Instead of giving my grantees emergency access to my entire vault, I would like to be able to give emergency access to (i) a specific organization in the family sharing plan, or (ii) a specific collection within an organization, or (iii) identify specific records in my vault to be shared with emergency access to a specific grantee.
Here is what I am trying to accomplish… There are 3 categories of logins that I have in mind…
- Logins that I want to share now, while I am alive,
- Logins that I want my partner or heirs to access after I pass away, and
- Logins that I never want to share with anyone whether I am alive or dead, I want those logins to die with me.
I want a way to handle each category differently to accomplish my goals. Right now I can accomplish the goal of sharing logins in category 1 by simply sharing those logins with my partner using organizations in the family sharing plan. So far, so good. The problem is I am not aware of an easy way right now in Bitwarden for me to accomplish the goal of treating category 2 and 3 logins differently…in other words I want my partner to have access to some of my logins upon my demise (category 2), but some I never want to share and I want those login credentials to die with me (category 3).
I could accomplish that goal if I were able to identify which records to share with the emergency access feature, or if I were able to allow emergency access to a specific organization or a specific collection within an organization.
I have been thinking about this for a long time and trying to come up with a way to make it work and I finally came up with a solution. I was able to accomplish what I wanted by purchasing a family account which includes up to 6 users and unlimited collections within the family organization. I will describe how I did it but first you need to understand that when you set up a family organization you are creating a unique vault that is separate from your individual vault. It took me a while to figure this out because Bitwarden uses the word “share” to describe the process of transferring ownership of a record from your private vault to the organization vault, and the word “share” to me implies that I continue to own the record, but once I realized that ownership of the record is actually transferred to a separate and distinct organization vault and I no longer owned it, then things started to fall into place and I was able to figure a solution, here is how I did it…
- I set up a family organization with myself as the owner of the organization and I invited the person who I wanted as my emergency contact to be a part of my family organization.
- For the records that I want to share with my emergency contact in the event of an emergency (I call those legacy records), I keep them in my personal vault, they are not “shared” with the organization vault. I then designate the other person as an emergency contact with “view only” access which allows them to view only the records that I directly own in my personal vault, they cannot also view records that are owned by the organizational vault that are shared with me.
- For the records I want to keep private and never share with anyone, not even in the case of an emergency and not even after I am dead, I “share” those with the organization vault (i.e. transfer ownership to the organization vault) so that I no longer own those records directly, they are now owned by the organization of which I am the owner. Then I save those records in a collection called “private” and I do not share that collection with anyone except myself. Also make sure that there is on one else in the family organization that has any level of access within the organization to access that collection or to access all collections.
The net result is that I can designate which records my emergency contact can view…my emergency contact will be able to view the records in my personal vault, but not the records in the organizational vault that are shared with me, including those records in the private collection.
Thanks for sharing this. I was about to post this same solution in answer to your question when I noticed your own reply to your original post. It in any case confirms that the solutions I used since a couple of months is the most feasible one.
Thanks to RandomGuy for posting this optional solution and for clarifying “sharing” and “ownership”. BW needs to fix Emergency Access so we don’t have to use a method like this. We should be able to select which items to grant access to, on multiple time frames. I would use a short time to represent temporary access and a longer time frame to represent more access before allowing a complete account takeover. This is important for better control.
While your solution works, it doesn’t anymore when two people in a family or an organization want to be the emergency contact of the other - since admins and owners of an organization always have access to all collections.
So yes as a simple user, I would still like to be able to exclude some items from being visible to my emergency contact.