Emergency access: After invite but before granting access

Two Bitwarden users, Sally and John.

Sally is the primary Bitwarden account.

John is the emergency contact.

John’s Bitwarden account is hacked and the hacker “requests access” to Sally’s account.

Sally has a 7-day waiting period applied to takeover requests.

  1. During the 7-days, can Sally cancel the request and remove John as a trusted contact, thus thwarting the hacker’s plan?

  2. If Sally never sees the takeover request notification email, the hackers then are given access to Sally’s account?

Hi @Blue-Black!

Yes, you can go to your Emergency Access settings at any time and remove access for a Contact.

Yes, but the idea is that you are seeing all your emails unless you are incapacitated or worse.

2 Likes

I’ve been wondering about this too. I’ll need to check feature requests to see if it’s been suggested already, but I think it would be great to also get an alert through the extension, web, and mobile app because email is not always reliable.

1 Like

A mobile notification would be quite handy. Likewise just for new logins in general.

Thanks. Let’s hope I never have to test this use case! :upside_down_face: