Playbook
Bitwarden — Emergency Access
Platform claims verified July 6, 2026
What this mechanism is
Bitwarden’s Emergency Access lets you name a trusted person who can request entry to your vault. When they request access, you get an email; if you don’t answer within a waiting period you chose (because, for example, you’ve died), access is granted automatically. It’s cryptographically end-to-end: Bitwarden never holds your keys, so this works even though the company can’t reset anyone’s password. This is the cleanest native mechanism of any password manager — set it up and your passwords outlive you with no paperwork at all.
Set it up now
- You need Bitwarden Premium (or membership in a paid Families/Teams/Enterprise organization) to grant emergency access. Your trusted contact only needs a free Bitwarden account — but it must be on the same server region as yours (both on bitwarden.com, or both on bitwarden.eu).
- If your contact doesn’t have a Bitwarden account, have them create one first — and treat that new account seriously: strong master password they will remember for years, two-factor authentication, master password hint set. Their account is now a door into yours (see Gotchas).
- In the Bitwarden web app (vault.bitwarden.com), go to Settings > Emergency access > Add emergency contact.
- Enter their email, choose the access level:
- View — they can read everything in your vault (passwords and attachments included) but can’t change your account.
- Takeover — they set a new master password and own the account. Choose Takeover for estate purposes — survivors need to change and manage credentials, not just read them.
- Choose the wait time — how long Bitwarden waits after a request before auto-granting if you don’t respond (minimum one day). For end-of-life planning, pick something long enough that an accidental or malicious request can’t beat you (7–30 days is a sane range), and short enough that grieving survivors aren’t stuck.
- Send the invite. It expires in five days, so tell your contact to click Become emergency contact in the email promptly and log in.
- After they accept, you must return to Settings > Emergency access and Confirm them. Until you confirm, the grant is not active — an accepted-but-unconfirmed contact has no rights yet.
- In AmberKey, record on your Bitwarden card: who the emergency contact is, the access level, the wait time, and the email address of their Bitwarden account.
- Optionally repeat for a second contact — there’s no limit, and a backup contact protects against the first one being locked out.
What AmberKey stores
- Layer 1 (metadata): your Bitwarden account email, server region, who the emergency contact is, access level, wait time, and confirmation date. This is everything a survivor needs to drive the native mechanism.
- Layer 2 (bearer secret, optional but recommended): your master password and a note on your two-step login method, as a fallback in case Emergency Access fails (contact locked out, invitation lapsed, contact predeceased you). With the master password + 2FA recovery code, survivors can bypass the wait entirely.
- If you escrow the master password, also escrow your two-step login recovery code (Settings > Security > Two-step login > View recovery code) — a password without the second factor is a locked door.
What your survivors do
- Check the AmberKey packet: it names the Bitwarden emergency contact. If that’s you, log in to your own Bitwarden account at vault.bitwarden.com.
- Go to Settings > Emergency access, find the deceased’s name, and click Request access.
- Now you wait. Bitwarden emails the account owner and holds the request for the waiting period listed in the packet (often one to four weeks). This delay is a safety feature, not a problem — you don’t need to do anything during it.
- When the wait time passes with no response, access is granted automatically. You’ll get an email. Go back to Settings > Emergency access:
- If the packet says Takeover: you’ll set a new master password for the deceased’s account. Write it down somewhere safe immediately. Their old two-step login is removed as part of takeover, so the new password is now the only key.
- If it says View: you can read every login, password, and attachment in their vault.
- Log in to the deceased’s vault and export a backup first (Tools > Export vault) before changing anything.
- Work through the vault alongside the AmberKey packet: it tells you which accounts matter and in what order. Do not close the deceased’s email accounts until everything else is settled — password resets go there.
- If Emergency Access doesn’t work (no contact set up, or you’re locked out of your own account): check AmberKey Layer 2 for the escrowed master password and 2FA recovery code, and sign in directly at vault.bitwarden.com. Bitwarden the company cannot help — they never have anyone’s keys.
Required documents
- None. This is entirely between the two Bitwarden accounts — no death certificate, no court, no support ticket. (That’s also why the wait time matters: the only gate is time plus the contact’s own login.)
Expected timeline
- Setup now: 15 minutes plus the contact accepting within 5 days.
- After death: the configured wait time (1–30+ days), then immediate full access.
Gotchas
- Your emergency contact’s account IS your vault’s back door — secure it accordingly. Anyone who takes over their Bitwarden account can request access to yours and simply wait out the timer. Their master password and 2FA are now part of your threat model. Pick someone who runs their account carefully, and pick a wait time long enough that you’d notice a rogue request while alive.
- If your contact loses their own master password, the grant dies with their account. Bitwarden can’t reset master passwords; a contact who recreates their account is a stranger to the grant and must be re-invited — which requires you, alive. This is the strongest argument for also escrowing your master password to Layer 2 and/or naming a second contact.
- If your contact deletes their Bitwarden account, they’re silently removed as your emergency contact. Re-invite required. Glance at Settings > Emergency access once a year and confirm the status still says confirmed.
- “Invited” and “Needs Confirmation” are failure states. The invitation expires in 5 days, and an accepted-but-unconfirmed contact has no access rights. The setup isn’t done until the status is confirmed.
- The owner can approve or deny a request — so can anyone holding the owner’s account. If the account is compromised or a family conflict exists, a request can be denied before the timer expires; only the timer running out unanswered guarantees the grant.
- Takeover removes the deceased’s two-step login and sets a new password — it’s irreversible in practice. That’s correct for estates, but it means the first person to complete takeover controls the vault. If multiple contacts exist, coordinate.
- Rotating your account encryption key? Re-verify emergency access afterward. Bitwarden’s docs flag key rotation as a delicate operation and don’t state how it interacts with existing grants — after rotating, check the current policy at https://bitwarden.com/help/account-encryption-key/ and consider re-confirming your contact.