What happens to your attachments when your premium subscription ends?

silvetti · December 22, 2021, 4:03pm

What happens to your attachments when your premium subscription ends?
What about 2FA codes?

cksapp · December 22, 2021, 4:17pm

https://bitwarden.com/help/article/premium-renewal/

Bitwarden Authenticator (TOTP)

Your secret keys will remain stored in Vault items in the Authenticator Key (TOTP) field, however Bitwarden will not generate TOTP codes.

Encrypted File Attachments

Files will not be deleted from your Vault, however you will not be able to upload or download.

I would imagine the same thing happens with an Organization when billing cannot be renewed, due to possibly an expired card, etc.
Once the billing payment method has been updated and the premium subscription is restored all features should be re-enabled.

I am not sure if there is a final limit to when, or if, file attachments will be deleted by Bitwarden or if there is a notice of some kind should you downgrade from a premium subscription to a free plan for so long without renewal.

OpSec · December 22, 2021, 7:58pm

An additional question I have always wondered about:

If a person lets their premium sub expire and they formerly had 2FA/U2F enabled, will BW switch back to FREE vault status without second factor for vault login? This is a question only as I have no intention of letting a 10 dollar/year sub expire, at least on purpose.

cksapp · December 22, 2021, 8:54pm

Hi, according to the same article linked

Two-step Login

You will not be locked out of your Vault, however you will not be able to use advanced Two-step Login options like Yubikey, FIDO2, or Duo for authentication.

If you have a core Two-step Login option enabled (authenticator app or email), you will be prompted to use the enabled option.
If you do not have another Two-step Login option enabled, you will authenticate into your Vault without Two-step Login.

As you mentioned, I also don’t have any plans to allow my premium subscription to lapse, but it’s nice to have the transparency to know how things function should it happen.

OpSec · December 23, 2021, 6:12pm

So then to be clear. I (just an example user here) have both U2F and TOTP setup as access methods to my vault. I seldom use my TOTP but it is a backup option for me. Also, its required to login on my Android since U2F/Yubi with NFC doesn’t work at this point.

If I let my premium BW account lapse it would drop to requiring my TOTP? Therefore a “bad actor” could not access my vault with ONLY user and password credentials? Once again, this is a learning experience since I an here for the long haul.

Another HUGE drawback to letting an account lapse is now you can no longer download file attachments at all — as per the linked article.

tgreer · December 23, 2021, 6:14pm

Hi @OpSec,

That’s correct. If you have any non-premium 2FA enabled, it will default to those.

silvetti · December 24, 2021, 5:45am

I have decided to give Keychain a try (Apple’s default password manager) and let me premium expire so I lost access to attachments Maybe there was an email warning, if there was I missed it
Probably will require me to pay for another year which is not a big issue as the fee is low enough but still would have been nice to have some warning about that.