Background
I have a self-hosted Bitwarden for my passwords, having two accounts on it, one for personal passwords and one for work related password (self-employed). I’ve set it up this way because I have too many passwords with clients and I wanted them separated. In fact, I have an organization for general work (administrative, hosting, …) and one where I store the client passwords (option to share with them via collections).
Now the general work organization is shared with both accounts, the clients organization only with the work account. With that, I can access work passwords any time, but have to use the work account for the clients.
Now I’m in a society too, where we have some passwords stored (another self-hosted variant). And probably with time another self-hosted server for something, since password managers get more popular.
Problem
It’s a very annoying task having to switch between different password managers with this. Even for a short task, like login to an app to do something for 5 minutes, I have to change the account, enter master password and later switch again. This is more annoying than time-consuming when having to do this multiple times a day/ week.
Possible Solutions
When I thought about that problem, I had some ideas for a possible solution too, although I don’t know if this is technically possible or makes sense for security reasons.
1. Solution: Option to invite accounts from a different Server
The simplest solution to me would be an option where admins of an org can invite accounts from another Bitwarden Server. They then can accept this and, on request, they get passwords from the current server and passwords from other servers. These requests could even come from the server itself (not current server gets password from other servers and send them to the UI).
With that, I don’t think there would be security leaks like with caching if the passwords come from the other API itself.
Solution 2: Linking multiple accounts from other servers
This sounds a bit complicated, even to me. Let’s say I have an account on a server, [email protected], where I store my personal passwords. Then I have another account on another server, [email protected], where I have my work account or so. Until here, this is possible.
Now there could be an option to link those accounts, like adding a second email address to another server. Then I could get the passwords, similar to solution 1, not affecting possible risks with caching, since all traffic comes from the servers itself.
Solution 3: via API key
This solution doesn’t make sense for security reasons, but could be enhanced to match the security level.
I could create an API key on [email protected], which I then could enter at [email protected]. Now when accessing passwords, the server also gets passwords from another server using the API key and displays them to the UI. But again, there could be security risks with caching and MITM, …
…
I’m aware that this is a complex feature which only few people would use, but I’m sure this would be useful in the future, where hopefully more people would use password managers.
This feature requests is also a bit affected from federation, since I find this topic very interesting and would be my opinionated way to enhance the future on the technical side of IT.