Graceful license expiration

Recently our license expired due to an expired credit card. Unfortunately, on the date the licenses expired, all our users instantly lost access to shared items. This was a very, very inconvenient situation, since there was no warning the users (the only notice was an email to the billing email address and it took help from the Bitwarden support team to fix the credit card issue).

Here’s things we would have expected:

  • A visible warning in all applications to all users, so that the user might take some action to prepare for the looming loss of access.
  • Read-only access to shared passwords for at least a grace period of a few days

This would alarm key users and allow them to take or delegate action (export data, fix any payment issue, notify users).

Losing access in a productive environment because of a clerical error is unacceptable.

Related topics + references

Surprised this isn’t getting more traction. My friend just told me about how his vault was suspended for a payment he thought went through got an email saying so but didn’t because his credit card was expired. This is alarming and shouldn’t lock out anyone, a email notification should be sent and then have a small grace window period to fix the payment or export the data.

I had this happen to me this morning. What was most frustrating was that I had fixed my credit card info a few days ago, the payment went through for the organization and then the organization still was disabled after the invoice was paid. I didn’t even get a warning that the organization was disabled.

This could be “solved” by either allowing people to add credits to their accounts or paying ahead of time.

Netflix lapsing is not the end of the world, but self-destructing password managers are. Imagine if land lords could evict their tenants if they didn’t pay on time, but only allowed to pay on the exact day the bill was due.

Just a couple of clarifications.

Self-host environments have a 3 months grace period between the expiration of the license and the organization getting disabled. For cloud environments it’s 1 week.

A month prior to the renovation date an email gets sent to the billing address setup for that purpose if the payment method it’s outdated or missing, and with each failed attempt a new email gets sent informing of the issue. A new payment attempt it’s perform 3 hours later-1 day later-2 days later and so on.

Payment method can be updated at any time by the owner of the organization going to the Web Vault (https://vault.bitwarden.com) and go to Settings > Organizations > {YOUR ORG NAME} > Settings sub-tab (Gears Icon) > Billing.

If the payment gets resolved on that timeframe the organization doesn’t get disabled and everything continues normally.

If the payment fails continuously after 1 week, cloud accounts get disabled and need to get manually verified because the payment collection stops there, and the CS team needs to verify if there is more than 1 month due, usually for self-host environment they just notice 3 months later, and we need to collect 3/4 months due and then re-enable the organization.

Even with all these, if an account that belongs to a disabled organization write us (https://bitwarden.com/contact/) the ticket gets automatically tagged as DISABLED ORGANIZATION and received maximum priority.

No information gets deleted after an organization gets disabled.

Regardless, I agree that an optional message, prompt or something similar would be a nice idea.