same for me, separated personal and professional its really important. if you want to implement massively bitwarden in companies, most of the CISO will claim the possibility to separate personal and professional
Instead of mixing/linking both accounts, wouldn’t it be much easier to have two seperate logins on the clients (browser, mobile, etc) and have the client offer you something like a unified search / autofill? IMHO this feature is quite important as you have to currently either do everything on one Bitwarden instance (bad, esp. if your company has it on premise) or use two seperate password managers (inconvinient²).
Yupp, agree to this feature. This is the major drawback for not signing up my company. It is already a minor pain to use bitwarden on a personal level, but this minor pain is worth the added security, but then signing up a business and needing to constantly switch back and forth between accounts…would love to be able to avoid that.
I also happen to need this.
My current password management setting involves 3 KeePass databases. (a personnal one, and two other for companies I work with).
In KeeWeb (my KeePass client), I can quickly switch from one database to another:
I’m currently deploying two separate Bitwarden servers (a personal one, and one for my company), and I’d like to have a similar behaviour. Unfortunately, it’s not possible, I have to logout, change the server URL in the client settings and relogin, which is really tedious.
I really don’t care about unified search or linking accounts together, I’d rather have a simple way to quickly switch from an account to another. Something like a configurable list of identifies, to add a bitwarden URL and user email, and a dropdown on the login form to pick the one you want to use before filling in your master password. Since it’s purely a client side change, I believe it could also be simpler to implement (but I may be wrong).
As use of BitWarden grows, this seems like an increasingly important feature.
I have helped two clients adopt BW, which means that I now have 3 BW accounts that I have to switch between when going from site to site during a regular day.
I think that this could also boost adoption of BW if users are introduced to BW via an organization/company and then realize that they can easily set up a personal account and still access those personal PW within the same interface.
It seems to me that a “Tabbed” approach, as suggested earlier would be the best. Completely different log-in accounts, but accessible via a quick menu switch, without the log-out, log-in routine currently required.
Can someone explain to me why (part of) this functionality can’t be created using organizations and collections?
I would say fast switching between a personal and a business account would be nice to have to prevent mixing things, supported by a setting to opt-out for business accounts (so they can prevent switching)
And the use of multiple vaults / accounts (like for contractors or service providers) could imho be fully supported with organisations and collections. You just provide your contractor access through his other email (and any mandatory second factor).
Really hoping that this gets considered. We’re looking at ditching Lastpass in favour of enterprise Bitwarden but handling personal accounts in a sane way is essential for us
I agree linking of accounts is bad, but the client (desktop / web / mobile) maintaining two authentications is a totally different thing. Being able to switch between accounts easily from clients is trivial.
Today I use all personal stuff on my personal account, and all work related stuff on my company organization account. I don’t want to mix those, but to be able to easily switch in the clients would be awesome.
At work I use a seperate “Personal” Chrome user profile for the browser client (extension) and only work account on desktop client. Then for personal I use the web vault.
At home I use a seperate “Work” Chrome user profile for the browser client (extension) and only personal account on desktop client. Then for work I use the web vault.
This works, but a more easier “switch between accounts” would be really appreciated. I don’t want to link my accounts, just be able to manage “profiles” / “accounts” from the client, and make it easier to switch between those.
Any input from the developer?
I think it’s quite common to have a need to separate personal and business vault.
Maybe even to put a price on the feature? We’d probably be able to sponsor it
How do we do that? Is pooling money going to solve this?
This is another case where KeePass databases shine. You can have as may open as you like.
I don’t really understand why every account is limited to single password store and that store is protected by the same master password as the account password. (I guess it has something to do with convenience.)
Separating those and allowing use of multiple stores in any form would be nice.
Personally I hated that my personal account got tied to my work account with lastpass. My account is my account, not my employer’s; I refused to link accounts.
I like the way bitwarden is currently handling this problem with collections. Similar to how you work with github organizations, you work with bitwarden collections. You can get invited into a collection, then that’s part of your vault.
