I think that this feature would be an awesome addition to BitWarden!
I honestly don’t trust emergency access features for password managers. At one point the encryption key needs to be shared to someone else. Sure, there can be a delay before the other person can get access, but the simple fact is that somewhere in their vault is the encryption key and that is all you need to decrypt the other persons vault.
I could see this being exploited in the future - just hack the person with the weakest security to get to the other person.
Nothing beats a simple piece of paper with directions on what to do locked in a safe or safety deposit box.
A safe and secure way to cede access of your account to another in the event of a death or incapacitating emergency is a must these days.
I have a workaround using Yubikeys, Bitwarden and other means that would allow a trusted friend access to certain critical accounts in such an event. The Yubikeys are held by another trusted friend.
But a built-in mechanism would be much better.
Recent convert from Lastpass. I see emergency access in some form as a feature I need. If something were to happen to me it would create a huge cluster for my heirs with no access to many, many important accounts. I do respect the security concerns. So if an elegant solution was implemented, I’m all for that.
I’m waiting for that feature to move from LastPass to BitWarden.
Agreed. Please implement an emergency access feature! As a solo developer with health problems, I need the security of knowing that my trusted colleague (another solo) will be able to take care of my clients if I kick the bucket or become incapacitated.
At moment I’m using both LastPass and Bitwarden. I love Bitwarden and have for premium account. Bitwarden’s cheap and worth it even if I go back to LastPass. This is just about the only thing keeping me from committing 100% to Bitwarden.
This is the one remaining feature I need to switch from LastPass. LastPass has been getting worse over time and I would move in a heartbeat if this was available.
Any updates on this request? Would really like this feature!
Agreed. I think this hopefully could use the foundation built for the team/family sharing, but just with some timed tweaks?
+1 me too want
It would have to be an optional feature, and there are ways to do it that don’t reduce security in a significant way (assuming your emergency contact is somebody you trust to be careful with their own security). If your emergency contact is a Bitwarden user then the recovery key can be stored in their vault but encrypted twice so that neither they nor the Bitwarden server know what it is. When it is time to use the key, the emergency contact presses a button to “reveal recovery key” which triggers a 24 hour countdown timer before the Bitwarden server removes its layer of encryption. The other layer is removed by the user’s own Bitwarden client, so the server never sees the decrypted key.
Right, but that means trusting the emergency contact in three ways
- To not use the password unless it is a genuine emergency.
- To keep the password somewhere nobody else will find it.
- To not forget where they have kept the password.
Whereas my solution only involved trusting them to protect their own password (not yours), and not to click the “reveal key” button, and even then you would have the countdown timer as a backup.
By “don’t reduce security in a significant way” I meant that your vault would have to be encrypted twice: once against your master password and once against the recovery key. This obviously means there would be two opportunites for a hacker to get in, so security is reduced. However, the probability of a hacker guessing the password was vanishingly small to begin with (assuming you have a good password), so adding a second password (i.e. the recovery key) doesn’t reduce security by very much. (If you take a number that is vanishingly small and double it then you are left with something that is still vanishingly small.)
If your master password is stored in some kind of safety deposite box then that means somebody must have access to that box. Even if you trust that person, a corrupt government might pressure them into giving up the key.
Or maybe the password is stored in a safe at your house? If your house were to burn down it might destroy you and the key at the same time, so now your data is lost forever.
Maybe these risks are not important to you? If that’s the case then I’m glad you have found a solution that works for you, but other people have different needs. This is only a request for an optional feature anyway, so you need have no fear that it would lead to a reduction in your security.
do we know if this feature has been considered by the developers so far? Thanks
Yes. I think that it is development. If you scroll through the thread you will see that it is normally coming soon. It was firstly supposed to be done for the first half of 2018, then for the first half of 2019, so, I guess it’s coming…
I’m coming from LastPass like some others on this thread. I just switched over to full time Bitwarden to try it out this week and I’ve been really happy with it and I’m letting LastPass expire this week.
Still, and this is a feature that I found valuable so it’s one of the few things I’ll miss so I look forward to seeing this soon.