Fun story about shared passwords in Bitwarden... I recently had to undo that process because I’m going through divorce. We aren’t at the point of severing everything yet but my ex took the liberty of using the shared Bitwarden passwords to sign into each of the utility (gas, electric, etc) accounts and change the passwords. Thus locking me out.
I had resisted doing anything with the shared passwords prior to this because the process to unshare an account is to delete it from the organization and make a new entry on your personal vault.
Ultimately the blame is on me but the process for unsharing is broken. I guess the moral is to just be careful about sharing accounts in a BW org if you ever expect you might have to undo all of them. It was about 15 accounts in all because we had also shared everything related to financial institutions and health care. I did take the time to change each of them as well since there was no way of knowing what may have been copied.
That sucks though I’m not sure your story supports “the Bitwarden process for unsharing is broken”. If you could remove shared passwords from someone else’s vault wouldn’t that just leave _you_ with access, effectively locking out your spouse?
You can’t unshare them from the organization. Say you create an entry for Bank of America. You then later share that entry with the “Family” organization. That entry now forever lives with that organization unless you delete it and then make a new entry again in your personal vault.
A more user friendly approach would be for the entry’s ownership to always remain with the original creator and simply share that entry with the organization. You could then later revoke sharing the entry with others or the organization. This is how almost every other file sharing works.
I’m sure there are underlying issues, especially since the goal is for it to be cryptographically secure, it’s just not a very user friendly system and as I said it’s ultimately my own fault what happened to me.
Which was exactly what my spouse did to me by having access to the password and then changing it with the utility company and not updating it in the password manager.
I think as another commenter said we’re complaining about the wrong piece of the flow. Important accounts like utilities should have a mechanism where as many users as necessary are tied to an address. In many households it will be one user but in some it might need to be 2, or in the case of roommates 2+.
We can have multiple users tied to our mobile phone service provider so why not the gas or electric?
Sounds like you can already do that with the "delete from org + recreate in personal" workflow, so an "unshare" button would just be streamlining that existing capability.
the larger (but difficult to fix) issue here is that these important services don't seem to offer a good implementation of a joint account. if two people live in the same house, they should both have access to the account with the utility company to view balances and make payments, but neither should be able to lock the other out without some formal process. having multiple people share the same credentials is an antipattern.
I had resisted doing anything with the shared passwords prior to this because the process to unshare an account is to delete it from the organization and make a new entry on your personal vault.
Ultimately the blame is on me but the process for unsharing is broken. I guess the moral is to just be careful about sharing accounts in a BW org if you ever expect you might have to undo all of them. It was about 15 accounts in all because we had also shared everything related to financial institutions and health care. I did take the time to change each of them as well since there was no way of knowing what may have been copied.