This article describes how to delete your account without knowing your password. I have not tried this yet. But it is very important for me to keep my access data. So how can I prevent someone from deleting my beloved data with one click who has access to my email account in whatever way? If I have a premium account, can my pay data no longer be assigned? OK. I seem to be a bit paranoid, but people, you come from this side of data security.
My question is: can a more regressive procedure be used for deleting an account, especially for this second version? For example, it would be possible to exclude this procedure in the settings. Also a 2FA could be helpful here.
Thanks for any reassuring answer …
Well, you’re in a lot of trouble anyway if your email is hacked into since hackers can send a Forgot Password request to change your password and then a 2FA code to email (if it is configured) . You should always backup your passwords and store them in an encrypted format. And to answer the question, you can’t disable the deleting account without sign in at the moment.
You are correct in that you can usually reset the password by email and re-assign. However, this function is not familiar to me at Bitwarden.
If I need a service to back up my sensitive data, then I want to keep full control. It really makes no sense for me to keep the same data locally, whether encrypted or not. What I mean is this:
Is not it possible to offer something like a recovery code just for the deletion of the account as an alternative to simple deletion by one email click? Why is that so outlandish? Why should it not be possible to access the data via a one-time email on the one hand, if on the other hand the deletion is quite possible?
What is also not completely clear to me: how will the deletion of a premium account ‘by email’ secure the future annual debits and the assignment to a new account? What is the real procedure, not a theory?
Thats is quite easy. If I upgrade my account, I would like to have these questions answered. I just mean that these questions are issues that can be relevant to a futere paying user. No more and no less.
@kspearrin might be able to answer that for you
I second this feature (Sorry if bumping old threads is considered rude, thought there was no point in making a new feature request)
I would like the option to disable the ability to delete my account without access to my master password
I agree with OP.
As a vault user i may opt to protect my vault with 2FA (as i did). And we have the ability to use a second factor not being a code mailed to me, but for example, a FIDO key. So that’s all very nice.
However, it is possible to destroy my entire vauilt with only an email confirmation, one factor only.
This does not seem logical and the protection of my vault is mooth.
For this reason i would think this option to delete-with-email-confirmation only should be an opt-in but al least an op-out option.
(The workaround to export and encrypt the unencrypted vault is a bit cumbersome.)
The goal here is to make sure that no vault data is made available. Yes, the deletion is very inconvenient if it occurs during a malicious attack in which email is compromised, but at the end of the day - the vault data remained secure until the bitter end.
With that, I’ll add that truly encrypted export is on our 2020 roadmap and should help with some of these concerns.