✅ Emergency access

Emergency access would fit nicely with my other feature request for “Share a password for 1 time reading + link expiration”.

Please look at Share a password for 1 time reading + link expiration and vote for it too.

1 Like

This is currently the top voted feature.

2 Likes

I thought one of the KeePass implementations had this feature, but I can’t find it anymore. It worked like this: the Emergency contact could request access which triggers the system to send an email to the owner. If the owner didn’t respond within, a owner defined (Hours, Days, Weeks, etc…), time frame the system would provide a temporary, one time use, password to the emergency contact. Therefore you would know if they were trying to access it outside of an emergency and could deny the request.

I would absolutely like to a see something like this implemented.

They can’t send a password that they don’t know. BW will not store any secrets on their system.

LastPass requires the other party to have an account because the other secret is the other account.

Depending on how paranoid you are, just remember that unless that other person is your spouse, a judge can order your friend/family to request emergency access while they have you locked away in jail. /tinfoilhat

If there was no time to implement this, now is the right time.

1 Like

Initially overlooked the reply but there seems to be progress on this now! :+1:

https://community.bitwarden.com/t/create-a-way-to-manage-estate-planning-pass-on-account-credentials-in-emergency-situations/10973/3?u=plompie

2 Likes

Please, this is the time to implement this feature. We are all in the middle of a pandemia crisis, I have seen people going from sane to dead in a week’s time.
I don’t want my wife and family to have problems managing our finances if I’d be passing away.

4 Likes

Yes, I believe this pandemic situation is making people re-think their plans for their survivors.

Coincidentally, I got a life-threatening medical diagnosis last month while I was in the process of transitioning to BitWarden. I was thrilled with the app, its security features (2FA!), open-source concept, and reasonable price. But I reconsidered all the details when I got my diagnosis, and realized that Emergency Access is essential to simplify things for non-techie family members when the time comes. I had to switch to a commercial products, which is very good, but is not an app I trust, and would want to support,as I do BitWarden.

Rather than just blindly hoping that someone will implement this for free, why don’t we collectively fund a development grant to make it happen? It sounds like there are enough of us interested to raise a decent pot, and there are several great platforms which allow crowd-funded bounties for development on Free / Open Source, for example Gitcoin: https://gitcoin.co/blog/crowdfunding-bounties/

See also Bounty program where this general approach was already proposed.

The hardest part of doing this will be figuring out exactly what the implementation of the feature looks like, and describing that clearly in the bounty. If we can figure that out, the proposed implementation will be deemed favourable by a large chunk of the 395 users who have voted for this feature so far, and then we have a chance of getting enough people to contribute to the bounty pot to make it worthwhile for one or more developers to implement it.

I have quite a lot of experience in writing technical acceptance criteria for new features, so I could potentially volunteer to write this and submit it as a bounty which then others could pledge money towards. However I don’t yet have a clear picture of how everyone would want this feature to work. As this long thread already shows, there are several ideas, and maybe they are not all mutually compatible.

So the challenge is figuring out what would be the lowest hanging fruit which would at least partially please a lot of people. Thoughts on this are very welcome!

Rather than just blindly hoping that someone will implement this for free, why don’t we collectively fund a development grant to make it happen?

I thought that’s something I was doing, in part, by paying both for a family plan and a premium account. Emergency access could be a premium feature.

It’s great that you are supporting the development team, and I encourage you to continue, but that does not guarantee you will see the features you want implemented. This feature was requested in 2018, and is the most voted for feature, yet I don’t see any evidence that the team is making progress on it. Ultimately they’re entirely free to set their own priorities as they see fit. In contrast, placing a bounty specifically on this feature would guarantee that your money would go directly towards implementing it, and towards nothing else.

It’s great that you are supporting the development team, and I encourage you to continue, but that does not guarantee you will see the features you want implemented.

True. I know that. Same with commercial software, too. :slight_smile:

I would just hope with so many votes, they’d implement it sooner rather than later.

1 Like

Yeah, I think many of us on this thread were hoping the same. My point was that after a year or two of no progress, maybe it’s time to pursue a better alternative than just continuing with blind hope, and instead take the matter into our own hands :slight_smile: Unlike with commercial software, that’s a freedom we enjoy by choosing Free / Open Source, so it makes sense to take advantage of it.

It would be great if you could take the lead on setting up the bounty, @aspiers!

