[mcculley]

Giving out the root password is less than ideal. I would prefer that my heirs not have to lie about their identity. I’m not singling out bitwarden here. Most SaaS offerings do not think about these issues. Pretty much every system should have a way of delegating authority without requiring lies.

[panarky]

Bitwarden paid users have a feature called "Emergency Access" where you designate one or more other Bitwarden users who can access your vault in an emergency.

If you die or become incapacitated, your emergency contact can click a button to request access to your vault. You receive a series of emails requesting that you approve or deny their request.

If you don't deny their request within a wait time that you specify in advance, your public key-encrypted user symmetric key is delivered to the the emergency contact for decryption with the their private key.

More here -> https://bitwarden.com/help/emergency-access/

[seemaze]

While I agree with the premise, to equate utilizing another’s credentials as lying conflates a system identity with a physical identity. Is it lying when I give someone the keys to my car to drive? And when will this ‘root’ character realize I’ve been appropriating their login with abandon?

[rstuart4133]

> Giving out the root password is less than ideal.

I expect something akin to handing out the private key to your heirs is what happens. But the term "giving out" understates what happens: https://bitwarden.com/help/emergency-access/ It's an escrowed time lock. I haven't looked at the details, but I expect it's a multi step protocol involving at least two public keys. It the scheme of possibilities, it's pretty good.