Yes, for example you could give someone emergency access with a type of read-only with a 1 week waiting period, and then again that same person with a type of account takeover with a waiting period of 30 days, etc.
No, the link is just a generic link to take that person to the impacted web vault where they would log in with their own account (necessary for decryption to work). There’s no key, nonce or any other identifying information in the link in the email itself, it’s just a notice that access as been granted, etc.
Bob and Jill is what I think of when it comes to this feature.
The Susan and Brenda story doesn’t sound like an emergency but instead poor planning. If it came down to it Susan can pay Brenda back for the cat food. I really doubt that the average user will have the foresight to log in to their Bitwarden account and grant access to someone for this or similar situation. If it was me in this situation I would just create a new organization and share the password that way or leave $20 on the counter.
All I need is a way to give access to my vault to someone if I die or get locked out. A time-delay with warning emails is a must. The extras like read-only, delete certain things, and such are nice but not a need right now.
The most important feature of emergency access should be simplicity. If someone has activated emergency access they are more than likely not clear in thought and most often panicking.
The Pick and choose what items or folders get emergency access granted option is needed. I would like to be able to select folders/items to grant access on one time frame (days) and others (including all) on another time frame (months) to represent shorter needs (hospital) vs total access (death).
FYI, the feature as described is code-complete and will be going through PR review(s)/revisions shortly. After that we’ll have some bake-in and testing before it’s released but is still on the radar for this year.
It will be tested internally; we don’t have and likely won’t be setting up a BETA/public testing environment and since this functionality will be purely server + web vault, the closest you could get to a preview is pulling down the server, jslib and web repos once the code is merged and running locally via docker-compose, etc.
Not sure yet tbh and we’re in a “light” decision week with the holiday so I’m sure I won’t have any further updates this week.
If you do make it a premium feature, which is fair if you ask me, I would ask you to make it premium to make changes to emergency access.
It would suck to have this feature but lose it when you need it most because your premium expired due to unforeseen circumstances. To add or update emergency access should be behind the paywall but to activate and use it should not be.
Happy Thanksgiving! Save some turkey and mashed potatoes for us as well. Jut kidding.
I think the premium members will find Emergency Access really useful as most of the them store their medical bills, receipts and other sensitive documents in the encrypted storage. Not only that, there are also users who use Bitwarden for generating TOTP codes. Lets assume the granter is a free user and If he/she were to give emergency access to their Google Account or some other account, the grantee will also need the TOTP code for the particular login which is in Authy or any other authenticator app . The Grantee may need the granter’s phone number and the verification code to login to Authy. It just becomes complicated and inconvenient. Premium members will find emergency access more convenient to use if they store TOTP codes in Bitwarden itself
I prefer to give my phone to my trusted friend(If it is possible) to make things easier.
Happy Thanksgiving! This is the single missing feature preventing me from making a full switch to BW. Unfortunately you need to prepare for emergency situations more and more as you get older. For the less tech savvy around you, you also want the process as simple as possible, so the roadmap sounds promising.
I applaud the effort, and I’ll be keeping up with the progress!
To clarify, how are the private keys managed? Are users responsible for storing and supplying these, or are they created / managed / distributed by Bitwarden automatically? I assume the latter, as otherwise a high level of technical literacy is required.
This means that Bitwarden could theoretically access my passwords if they chose to or were forced to, without any notification or waiting period, as they manage the private keys and store the encrypted data. That’s not necessarily a major issue for me (as Bitwarden could already easily break zero trust if they wanted, eg by logging master password clear text) but please will you clarify?