Hi - my wife and I share one Vault in Bitwarden, with a very long master password. That Bitwarden “account” login is my primary email address, so when this goes into effect, my wife (and I) have the potential to be locked out if we don’t know the login credentials to my gmail account. Or to an Authy or other TOTP account (which is too complex for her to deal with). My wife, obviously, is very unhappy about this. What would help us is to have the ability to specify a 2nd email address, so that both email addresses get a code that can be used to do the new-device 2FA. Then I only have to convince my wife to put access to her email on her phone.
I suspect we’ll end up opting out of this new ‘feature’ until such an improvement is made. Shame, because I fully understand the benefit of 2FA on Master Password login. But…the old adage “Happy Wife = Happy Life” applies here in spades.
I moved your posts into their own topic, to avoid cluttering up the other threads. Here is what I had responded to your comment above, after you had posted it in the “Security Update” topic:
Thank you - At your good suggestion earlier today, I’ve spend over six hours hunting for data needed to convert a premium individual account to “Organization” so I can share data with my wife. I see how to do it, but there are a few missing pieces from the documentation. This topic is one of them.
How to I do a bulk move of several hundred login entries in my individual vault to the Organization’s “Default” vault?
How do I do JSON exports of my Organizational vault for backup purposes?
If both users of our “Organization” are paying $10/yr for Premium status, do we each get full SEND functionality? Full emergency and 2FA login features, file storage (i.e. all benefits of a “premium” individual account but as a member of a free organization account). We’re on a fixed income, and don’t want to fund a 6-user ‘family’ account when we only have 2.
We’ve paid for ‘premium’ every year we’ve used BW - love it.
You can do this from the Web Vault. Use the checkboxes to select the relevant items (noting that clicking the checkbox labeled “All”, in the column header row, selects all displayed items). Then, click the kebab icon (three vertical dots) at the top (in the column header row, to the right of the “Owner” header), and select “Assign to Collections” from the dropdown menu. This is shown in the screenshot below (including checking “All” to select all items, which is optional):
The best way to do this is to go to the Web Vault, access the Admin Console (using the link towards the bottom of the left-hand navigation menu), and then going to Settings > Export Vault, as shown in the screenshot below:
Unfortunately, if you are using a free organization, then the items stored in the organization vault will not have anymost* Premium benefits (i.e., the shared items will not be able to have attached files, use the integrated TOTP authenticator function, or be included in the Premium Vault Health Reports), except that integrated TOTP generation for shared items is now supported for Premium users*.
On the other hand, Premium features such as file Send, Emergency Access, advanced 2FA methods for login (DUO or Yubico OTP) will still work, as long as you maintain your individual Premium subscriptions.
I should also clarify (in case it wasn’t clear), that if you do switch to a paid Family plan (so that you can have file attachments and other Premium benefits for your shared items), then you will no longer have to pay for your individual Premium subscriptions, because Premium status is included for all members of a Family plan. So your annual subscription costs would “only” increase from $20 to $40 (not $60!).
*Edit: As pointed out by @kpirisbelow, the integrated TOTP authenticator now works for login items stored in a free organization, provided that you have an individual Premium subscription.
Thank you, Thank you for your informative reply!! Bitwarden is well documented, but I just couldn’t find these details, and I use Vault exports to create vault backups on a regular basis, so being able to “get everything” in an export is important.
I actually established our ‘Organization’ in 2021, but didn’t have time to work thru these issues, and a few features now available were not there (like the bulk transfer), so I never populated it.
Question (perhaps for another thread?): if we setup Passkeys for 2FA into our BW accounts, I believe we should house those (or their recovery keys) in a 3rd party location, (like Google PW manager) for use across multiple devices, and if the primary passkey on the Phone device is lost or damaged, we can still get into the BW vault. Does the BW provided recovery key also short-circuit a Passkey for emergency use?
I had a phone stolen while traveling, and if I’d had 2FA on my BW vault, I would’ve been hosed because I hadn’t properly prepared my setup for that. I was able to use a Chromebook to get credentials to airline tickets etc. thru a WiFi connection, but 2FA to the phone would’ve made that impossible.
My annual premium renew date is Feb 9, so I’ll have to get this figured out soon.
Will let you know when fully implemented.
Thank you!
Passkeys for Bitwarden Two-Step Login cannot be stored in your Bitwarden vault. They would have to be stored in a third-party authenticator (e.g., either a hardware key, or one of the passkey authenticators available through Android, iOS, Windows Hello, etc.).
Bitwarden provides a Two-Step Login Recovery Code, which is a one-time use code that disables all forms of 2FA on your account. Therefore, when using the recovery code, you will be able to access your account even if you no longer have your Two-Step Login passkeys.
Please note that if you ever do need to use the Two-Step Login Recovery code, it is important to immediately re-enable some form of 2FA that you still have access to, or else you may run afoul of the upcoming “New Device Verification” requirements. Another caveat is that because the recovery code can only be used once, you must save a copy of your new recovery code as soon as you have used the previous code.
You should keep a copy of your Two-Step Login Recovery Code on a so-called “emergency sheet”, and you should bring a copy of the recovery code with you when you travel (perhaps tucked into your passport).
Super interesting, thanks for pointing that out! Bitwarden should have made a bigger deal about it when they decided to support it. I have corrected my comment above.