✅ Emergency access

If there was no time to implement this, now is the right time.

1 Like

Initially overlooked the reply but there seems to be progress on this now! :+1:

https://community.bitwarden.com/t/create-a-way-to-manage-estate-planning-pass-on-account-credentials-in-emergency-situations/10973/3?u=plompie

2 Likes

Please, this is the time to implement this feature. We are all in the middle of a pandemia crisis, I have seen people going from sane to dead in a week’s time.
I don’t want my wife and family to have problems managing our finances if I’d be passing away.

4 Likes

Yes, I believe this pandemic situation is making people re-think their plans for their survivors.

Coincidentally, I got a life-threatening medical diagnosis last month while I was in the process of transitioning to BitWarden. I was thrilled with the app, its security features (2FA!), open-source concept, and reasonable price. But I reconsidered all the details when I got my diagnosis, and realized that Emergency Access is essential to simplify things for non-techie family members when the time comes. I had to switch to a commercial products, which is very good, but is not an app I trust, and would want to support,as I do BitWarden.

Rather than just blindly hoping that someone will implement this for free, why don’t we collectively fund a development grant to make it happen? It sounds like there are enough of us interested to raise a decent pot, and there are several great platforms which allow crowd-funded bounties for development on Free / Open Source, for example Gitcoin: https://gitcoin.co/blog/crowdfunding-bounties/

See also Bounty program where this general approach was already proposed.

The hardest part of doing this will be figuring out exactly what the implementation of the feature looks like, and describing that clearly in the bounty. If we can figure that out, the proposed implementation will be deemed favourable by a large chunk of the 395 users who have voted for this feature so far, and then we have a chance of getting enough people to contribute to the bounty pot to make it worthwhile for one or more developers to implement it.

I have quite a lot of experience in writing technical acceptance criteria for new features, so I could potentially volunteer to write this and submit it as a bounty which then others could pledge money towards. However I don’t yet have a clear picture of how everyone would want this feature to work. As this long thread already shows, there are several ideas, and maybe they are not all mutually compatible.

So the challenge is figuring out what would be the lowest hanging fruit which would at least partially please a lot of people. Thoughts on this are very welcome!

Rather than just blindly hoping that someone will implement this for free, why don’t we collectively fund a development grant to make it happen?

I thought that’s something I was doing, in part, by paying both for a family plan and a premium account. Emergency access could be a premium feature.

It’s great that you are supporting the development team, and I encourage you to continue, but that does not guarantee you will see the features you want implemented. This feature was requested in 2018, and is the most voted for feature, yet I don’t see any evidence that the team is making progress on it. Ultimately they’re entirely free to set their own priorities as they see fit. In contrast, placing a bounty specifically on this feature would guarantee that your money would go directly towards implementing it, and towards nothing else.

It’s great that you are supporting the development team, and I encourage you to continue, but that does not guarantee you will see the features you want implemented.

True. I know that. Same with commercial software, too. :slight_smile:

I would just hope with so many votes, they’d implement it sooner rather than later.

1 Like

Yeah, I think many of us on this thread were hoping the same. My point was that after a year or two of no progress, maybe it’s time to pursue a better alternative than just continuing with blind hope, and instead take the matter into our own hands :slight_smile: Unlike with commercial software, that’s a freedom we enjoy by choosing Free / Open Source, so it makes sense to take advantage of it.

It would be great if you could take the lead on setting up the bounty, @aspiers!

Personally, I would love to be able to:

  • define a trusted circle of people (with or without BW account)
  • allow these people to ask for emergency access with a definable timeout (e.g. 48h, 1w etc.)
  • define global or restricted emergency access to a folder or items with certains tags

Also nice to have:

  • backup codes (cf. Google’s implementation)
  • inform trusted circle when the process of emergency acccess is started (cf. @eskela’s idea)
1 Like

Hey folks! We are definitely planning on bringing this feature to to the platform. I don’t have an ETA, but your comments aren’t going unheard :smile:

11 Likes

Genuinely appreciate the update @tgreer, but I think it’s fair to say the community has heard that several times before. Without some rough indication of an ETA (which you shouldn’t be afraid to share - no one is going to kill you if plans change :wink:), I’m afraid we kind of have to assume that it’s not going to happen any time soon, and plan accordingly (e.g. by launching a bounty).

It would be much better if you could do the feature planning out in the open. That way you’ll get early customer feedback to make sure the design is right, and people might even volunteer to help with the development. Free and Open Source development works best as a bazaar, not a cathedral.

We’re in the process of doing more planning in the open - organizing a growing team just takes some time :+1:

As for timeline, the emergency access feature is currently planned for this year.

11 Likes

I think this is a good list, and it is very important from my perspective that there is some granularity in what can be accessed via folders/tags, as you say. I also think that this should be customisable by person, as well as content. For example, I might want my wife to be able to access something (perhaps an account that pertains to both of us), but not my parents.

For the idea of informing everyone in the circle, and with the circle in general, I think perhaps there could be a hierarchical element to this. After all, it might make sense for only one person to be able to access account credentials. I might want it to be my wife who accesses my account contents if I die. However, recognising that we might both die together, I might add in my parents as well as a backup. With this setup, if I die, and my parents request my data, my wife should be notified and given the opportunity to cancel it (as well as me, obviously). If she has also died, or is unable/unwilling to do it, then my parents get the access. Otherwise, if my wife were the one to request the access, there should be no need to contact my parents, as according to my settings, she is the most trusted individual in the circle.

