This feature implements restricted password with 2FA sharing.
This would be a unique feature that is not available on other password managers. As it would give the ability to unshare and deny login on a user that it’s rights on the authentication have been revoked.
The limit on this implementation is that unshare works only because of two factor authentication.
- Shared password is hidden and should not be viewable (although users can still find out)
- User can not edit
- 2FA Authentication is available but Authenticator Key (TOTP) is not available/viewable for the shared person
- Shared authentication can be unshared
- On unsharing the login information should notify either by info-bar or chaning color, that this login should change password. Example: “This login info has been unshared, please change password and update it on bitwarden”
The implementation of sharing may need to be modified for the feature to work. There are many possible implementations of how this could work. I will list one .
The Verification Code (TOTP) is send over https instead of generating it localy. That way the user has no access to Authenticator key and it is restricted to using the verification code only.
Multiple codes could be generated ahead of time and send to the user so that only once every 3 minutes codes are send (instead of each 30 sec).