Personally, I would love to be able to:

  • define a trusted circle of people (with or without BW account)
  • allow these people to ask for emergency access with a definable timeout (e.g. 48h, 1w etc.)
  • define global or restricted emergency access to a folder or items with certains tags

Also nice to have:

  • backup codes (cf. Google’s implementation)
  • inform trusted circle when the process of emergency acccess is started (cf. @eskela’s idea)
1 Like

Hey folks! We are definitely planning on bringing this feature to to the platform. I don’t have an ETA, but your comments aren’t going unheard :smile:

11 Likes

Genuinely appreciate the update @tgreer, but I think it’s fair to say the community has heard that several times before. Without some rough indication of an ETA (which you shouldn’t be afraid to share - no one is going to kill you if plans change :wink:), I’m afraid we kind of have to assume that it’s not going to happen any time soon, and plan accordingly (e.g. by launching a bounty).

It would be much better if you could do the feature planning out in the open. That way you’ll get early customer feedback to make sure the design is right, and people might even volunteer to help with the development. Free and Open Source development works best as a bazaar, not a cathedral.

We’re in the process of doing more planning in the open - organizing a growing team just takes some time :+1:

As for timeline, the emergency access feature is currently planned for this year.

11 Likes

I think this is a good list, and it is very important from my perspective that there is some granularity in what can be accessed via folders/tags, as you say. I also think that this should be customisable by person, as well as content. For example, I might want my wife to be able to access something (perhaps an account that pertains to both of us), but not my parents.

For the idea of informing everyone in the circle, and with the circle in general, I think perhaps there could be a hierarchical element to this. After all, it might make sense for only one person to be able to access account credentials. I might want it to be my wife who accesses my account contents if I die. However, recognising that we might both die together, I might add in my parents as well as a backup. With this setup, if I die, and my parents request my data, my wife should be notified and given the opportunity to cancel it (as well as me, obviously). If she has also died, or is unable/unwilling to do it, then my parents get the access. Otherwise, if my wife were the one to request the access, there should be no need to contact my parents, as according to my settings, she is the most trusted individual in the circle.

Full disclosure: I’m a doctoral candidate who is looking at digital legacy planning. Password managers, in my opinion, have such an opportunity to design for this, and it’s largely going wasted, in my opinion. Bitwarden have a chance here to pave the way. Incidentally, if anyone has had any experiences using this kind of functionality in other password managers (e.g. Lastpass/Dashlane), I’d love to hear from you.

@tgreer Is there some way users can participate in the planning for features like this? I’ve seen a few suggestions for implementations of this feature, but I haven’t seen anyone mention using something like Shamir’s Secret Sharing. [1] Using a 2-of-2 secret it should be possible to provide emergency access (mediated by BW) without providing BW the ability to read our data – even temporarily. I think the following workflow would work:

  1. The user who wants to enable emergency access (Bob) would first need to be able to securely share secrets with BW and with the user they are giving access to (Alice). I’m assuming this would be implemented in a similar fashion to the way secrets are shared within an organisation.

  2. Bob’s local client creates a 2-of-2 set of keys using Shamir’s secret sharing algorithm. The first key is securely shared with BW and the second key is securely shared with Alice.

  3. Bob’s local client then creates a public/private key pair. The private key is encrypted with the 2-of-2 keys and securely shared with Alice. The public key is retained within Bob’s vault.

  4. At this point, Bob can use the stored public key to encrypt secrets that can be safely stored either with BW or with Alice. I’m not familiar enough with the inner workings of BW to guess the best way to secure the emergency access. One option is to encrypt everything Bob wants to give Alice emergency access to with the public key and share the resulting cypher text with Alice. If BW uses per-item symmetric keys or something like that, they symmetric key could be encrypted with the public key and sent to Alice.

  5. At some point in the future, Alice wants access to the secrets Bob has shared. Alice then asks BW for the second key in the 2-of-2 set. BW would then go through whatever business process they have established to (a) verify Alice’s identity and (b) verify there is a real emergency. If that process ends in a decision to give Alice access, BW then discloses the stored second secret to Alice. Her local client can then use the 2-of-2 key to decrypt the private key, and the private key to decrypt the data/symmetric key giving her access to the secret.

This is not a perfect system – enabling it definitely lowers the overall security of Bob’s BW vault. I can’t think of a better way to accomplish the same thing, though. One way to mitigate the potential impact is for BW to commit to storing their half of the 2-of-2 key set so that human intervention is required to disclose the second secret. Using a hardware HSM or an air-gapped system for retrieval maybe?

[1] https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

  • caveat emptor: I’m not a cryptography professional, but I think I know enough to be dangerous. The folks at BW probably understand what I described better than I do. They’ve probably come up with a better scheme. I don’t know what they’re working on, though, so I wanted to share the one way I could see this actually working.
2 Likes