So recently I signed up for Premium service to enable the emergency access feature. I provided it to my son and have him send me a request. I did get an email. My timeout is set to 14 days. I was hoping to get more than one email, like once a day or something, but so far there has been two days, I haven’t received any email in addition to the one I got at the time when he requested.
Does the system send any more emails? I was hoping to receive one email per day, so that if I miss the very first email, I get reminded again. This is kinda dangerous to just send one email in the beginning and never worry about it, and the time expires and the access is granted.
Currently, the system only sends one email, and I am not aware of a way to change that. So, your suggestion is a good one, I think. You might wish to edit your post hear to make it a Feature Request, instead, so that you and others can support it with votes to attract the attention of the Bitwarden developers. (If you are not sure how to do that, let me know and I can do it for you, if you like.) Cheers!
@dangostylver I checked my junk mail and there are no emails from bitwarden. I have been receiving all the bitwarden emails in my inbox. Looks like they changed it. Can you give it a shot again to confirm?
Sorry, I can’t retest this time. We need @tgreer or anyone at Bitwarden to confirm if there has been a change to the emergency access email.
I tested it when it first came out as it was sending too many emails, like 4 to 8 at the same time. They later fixed it and it was one email a day and I figured it still works like this to this day?
Currently, the email is sent immediately upon the request for access, and then when there is 1 day left. If your timeout is < 1 day, you’ll only get the initial request email
Thanks @tgreer . I personally think once a day for something so security-critical (we are talking about giving away access automatically if not responded to) is a good reminder frequency. Even better if it is configurable at the time of sending the request to grantee, like the # of days. But the default should be once a day no less.
Somewhere I heard a suggestion that an announcement appear in the various vault apps, perhaps upon unlock/login until the access request is approved/denied/expires.
That’s great. I think it should create red banners in every application that Bitwarden supports including the browser extension which I use the most and I am sure most of us use them.
What’s the current status of this?
How many emails does one receive after an emergency contact request?
This kind of information should be clearly detailed in the help page.
I was just about to create a new post asking about this. One email over a 14 day time period seems like it might get lost in the volume of email I receive. At least once per day would be great in case I don’t see the first email.
I signed up for premium to use emergency access and it feels weird that the feature is implemented in an insecure way. My trusted emergency contacts are not as tech-savvy as I am, they might not have enabled 2FA for Bitwarden login or might store the unencrypted database on device in order to unlock less often. Trusted emergency contacts are something that should be treated with care, they can always become hacked and then send a malicious emergency access request.
If the rare emergency access notifications are overlooked, the hacker gets full access to my vault causing dramatic damage.
My suggestions are:
One warning email per 12 hours until the release. Its not like emails are costly. Its not like it would annoy the user in this situation, as he can always accept or deny an access request.
Emphasise the warning in the email. Currently the email looks like there is no apparent danger. Could be just another login confirmation email from Bitwarden. Change the email title to something like this: “[Emergency] Bitwarden access will be granted in x Hours to y”
Send notifications on more channels
E-Mail is the most overcrowded place. I expected a push notification from the bitwarden mobile app every 12 hours as well. Bonus points: Make it a non-dismissible notification.
The browser extension or the opened UI should also have a warning banner.
Please also give more flexibility when users configure the wait duaration. Currenlty there is 1 day, 2 days, 7 days etc..
I hope that at least #1 and #2 can be done quickly, as it’s just changing some variables. Thank you a lot in advance.
Bitwarden access will be granted in x Hours to y”