Full disclosure: I’m a doctoral candidate who is looking at digital legacy planning. Password managers, in my opinion, have such an opportunity to design for this, and it’s largely going wasted, in my opinion. Bitwarden have a chance here to pave the way. Incidentally, if anyone has had any experiences using this kind of functionality in other password managers (e.g. Lastpass/Dashlane), I’d love to hear from you.

@tgreer Is there some way users can participate in the planning for features like this? I’ve seen a few suggestions for implementations of this feature, but I haven’t seen anyone mention using something like Shamir’s Secret Sharing. [1] Using a 2-of-2 secret it should be possible to provide emergency access (mediated by BW) without providing BW the ability to read our data – even temporarily. I think the following workflow would work:

  1. The user who wants to enable emergency access (Bob) would first need to be able to securely share secrets with BW and with the user they are giving access to (Alice). I’m assuming this would be implemented in a similar fashion to the way secrets are shared within an organisation.

  2. Bob’s local client creates a 2-of-2 set of keys using Shamir’s secret sharing algorithm. The first key is securely shared with BW and the second key is securely shared with Alice.

  3. Bob’s local client then creates a public/private key pair. The private key is encrypted with the 2-of-2 keys and securely shared with Alice. The public key is retained within Bob’s vault.

  4. At this point, Bob can use the stored public key to encrypt secrets that can be safely stored either with BW or with Alice. I’m not familiar enough with the inner workings of BW to guess the best way to secure the emergency access. One option is to encrypt everything Bob wants to give Alice emergency access to with the public key and share the resulting cypher text with Alice. If BW uses per-item symmetric keys or something like that, they symmetric key could be encrypted with the public key and sent to Alice.

  5. At some point in the future, Alice wants access to the secrets Bob has shared. Alice then asks BW for the second key in the 2-of-2 set. BW would then go through whatever business process they have established to (a) verify Alice’s identity and (b) verify there is a real emergency. If that process ends in a decision to give Alice access, BW then discloses the stored second secret to Alice. Her local client can then use the 2-of-2 key to decrypt the private key, and the private key to decrypt the data/symmetric key giving her access to the secret.

This is not a perfect system – enabling it definitely lowers the overall security of Bob’s BW vault. I can’t think of a better way to accomplish the same thing, though. One way to mitigate the potential impact is for BW to commit to storing their half of the 2-of-2 key set so that human intervention is required to disclose the second secret. Using a hardware HSM or an air-gapped system for retrieval maybe?

[1] https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

  • caveat emptor: I’m not a cryptography professional, but I think I know enough to be dangerous. The folks at BW probably understand what I described better than I do. They’ve probably come up with a better scheme. I don’t know what they’re working on, though, so I wanted to share the one way I could see this actually working.
2 Likes

@irgeek - We read through the ideas on the forum posts when we start planning and prepping for work, so at the very least everyone’s ideas are heard/read :metal:

Please post any feedback and ideas, even if they’re conflicting - helps us see both sides of the story, too!

As we go, we’re trying to make the roadmaps and timelines more transparent (and I have been assured by our form members I won’t be drawn and quartered if they change :wink:)

Thank you for the detailed contribution!

3 Likes

That is actually a pretty cool idea, even if not completely polished. Goes to show that there is some meet-in-the-middle tradeoff between security and convenience for something as complex as “emergency access”. Is there a “better” idea? Possibly, but I think this idea on its own gets within spitting distance.

The lack of an emergency access type feature is the single biggest factor keeping me from switching from LASTPASS. Lastpass implementation is far from perfect but is better than nothing.

I used to also have an a/c with SECURESAFE in Switzerland who did not require ‘beneficiaries’ to have an a/c. As the a/c owner, when setting up, i would send beneficiary an email/letter explaining the service with a one time use 36 digit access code which gave them access to the a/c etc after specified wait period.

I used to run both LASTPASS and SECURESAFE a/c’s incase one failed, but have now ditched Securesafe due to their clunky interface and high cost.

Apart from enabling my family access to key info, as a one man band, I manage domains/hosting websites and various cloud based services for clients. I need a method to grant each individual client access to their info if/when i pop my clogs or become incapacitated.

Whilst I encourage all to use some form of password manager, many don’t. I need a platform that doesn’t rely on the beneficiary having an a/c on same platform. Some have suggested a dead man’s handle type solution, but I’d prefer option to advise clients/beneficiaries in advance what I have in place and how they can access their a/c details if/when required, so giving them confidence that I’ve got their backs… reducing burden on my family who have no idea about IT etc… My LastPass family subs are new for renewal in a few days so looks like I do that until Bitwarden come up with a better solution.

3 Likes

I am yet another long-time LastPass user who is currently evaluating Bitwarden, but the lack of the Emergency Access feature is holding me back. It’s a bit disturbing to see how many people have asked for this, and that for two years it’s been said to be coming, but isn’t here yet.

I don’t at all mind requiring that the accessor have a Bitwarden account, especially if a free account will do.

I am paid up for LastPass through 2024 but have already paid for Premium BW service and hope to see a solution in the near term.

1 Like