Emergency Access only upon death feature?

Hello BW team.

I’m wondering if there is or will be a feature in BW that will automatically grant access to an emergency contact upon death of the original account holder, but without setting the emergency contact up in advance.

Digital estate planning is becoming more and more critical in today’s world. But not everyone wants to share access to their accounts and digital assets (or even bring up the topic) with their next of kin prior to death or incapacitation. I have read thru the emergency access feature and I know that it could somehow be used for this, but it seems to assume that there is someone pre-designated and aware of this status as an emergency contact. But what if you don’t want to bring that up in advance with the person you want as an emergency contact? It would be valuable to have a feature that could somehow grant access to an individual designated by the account holder upon death or incapacitation. But how would BW confirm death or incapacitation without some kind of manual paperwork process, death certificates, etc. ? This could potentially be done via the emergency access functionality, but I think that requires the account holder to get the emergency contact setup in advance and then the emergency contact can proactively request access via the process already in place for that.

Is there, or could there be a way to setup a regular check in interval for the account holder that if, after a certain number of failed responses, would trigger an email or text to a pre-designated emergency contact informing them that they are now able to request access to the account as already available via the emergency access feature. That way, no discussion or process needs to take place prior to death or incapacitation. But if the check in process with the account holder doesn’t complete after a designated. # of attempts, then the pre designated emergency contact would be notified and informed about how to get setup and request access. you could even add an additional verification process upon the setup of the emergency contact, which may already be in place, I’m not sure. You could also have multiple fail safe sanity checks, letting the account holder know “Hey, you didn’t check in, we’re going to trigger your emergency contact process”.

Not everyone has a blood relative or trusted person they would want to set up in advance, but they may have someone they would entrust to manage their estate after death. Also, related to this topic, have you thought of partnering with a digital estate planning technology provider such as Goodtrust to enhance their offerings and add BW functionality to their products? This kind of planning is very important in today’s world and very few people overall are really doing it well.

I welcome any additional input and thoughts from the Community. There’s a lot of downstream topics related to this that I’d love to have a dialogue on, like how to deal with two step verification if you die and no one has access to your phone or email. That’s a big one for me now.

Thanks!

2 Likes

I think this is an interesting idea, but it does sound tricky to implement and manage.

I wonder if there isn’t a better way to accomplish this, like leaving your login email and master password in a sealed envelope in your will or with your lawyer, only to be opened if something were to happen?

3 Likes

I think that would not work well. E. g. if you change your masterpassword afterwards or you have 2FA enabled. But what could work is creating a second account and adding that as emergency access to you main account. And then put the login credentials for the second account in a sealed envelope like you suggested.

1 Like

mailbox.org handles it like this:

I’m not sure how that would work with Bitwarden - you’d need the master password to decrypt the data.

2 Likes

I think the best way for this to be implemented is for the actual cloud service provider I.e Bitwarden to provide the functionality and verification to support this kind of feature set. The mailbox.org functionality described here does accomplish what I am suggesting but it doesn’t describe how someone provides proof of death and how long it takes to validate that and provide inherited access. Having been through a real world example recently with my own deceased parents I am hoping more companies begin to support this as a feature.

I don’t know if this is possible due to Bitwarden using end-to-end encryption.

The reason you have to set up emergency access before is so you can share the encryption key but if you have no one to share the key with then Bitwarden would need a copy and that would not be very safe.

What @dh024 said to do is probably the best and simplest way to go about this. It’s not often you change your master password and you should be doing this anyway for your own backup.

What you want sounds more like a deadman switch and there are options but then again you would need to trust them. You can’t beat the simplicity and security of writing your master password down and keep it in a safe location.

This is true but the scenario I mention is one in which I don’t want to share anything until my wife and I are both gone or incapacitated. And I’m not a fan of writing down passwords and leaving them somewhere.

The way I have set this up is with a backup/reserve yubikey in a physical safe that my family has access to. In the safe is a description of how I setup my accounts, which is in a sealed envelop. The yubikey has the masterkey and 2fa, and the letter with description says where the first part of the masterkey can be found (seperate letter). Also I have setup an emergency contact that will have access after 30 days. For me this is good enough. Of course if you want to be sure to only grant access after your death I would go to a local notary and give them these instructions together with the letter with your masterkey and 2fa reset codes. Or put a backup yubikey in a lockbox at a bank, and have them only allow access to family after confirmation of you death.

