Great question! Yes, 2FA will automatically be disabled/turned off, but not when the email is received/sent, but rather once the password is reset/takeover is successful.
Bob and Jill is what I think of when it comes to this feature.
The Susan and Brenda story doesn’t sound like an emergency but instead poor planning. If it came down to it Susan can pay Brenda back for the cat food. I really doubt that the average user will have the foresight to log in to their Bitwarden account and grant access to someone for this or similar situation. If it was me in this situation I would just create a new organization and share the password that way or leave $20 on the counter.
All I need is a way to give access to my vault to someone if I die or get locked out. A time-delay with warning emails is a must. The extras like read-only, delete certain things, and such are nice but not a need right now.
The most important feature of emergency access should be simplicity. If someone has activated emergency access they are more than likely not clear in thought and most often panicking.
I think it would be nice if the application/extension also prompted for a response each time you login / unlock until a decision has been selected. That way email isn’t the only notification.
The Pick and choose what items or folders get emergency access granted option is needed. I would like to be able to select folders/items to grant access on one time frame (days) and others (including all) on another time frame (months) to represent shorter needs (hospital) vs total access (death).
It is currently Out of Scope. Maybe it will be added in the future.
I’ve been waiting to fully switch to BW premium for this exact feature and so good to see it’s on the road map and hope to see it being implemented soon!
FYI, the feature as described is code-complete and will be going through PR review(s)/revisions shortly. After that we’ll have some bake-in and testing before it’s released but is still on the radar for this year.
Great to hear😀
Will there be some sort of beta test program for user? Or will the feature be tested internally?
It might seem like counting chicks before they hatch, will it be a premium feature or free feature?
It will be tested internally; we don’t have and likely won’t be setting up a BETA/public testing environment and since this functionality will be purely server + web vault, the closest you could get to a preview is pulling down the server
, jslib
and web
repos once the code is merged and running locally via docker-compose, etc.
Not sure yet tbh and we’re in a “light” decision week with the holiday so I’m sure I won’t have any further updates this week.
If you do make it a premium feature, which is fair if you ask me, I would ask you to make it premium to make changes to emergency access.
It would suck to have this feature but lose it when you need it most because your premium expired due to unforeseen circumstances. To add or update emergency access should be behind the paywall but to activate and use it should not be.
Happy Thanksgiving! Save some turkey and mashed potatoes for us as well. Jut kidding.
I think the premium members will find Emergency Access really useful as most of the them store their medical bills, receipts and other sensitive documents in the encrypted storage. Not only that, there are also users who use Bitwarden for generating TOTP codes. Lets assume the granter is a free user and If he/she were to give emergency access to their Google Account or some other account, the grantee will also need the TOTP code for the particular login which is in Authy or any other authenticator app . The Grantee may need the granter’s phone number and the verification code to login to Authy. It just becomes complicated and inconvenient. Premium members will find emergency access more convenient to use if they store TOTP codes in Bitwarden itself
I prefer to give my phone to my trusted friend(If it is possible) to make things easier.
Happy Thanksgiving! This is the single missing feature preventing me from making a full switch to BW. Unfortunately you need to prepare for emergency situations more and more as you get older. For the less tech savvy around you, you also want the process as simple as possible, so the roadmap sounds promising.
I applaud the effort, and I’ll be keeping up with the progress!
I know some people have asked for a multi-role feature. If a person has a BW account, maybe the emergency access could be via one these roles.
Instead of strait up disabling 2FA, if emergancy access is associated with someone else’s account, it could allow that other account’s 2FA as a super-set.
It would be desirable to never drop 2FA if possible.
This is very important.
In terms of 2FA - I have Yubikeys in envelopes with instructions for my emergency contacts in a safe to help them access certain critical credentials.
+1 for this as a user thinking of switching from dashlane premium to bitwarden premium.
This gives me piece of mind that my loved ones will be able to get into my accounts within a set time period after my death. not planning on dying anytime soon but its always good to be prepared!
To clarify, how are the private keys managed? Are users responsible for storing and supplying these, or are they created / managed / distributed by Bitwarden automatically? I assume the latter, as otherwise a high level of technical literacy is required.
This means that Bitwarden could theoretically access my passwords if they chose to or were forced to, without any notification or waiting period, as they manage the private keys and store the encrypted data. That’s not necessarily a major issue for me (as Bitwarden could already easily break zero trust if they wanted, eg by logging master password clear text) but please will you clarify?
The feature looks great otherwise and thank you!
Chad can add details, but rest assured this feature maintains our zero knowledge model of e2e encryption
This is a great question that I’ll try to cover in a comprehensive manner.
Bitwarden (the client application) will use the exact same mechanism for sharing private keys with this feature as we do already for Organizations’ vaults. Essentially a key exchange is done between 2 users within the Bitwarden client, you grant access to someone, they log in and have their own keys; when they accept your invitation they then share their public key with you; you will then use their public key when confirming them to encrypt your private key; that encrypted data is then stored in the database.
In this way, Bitwarden is acting essentially as a “zero-knowledge”, trusted broker. Unless we had the master password of your grantee OR you, we still would not be able to decrypt, reset the password for, etc. your account, even if Liam Neeson was at one of our houses and very angry. All of the key exchange, decryption, password resets, etc. all happen purely in the client via 2 trusted parties that took part in that key exchange (grantee + grantor), just like it’s done for organizations today. The “broker” part comes into play in that you trust Bitwarden to not release the encrypted key to the grantee until a designated time has lapsed.