[SOLVED] I am scared - Deleting an entire Bitwarden Acc possible in some seconds

Hey there. I like BitWarden. Was coming from Lastpass 3 or 4 years ago and it goes better and better.

Cos of an problem on android with the login I create a temporary account and delete it after my tests. The delete was done in seconds. There was no captcha and just one prompt.

Sorry to ask that, but: Are you serious? :smile:

In BitWarden is my digital life saved. All my passwords and a lot of hints and notice pieces. The default BitWarden timeout after install is 15 Minutes. If anybody knows how easily it is to delete a BitWarden account or child or a pet accidentally tapping this option… (jep, this could really happen, no joke)

So my suggestion:

  • Ask for a captcha like BitWarden did It when creating an account
  • To another prompt if the user is sure to do this.
  • Instead of deleting immediately the account, just disable the account for 3 month
  • The only way to push this process faster is by recovery-key
  • To undo this delete request you need to click on a link in your mailbox. You should get this when you request your deletion.

Perhaps I see this to critically but I think not.

Greetings by LessOrNothing

Hi welcome,

I think it would be an interesting feature I would imagine some might prefer to have some type of captcha in the Danger Zone or something of the like.

I would be curious about this as I imagine there are some users who upon wishing to delete their account would want all of their data scrubbed from Bitwarden’s systems. Even though there is a zero knowledge architecture in place many users are security conscious individuals some with highly sensitive information stored, and in the event they needed I could absolutely see situations where someone would need data deleted immediately.

I would also like to note Bitwarden DOES currently require you to confirm the master passphrase prior to making any of these changes.

You’ll be prompted to enter your master password to confirm you have the authority to take this action.

Hi @LessOrNothing - which method to delete your account do you speak of? If you try to delete your account through the Web Vault, you are confronted with DANGER ZONE! warnings and bold red text and you must enter your master password before you can delete anything.

If you are deleting without logging in via email, you must respond to the system-generated email before anything is deleted.

In either case, I don’t understand how an accidental keystroke or a pet will achieve this. Can you please elaborate?

EDIT: I see Kent types much faster than I do! :slight_smile:

THX for your both replys.
@cksapp @dh024

I was talking about my test’s with the current android apk.

Greetings by LessOrNothing

The same process for deleting your account occurs on the Android app. You can’t accidentally delete it unless you also “accidentally” enter your master password. I don’t think a child or pet could do that, as you suggest.

You are right, I try it again with a new temp account.

Sorry, I thought it was without extra masterpass promt.

No problem at all - glad you found it. I’ll mark this one as Solved then. Cheers!