I would not trust or burden bitwarden with this responsibility, as there are already many ways to handle this.

Thanks for this info. I’m not familiar with Yubikey but will check into it and the other ideas you reference.

Implementation ideas:

Mail a kind of partial secret to some people right away. There are algorithms for shared custody of a secret, so that two (or N) people need to collaborate in order to perform some task. You nominate four people (eg) and two of them, working together, have enough information decrypt your vault, but no one, alone, knows enough. Or 3 of 9 or whatever. At any password change, mail the group again with a key and a birthdate of that password, so they can meet up postmortem and decrypt.

Nominate a successor who gets access after a grace period. You name sally. She gets email. She can come and ask for access to your account using an obsfuscated version of your passphrase (which you enter at that nomination time), and when she asks, you get email. If you do not respond within N days, she gets email saying she can now access it.

Nominate someone who gets access after you go dormant. Death is stressful, and online access is not high on the list of things to care about. So, after you nominate Sally as successor in bitwarden, she gets email and a timer is reset every time you log in. If you fail to reset that timer, you get email that you can veto it, but shortly thereafter Sally will get email with emergency access code. Imagine it being 45 days by default. You die, then after things have settled down, loved ones get email to access online life.

2 Likes

I just want to say that Emergency access feature is a joke as currently implemented. @dh024 If “tricky” means it involves work and thinking, its better to think and work on features before publishing it as useless as it is now.

Curious to what makes the current implementation a miss @Eugene_Bos? Feedback (specific and constructive) is always appreciated.

Maybe you misunderstood, @Eugene_Bos, but the current Emergency Access feature is not designed to accommodate unexpected end-of-life situations, as the OP has requested. Adding such functionality would be tricky because it would be hard to avoid False triggers, and the last thing I am sure Bitwarden would want to do is send messages to unsuspecting loved ones that they have died. I think it would be hard to come up with a fool-proof way to do this efficiently.

Of course, if you disagree, I am sure everyone would love to hear a solid solution. Please feel free to contribute.

1 Like

As I learn more about this I’m wondering if just putting a yubikey for two factor identification along with my current password in two different secure locations will enable my heirs to fully access my account if I’m gone if they possess both those things. Does anyone know that? And can I setup 2FA so that either the yubikey or another 2FA like Authy will still work for me in the meantime? Or do I have to use only one 2FA method?

Thanks

You can have multiple 2FA options @Compressor61 - no worries!

You’re correct, the email + master password + yubikey is all that is needed to access the vault.

Thanks. So sorry if I’m being redundant here. But I need to confirm. If I setup a yubikey and an Authy 2FA , I can use either one of them to access my vault, but I do not have to use both each time 2FA is required, correct? This way I can setup the yubikey and put it a safety deposit box only to be used by someone else down the road. Meanwhile I’ll use Authy.

Do I have this right?

If so I think I have a solution. Then I just have to figure out if I can use the same yubikey for 2FA on my google/gmail account.

Thanks

That’s correct, you can use either 2FA method to log in.

1 Like

Basically in this case you are trusting that a 3rd party will protect your information and possibly another party has access to a “legacy yubikey”, while someone such as an estate planner have your master password in a safe deposit box of some kind.
This would be ideal as to only be able to provide all factors of verification, masterpassword and 2FA (yubikey) plus possibly some instructions with the master password or will.

You could also have variations on this type of legacy access to fit your needs as it would work, possibly even splitting up all factors of authentication between multiple heirs + spouse (parts of the master password split up with one designated as 2FA) though now I’m just split-balling I’m sure others can come up with far more creative solutions.

1 Like

“Mail a kind of partial secret to some people right away.” it may be better that it wont be done via Bitwarden directly, so both parts of the secret won’t end up in 1 server, therefore it won’t compromise security.

So basically on activation of that feature Bitwarden generates 2 passwords that both can open the vault. 1 is not saved (user password), another one is saved partially and part of it is displayed to the user(and not saved) to send it out to selected people by another secure channels.

Preventing of sending the part of the password preliminary can be done the same way as Google does (with reminders, and warning before)

Thanks Kent. Much appreciated