Now in the github model, the company can force you to meet certain requirements on your personal account to link it into the company’s organization, for instance require 2FA, require strong passwords, etc. I think that’s a reasonable standard and way to implement this.
That methodology respects both the user’s privacy, and the company’s security.
i’m agree, a simple way to switch would be nice. Password asked in respect of configuration set (1 minute/2 minutes/…/Restart of browser/never) by the way the “never” option should not be exist
Organizations is a really nice way to do this but only if you use the same bitwarden server for both work and personal stuff.
I think we need multiple accounts support if we want to be able to use one bitwarden server for work and our own personal bitwarden server.
It would be nice if in the Client there would be a server tree
all items as in client right now
This would be an awesome feature!
Second the simple account quick switcher option. It would at least allow you to retain the settings for each of the servers you need to connect to. I don’t mind having to re-auth for each but I don’t want to mix personal and business and also don’t want to have to re-enter all the settings each time
+1 for multiple account support in the applications.
Works OK in Chrome where I am using two different profiles for work and private and thus two separate extension configurations.
Sadly the desktop client and mobile phone app does not allow to switch easily between two self-hosted bitwarden servers with two different accounts. Only way currently is is by changing server settings manually each time.
I think people generally want to use and remember one password. I already have multiple organizations where I have password managers in use - ok I can reuse the same password for all those password manager accounts. However it’s damn annoying to re-login or even use the browser profiles. Those who would want to use the browser profiles should be allowed but that should not be a reason for not supporting quicker switching for those who don’t follow such tight organizational policies to separate the personal and organizational accounts with browser profiles. But I see it also as a risk if organizations make it too difficult to use for a normal user they probably going to store the organizational credentials on their personal account anyway because the users just gets bored to switching. And there is currently no setting to limit the email domains the user who is invited could login with? I mean limited to sign up to Bitwarden with the organisation email only that was used originally? This is one of the aspwcts where for example LastPass has failed.
The above said, I would considering implementing the multiple account support the following way:
- A user may register as any user (it’s no matter if they are first registered as for personal user by signing up or organisational member by invited by other)
- The user can add any number of email addresses to his/her/it’s account. Pretty nuch the same way github does it.
- The organizational memberships can be associated with one of the organizations a user belongs to.
- When user saves a new password they would chose the personal/or organisation account where the password is stored.
But now I have to also say that where Bitwarden is bad at. Think about a situation when a user is removed from an organisation because their contract ends, is terminated or the member’s account is suspected to be hacked or there is high risk of it e.g. lost device like lost laptop or mobile phone. Then what the organizations CIO wants to happen? To close all work related accounts the employee had or transfer the accesses to another person(s). Currently Bitwarden does not support that for those vault items that were not shared.
So I think it would make a lot of sense that if a user is removed from an organisation then they would loose all access to the vault items of that organization. Currently Bitwarden does not do that - it only removes access from the shared items. As for second additional feature, the organisation manager or someone in the organization IT management should able to be see where the organization members have created accounts to be aware of those - there could be a list by person and the event log could show whenever an organisation member had created access to a new system. In many organization they are not aware what accounts they have and where.
If Bitwarden would work like I described it would be actually jumping to a whole new level of business because instead of it being a password manager it would be organizational access management tool:
- you know where your organisation members have created accesses regardless if an organisation member have created it or its a shared password. Just a note I think creating shared credentials is usually a bad practice and many organization policies might disallow them.
- When you need to remove organisation members, you know you can take their access away from all the systems they had earlier access to and potentially transfer the access credentials to another person in the organization. Now you might say that it actually does not remove the access from the target systems but at least when an organisation has the list of places their member had registered, they could more easily then go every system and remove them manually or via API integration level.
What comes to the actual password policies (how long and complex passwords, what is their expiry/change frequency) and use two factor authentication could be also be set per organization basis and I don’t see a big conflict in that area as then the user just have to follow those policies even accessing their personal “space” in the password vault.