Emergency access

It might seem like counting chicks before they hatch, will it be a premium feature or free feature?

It will be tested internally; we don’t have and likely won’t be setting up a BETA/public testing environment and since this functionality will be purely server + web vault, the closest you could get to a preview is pulling down the server, jslib and web repos once the code is merged and running locally via docker-compose, etc.

Not sure yet tbh and we’re in a “light” decision week with the holiday so I’m sure I won’t have any further updates this week.

If you do make it a premium feature, which is fair if you ask me, I would ask you to make it premium to make changes to emergency access.

It would suck to have this feature but lose it when you need it most because your premium expired due to unforeseen circumstances. To add or update emergency access should be behind the paywall but to activate and use it should not be.

3 Likes

Happy Thanksgiving! Save some turkey and mashed potatoes for us as well. Jut kidding.

I think the premium members will find Emergency Access really useful as most of the them store their medical bills, receipts and other sensitive documents in the encrypted storage. Not only that, there are also users who use Bitwarden for generating TOTP codes. Lets assume the granter is a free user and If he/she were to give emergency access to their Google Account or some other account, the grantee will also need the TOTP code for the particular login which is in Authy or any other authenticator app . The Grantee may need the granter’s phone number and the verification code to login to Authy. It just becomes complicated and inconvenient. Premium members will find emergency access more convenient to use if they store TOTP codes in Bitwarden itself

I prefer to give my phone to my trusted friend(If it is possible) to make things easier.

Happy Thanksgiving! This is the single missing feature preventing me from making a full switch to BW. Unfortunately you need to prepare for emergency situations more and more as you get older. For the less tech savvy around you, you also want the process as simple as possible, so the roadmap sounds promising.

I applaud the effort, and I’ll be keeping up with the progress!

1 Like

I know some people have asked for a multi-role feature. If a person has a BW account, maybe the emergency access could be via one these roles.

Instead of strait up disabling 2FA, if emergancy access is associated with someone else’s account, it could allow that other account’s 2FA as a super-set.

It would be desirable to never drop 2FA if possible.

This is very important.
In terms of 2FA - I have Yubikeys in envelopes with instructions for my emergency contacts in a safe to help them access certain critical credentials.

+1 for this as a user thinking of switching from dashlane premium to bitwarden premium.

This gives me piece of mind that my loved ones will be able to get into my accounts within a set time period after my death. not planning on dying anytime soon but its always good to be prepared!

1 Like

To clarify, how are the private keys managed? Are users responsible for storing and supplying these, or are they created / managed / distributed by Bitwarden automatically? I assume the latter, as otherwise a high level of technical literacy is required.

This means that Bitwarden could theoretically access my passwords if they chose to or were forced to, without any notification or waiting period, as they manage the private keys and store the encrypted data. That’s not necessarily a major issue for me (as Bitwarden could already easily break zero trust if they wanted, eg by logging master password clear text) but please will you clarify?

The feature looks great otherwise and thank you!

Chad can add details, but rest assured this feature maintains our zero knowledge model of e2e encryption :metal:

1 Like

This is a great question that I’ll try to cover in a comprehensive manner.

Bitwarden (the client application) will use the exact same mechanism for sharing private keys with this feature as we do already for Organizations’ vaults. Essentially a key exchange is done between 2 users within the Bitwarden client, you grant access to someone, they log in and have their own keys; when they accept your invitation they then share their public key with you; you will then use their public key when confirming them to encrypt your private key; that encrypted data is then stored in the database.

In this way, Bitwarden is acting essentially as a “zero-knowledge”, trusted broker. Unless we had the master password of your grantee OR you, we still would not be able to decrypt, reset the password for, etc. your account, even if Liam Neeson was at one of our houses and very angry. All of the key exchange, decryption, password resets, etc. all happen purely in the client via 2 trusted parties that took part in that key exchange (grantee + grantor), just like it’s done for organizations today. The “broker” part comes into play in that you trust Bitwarden to not release the encrypted key to the grantee until a designated time has lapsed.

4 Likes

So they’re stored in the client database, just like all other encrypted data. Thank you for explaining!

Is the feature still on track for being released by the end of this year? :smiley:

Too close to get out before Dec 31st, but we are going to be releasing a lot of fun stuff in January, this included!

11 Likes

yeah I figured it would not be happening this year.

Can’t wait to see what you guys release. In the mean time I will be evaluating if bitwarden meets all my needs over lastpass

1 Like

Hey, where will this announcement be posted? In the blog section?

We’ll have release announcements in our GitHub repos, status page, the forums, blog and probably a few other places :slight_smile:

5 Likes

Emergency access is now live for cloud hosted services! Self-hosted updates will come in the next 48 hours or so.

14 Likes