Phishing vulnerability for emergency contact process

I was invited to be an emergency contact. I got an email that said click here to accept. It wanted my login and master vault password. Realising this isn’t particularly safe, I logged in independently but couldn’t see the invite in the UI anywhere obvious. Double checking url’s etc I followed the only method that seemed available but this does feel like a vulnerabiliity for the majority of less technical users.

Could an approach that forced a login through the website independently of the link, then a signposted experience that alerted a newly logged in user to an invitation that should be accepted or rejected (or perhaps silenced)?

@o00o Welcome to the forum!

Is your request about the Bitwarden Password Manager, or about the toolkit?

Bitwarden Password Manager

I have moved your post from the section to the Password Manager section of the Community Forum.