How Bitwarden emergency access works (view vs takeover)
How does Bitwarden emergency access work? A trusted contact requests your vault after a wait time you set. Compare View vs Takeover, the 5-day rule, and the crypto.
Bitwarden emergency access lets a premium user name a trusted contact who can request the vault if the owner can no longer log in or provide it. The owner sets a wait time, and if they do not respond within it, access is granted automatically. Nothing leaks to Bitwarden along the way: decryption keys are never stored with the service.
What is Bitwarden emergency access?
It appoints trusted contacts who can request the vault when the owner can no longer log in or grant access themselves — a planned handoff where the owner decides in advance who steps in, what they see, and how long they wait.
Two roles do the work: the vault owner who grants access is the grantor, and the trusted contact who receives it is the grantee.
Who can set up emergency access?
Only premium users can appoint contacts, including members of paid organizations such as Families, Teams, or Enterprise. The named contact pays nothing: anyone with a free or premium account on the same Bitwarden server can be a trusted emergency contact.
What is the difference between View and Takeover access?
Each contact gets exactly one of two access levels, and the gap between them is wide enough to pick deliberately.
| View | Takeover | |
|---|---|---|
| What the grantee gets | Read access to every item in the individual vault, including login passwords and attachments | A master password they create, for permanent read/write control of the vault |
| Touches the master password? | No | Yes — it replaces the previous master password |
| Touches two-step login? | No | Yes — it removes any two-step login methods that were set up |
| Best for | A contact who only needs to read records | A contact who must fully manage the account |
Because Takeover replaces the master password and strips two-step login, grant it only to someone trusted to hold the account itself, not merely read it.
How do you set up an emergency contact?
Setup is a three-step flow split between the two people:
- The grantor invites. Specify the access level and wait time when sending the invitation.
- The grantee accepts. They accept the invitation, but watch the clock: invitations stay valid for only five days.
- The grantor confirms. Confirming the grantee's acceptance is the step that wires up the encryption described below.
Miss the five-day window and the invitation lapses — send a fresh one.
How does a grantee request access?
After confirmation the grantee can submit an access request. The grantor is notified by email and decides what happens next:
- Approve early. The grantor can approve the request before the wait time expires.
- Reject it. The grantor can reject the request.
- Do nothing. With no response, access is granted automatically once the wait time elapses.
How does the wait time work?
The wait time is the grantor's guard against an unexpected request: they set its length, and the minimum is one day. Inside that window the grantor can approve early or reject; only silence past it releases the vault. That delay is what turns the feature into a deliberate handoff instead of an open door.
The same check-in-then-handoff logic underpins any continuity plan — our explainer on how emergency access works across password managers maps the wider pattern.
Is Bitwarden emergency access really zero-knowledge?
Yes, and the key exchange is the reason secrets stay out of Bitwarden's reach.
- On confirmation: the grantor's User Symmetric Key is encrypted with the grantee's RSA public key and stored with the invitation.
- On approval: that public-key-encrypted User Symmetric Key is delivered to the grantee, who decrypts it with their RSA private key.
Since only the grantee's private key can open that envelope, decryption keys are never stored with the Bitwarden service, and all sensitive data moves in an encrypted state between the requesting and providing users — zero-knowledge end to end.
When is emergency access not available?
It disappears under one specific condition: emergency access is unavailable for an account whose organization has enabled the Automatic confirmation policy. If the feature is missing inside a managed organization, that policy is the likely cause.
Does Bitwarden's emergency access cover more than the vault?
No — it governs one vault. When responsibilities reach past a password manager, into accounts, instructions, and where keys physically live for the people who depend on you, a business-continuity check-in can sit on top of it. Proceedly runs on a simple rhythm: miss a check-in past a grace window and a person you name confirms (or, on the Pro plan, it releases automatically) before your encrypted handoff plan reaches the right people. It stores your instructions and where keys live, never the passwords — Bitwarden keeps those.
FAQ
Do both people need to pay for Bitwarden? No. The grantor needs premium or paid-organization membership, but the grantee only needs a free or premium account on the same Bitwarden server.
How long do I have to accept an invitation? Five days. After that it expires and the grantor must send a new one.
What is the shortest wait time I can set? One day is the minimum.
Will Takeover change my master password? Yes. The grantee creates a master password that replaces the previous one, and any two-step login methods are removed.
Can Bitwarden read my vault during this process? No. Decryption keys are never stored with the service, and sensitive data moves in an encrypted state between the two users.
Sources
- Bitwarden launches emergency access — roles, the request concept, and the zero-knowledge transfer.
- Bitwarden help: emergency access — eligibility, access levels, setup flow, five-day invitations, wait time, and the Automatic confirmation policy limitation.
- Bitwarden security white paper — the RSA public/private key and User Symmetric Key mechanics.