[tptacek]

Am I reading it right that this allows people to designate access to their password manager via email? I feel like I have to missing something, like a previous step that fingerprints the emergency contact's key or something.

(I get that we rely on email for stuff like this all the time, but your password manager is part of what protects your email account, which is why we rely on email as much as we do for resets).

[dsissitka]

They encourage you to verify the grantee’s fingerprint phrase:

> To ensure the integrity of your encryption keys, verify the displayed fingerprint phrase with the grantee before completing confirmation.

https://bitwarden.com/help/article/emergency-access/#confirm...

> The fingerprint phrase is an important security feature that assists in uniquely and securely identifying a Bitwarden user account when important encryption-related operations are performed (such as sharing).

https://bitwarden.com/help/article/fingerprint-phrase/

[WatchDog]

While I make heavy use of a password manager, I still choose to memorize my email password, and not store it in a password manager, precisely because it is is relied on so much, and can be used to reset the majority of the passwords stored in the manager anyway.

[Vaslo]

I’m with you. I’ve memorized an odd password for entry into my Bitwarden and my ProtonMail account.

[isatty]

For very important passwords that are stored in a password manager, salting it with a memorized phrase is a good idea. That way, if someone gets access to my password manager, they still won't be able to access everything in there.