Secure Password Sharing (Share access without revealing the password)

Feature name

Secure Password Sharing (Distribute access without exposing the password)

Feature function

Bitwarden Secure password sharing without sharing the actual password, and revoke access anytime without the password being revealed.

What is secure password sharing?
This feature guarantees that your data is kept encrypted, and when you share your password, you can invite the user to obtain access via email; once the user approves, passwords are securely stored in their vault.
So only those with access privileges can log in using it, and there is an option not to reveal the password by default unless it is shared to be revealed, which could make it less secure.

As just a result, only those with access privileges can log in and gain access to it.

And what’s the importance of all this?

Sharing your credentials is often irreversible, whether with a coworker, a roommate, or a family member.
That being said, giving your passwords via email or text is risky.
Third parties can easily intercept them, especially if you use a vulnerable service.
and you’re ensuring that your sensitive data is safe while being sent to others, that it can be revoked at any time without having to change the password, and that nothing is compromised.

Access Levels:
When sharing a password, there are three options for access levels: full access and limited access and owner access:

When you securely share an item in your encrypted vault with some other user, you have the option of granting full or limited access.

Full Access:
Giving someone full access to a shared item means that the receiver will have unrestricted access to, view, edit, and use the item.

Limited Access:
Additionally, a receiver with limited access will only have partial control over the item: for example, some details will be blacked out and inaccessible for editing, and the password will be hidden.
However, even if the information is blacked out using the password manager, the receiver will still be able to use the passwords with auto-fill under limited access.

Owner Access:
Owner of the password access: If you’ve shared an item with another user, you can choose to make that user the owner of the item.
Once granted, the Owner rights allow not only viewing, editing, and sharing of the item but also rescinding access from other users with whom the item has been shared.

Password changes and updates:
If the owner of the password changes the password, it should be synced, and the password should be updated if it has changed, and it will be encrypted and updated in the vault.

Restrict access:

Once access has been revoked, the user who received the password shared with them should not be able to access it and it will be removed from the vault.

Bitwarden already has password sharing where you can block the other person from seeing the password in their account. You share through a collection and you have fine grain controls on what they can do.

But there does not exist a password manager that can keep the user from seeing the password once filled on a webpage. Websites need the password entered for you to log in and if the user is smart enough they can go in the source code of the webpage and view the password, have the browser save a copy, or many other ways. Once it’s left the password manager it’s out of the password manager control.

Not only that but even if there was a way to stop a user from seeing the password the very nature they can fill the password is all they need if they want to change the password. Nothing is stopping them from going into settings and letting the password manager fill the current password field and them entering a new password of their choosing and changing the password to something you don’t know.

4 Likes

This really usefull function is already available in Dashlane, Lastpass and Nordpass.

I would be nice to be able to do it one to one, no organization needed.

Thanks for the request! This particular item isn’t really feasible, as those above have mentioned - sharing a password is just that - sharing. I’m closing this thread, but encourage anyone who wants a password to be shared user-to-user vote here: