YES. BITWARDEN ADMIN: PLEASE ADD ACCOUNT RECOVERY VIA PHONE AS AN OPT-IN FEATURE ON ALL FREE ACCOUNTS. THIS IS A BASIC SERVICE RELIABILITY STANDARD, A NECESSARY PILLAR OF SECURITY FOR THE THREAT MODEL OF THE COMMON USER.
I’m not upset but it needs to be pointed out. Here’s the rational for my stance:
Most average users (towards which the BW service is oriented) do not use a secondary email address so it does not make sense to have them set that up.
There is no justification for forcing draconian measures of “security” on all users, all to paradoxically force the risk of them losing ALL of their critical login credentials with the loss (or recent change) of a master password. That doesn’t make ANYONE feel secure.
Security / privacy over convenience or vice versa should aim to be the decision of each individual user by default. As this matter does not affect other users, this is one such instance where the user should be allowed to decide.
Since secure services commonly operate features like these without surrendering any sensitive data to the admin or others - protecting phone numbers and not using web links or 2FA access codes - it would still be zero knowledge if implemented. If we want a safe preset for the security obsessed, configure new accounts to have it disabled by default and give a security warning whenever they go to enable it, but really all that is needed is not to have a phone number put on the account at all.
And since people typically keep phone numbers they would associate with a service like this for life, porting them when switching providers, sending a reset confirmation code to a cellular device is not really a big security risk either unless your cellular device is so compromised you don’t trust it with receiving a password reset code to put into a secure web page. And if that’s the case, then why trust it with your 2FA codes and your BW vault both on the same device? We’re not making a bearable amount of sense if we begin to fear cellular devices of users, so we need to lose that thinking.
Lastly, the reason this not only needs to be an option but needs to be active on all free accounts is because it not only builds confidence to encourage users to upgrade, but if, for example, the user has to wait for a renewal or temporarily downgrade for any reason in the future and loses that recovery feature at exactly the same time the account becomes inaccessible and said user is on the threshold of a financial or medical crises where the a login becomes critical, this can become the demise of any company claiming “user access” reliability of their service. And yes, that’s exactly where BW is situated in the lineup of service options. Yet can your support team help that person in time to meet their critical deadlines if it’s outside of business hours? If they are locked out and a huge fallout of events spirals out of control in their life because of that occurrence and because of it their lives are now decimated, not good. You don’t want to have your service’s name attached to that tragedy in the public eye. Just a handful of reviews like that could blow you away. We’re talking scorching online references on common app comparison websites, which is likely - a person’s grief turning into a very long very agonizing and very personal hunt to squash your service for the sake of unpaid damages in their life. None of us want to see BW fall prey to something like that.
But the bottom line is that a large portion of the market will begin quickly idenfiying those critical features being absent or not and they will NOT NOT NOT risk losing access to their logins once they’ve already experienced the pain of it. Not even for a few hours. So not having this feature would effectively keep many nontechnical users from putting greater confidence (and funding) into the service. And it’s not just that your competitors will have this feature which will cut into your prospective market share, but ask the question why they don’t bar this feature if it’s such a security risk. I’m not closed to evidenced concerns from knowledgeable security advisors here or elsewhere, but as the network engineer who has deployed and supported security solutions in government and private sectors, I’ve never personally considered a phone “account restore” feature as a security risk. That said, I wouldn’t ever advise using SMS as your 2FA method, which is an entirely different set of risks. Hopefully everybody here is differentiating between those two because they’re NOT the same level of security risk whatsoever.
Bitwarden, I appreciate your offering. It’s a great service and I am getting allot out of it already. But please do yourselves and us a favor and just add this feature. There’s no firm case not to and all these reasons you definitely should