When an emergency access request is initiated, the grantor’s web account and the mobile app should have a notification banner at the top of the screen or a red dot on the mm obile app to show that a request has been initiated. Right now we only receive an email regarding the request which may be deleted if our email account is compromised.
1 Like
Yes. When somebody requests emergency access, I want to see a huge red banner both on my web version as well as the windows 10 version. That is because I get so many emails a day that one could come in and fly by before I even realized it was there, and have no idea that the clock was ticking. Even though I am in the program every day in Windows 10 app, I would not know the clock was ticking at all if I had not caught that email flying by.
2 Likes
I like this idea, and while I have emergency access enabled I guess I’ve never really though about the what if, more so than the intended what happens in the “after” portion so to speak.
As the intended use case for this is to allow access in the event the original account is unable to be accessed, either via disability or death, lost 2FA, or a forgotten master password.
Perhaps a good alternative would be to in a sense “reset” the emergency request timer or invalidate the request all together upon successful account login.
Though this does provide a bit more of a venue for an account take over situation.
1 Like
Continuing the discussion from Emergency access:
Great this feature request has been implemented! Much appreciated 
Just a comment on the implementation (had to open a new topic, as the old one was closed):
I think there should be a very obvious optical alert like e.g. a red banner or yellow/black frame after login into the webvault, if there is a pending take over request.
Just the tag deep down in the settings is just not present enough. The notification email could be undelivered, overlooked, caught as a false positive by a spam-filter, etc. …
Just my thoughts,
paradeiser
2 Likes
A big +1 for this feature request or rather the final polish of the useful emergency access feature.
I agree with the aforementioned concerns. The grantee’s account could be compromised and then it is quite easy to miss the crucial notification via email.
A red banner or another obvious optical alert in all applications seems to be a no-brainer to me. Obviously, I understand that it takes time to implement this feature.
Maybe on option to add people that also get informed via email about an initiated emergency access request would also be helpful. If the grantor is still alive these trusted people (not necessarily grantees) could reach out to see if he’s aware of the process. If he passed away and he granted for example emergency access to one of his siblings, other family members would also be informed that this person/grantee initiated a take over of the account. Maybe an idea for the future. Nonetheless, the banner is more important IMO.
1 Like
+1 this is the only reason i have not enabled this yet. Just a mail is not good enough (delivery issues, spam filters, etc)
2 Likes
Adding my vote and voice to this. In addition to what others have said, I am in Bitwarden almost everyday, but I don’t check my email everyday, and when I do I don’t always have time to get to all my emails.
This feature would also make me more comfortable shortening the emergency access waiting period so that family wouldn’t need to wait so long to access accounts in the event that I actually die.
2 Likes
I agree that Bitwarden’s Emergency Access feature is too dangerous to use without some other type of notification in addition to email. The suggested notification banner seems the most straightforward solution.
I would advise others to avoid using the Emergency Access feature in its current state.
And as a security-related improvement I don’t know why this hasn’t been addressed yet, 3 years after Emergency Access was introduced???
+1
Very surprised this has not been implemented yet. Relying on a single email is a huge risk.
I would also imagine that most users who have set up emergency access on a timer would expect there to be this functionality at present, and will be surprised to find out that the only communication to the account holder is a single email.
1 Like