergency Access feature in its current state.
And as a security-related improvement I don’t know why this hasn’t been addressed yet, 3 years after Emergency Access was introduced???
+1
Very surprised this has not been implemented yet. Relying on a single email is a huge risk.
I would also imagine that most users who have set up emergency access on a timer would expect there to be this functionality at present, and will be surprised to find out that the only communication to the account holder is a single email.
1 Like
Not having a “warning” message banner clearly visible when accessing your bitwarden vault that someone is trying to request access is a MAJOR issue/oversight.
I really can’t believe this has not been implemented as a priority issue. You are basically giving someone the keys to the vault if the email message is missed.
Bitwarden team can you please address this issue with some level of urgency as it makes the EA feature a risk currently.
edit: Also a triggering of multiple emails would also be nice, i.e. 1st email on request, 2nd at 50% of time to access, 3rd 75% of time to access, final 1 day before access being granted. more warnings the better in this case.
That is not a bad idea either. If you can log in then emergency access request is void. This might be able to be an optional toggle to enable.
Unbelievable, that this thread is four years old and nothing has been done.
Yesterday, I tested the emergency access feature. I couldn’t believe, as I just received a tiny little email as an emergency message.
I expected a firework of messages and banners. Email, push notifications, banners inside the app, the browser extension, the online vault, etc.
This is very dangerous! In an adversarial environment, where the emergency contact gets hacked and someone tries to access the vaults of the people with whom he was registered as an emergency contact, an email isn’t enough.
I immediately contacted the support. But I just received a casual message, that I should watch this thread here and vote it up.
The issue is, that the average user will never test this feature. The average user just trusts Bitwarden. I propose that we should make some noise on X. Otherwise this will not get addressed.
I am still in disbelieve, and very disappointed! Come on, Bitwarden.
This is very critical. I had also created a request to send one email every day 4 years ago, and nothing has been done about it.
Emergency Access request emails - Feature Requests / Password Manager - Bitwarden Community Forums
I like the idea about the banner, but I would like to see it in the extensions as well, since we may not use the mobile app or the web app in 15 days, but we will most likely use the extension. Basically it is so critical that it should pop up red banners in every application Bitwarden supports.
This is a super important feature that needs more attention. Even though you “trust” your emergency contacts, you should still be notified in a very obvious way that the emergency contact attempted to access your vault.
Accountability is critical when implementing “emergency” backup systems like this.