“Emergency Access” / Legacy functionality with features similar to how Bitwarden handles this.
I use both the password manager and the authenticator.
I see the info online for emergency access for the password manager. I am wondering if there is a similar mechanism for the authenticator. Since so many passwords do require 2FA these days, it seems only natural that the emergency contact would need access to both.
I realize the security would be an issue, but I am confident that your clever developers would find a solution that is workable and secure.
What exactly did you mean by “legacy functionality”?
The Bitwarden password manager has an account (username, master password, …) - the Bitwarden authenticator does not. How should “emergency access” work with something that is only stored locally in an app on your device?
I guess, when the syncing functionality between password manager and authenticator app comes, this is a different situation then…
PS: I added “… password manager” to the title.
Digital Legacy, what happens to the account when the account owner is gone.
Both a method of emergency access (in the event the account owner needs someone to temporarily handle their affairs) and digital legacy (for the account owner’s beneficiaries to handle their affairs; either via requested > delayed > gained access or takeover) are important for digital assets these days. Like @Ian_Perryman mentioned, whoever would need to access someone’s passwords would also need access to the 2FA.
As you mentioned, this added functionality would require accounts and syncing functionality like Bitwarden does, I see that synced codes is on the roadmap like you mentioned. Ideally, the ability to create/use an account that doesn’t rely on a co-installed Bitwarden app, so, if so desired, users can choose to maintain password/2FA isolation for security reasons.
I guess I did not realize that the authenticator is local only to the device.
Thanks for pointing it out. Perhaps this will result in some thinking on how all this works in the case of the inevitable discontinuities in life. Events such as death or other incapacitation, device theft/loss, device transition (new device) etc.
What is the user experience for the person dealing with this discontinuity?
How to make it secure from spoofing and simple enough to allow non tech folks to succeed with high probability?
Seems like a tough challenge.
Not sure if other password technologies like passkeys have a solution to this issue either.