Today Bitwarden announced the rollout of the Account Recovery Administration policy (formerly Admin Password Reset), the latest feature added to the company’s portfolio of enhancements, purpose built to help enterprises seeking to ensure password security at scale. This is critical, especially as business ecosystems, end users, and value chains expand and become more disparate. Protecting business-critical data and assets start with secure passwords for every end user across the entire company.
With account recovery, available on the Bitwarden enterprise plan, administrators can easily reset end-user accounts if an employee loses or forgets their Bitwarden master password. But the benefits don’t stop here. With this added feature option, enterprises can:
Forgetting a password can be frustrating, especially if it means losing access to a Bitwarden Vault, which has a combination of important individual passwords and access to the Organizational shared credentials. Being able to reset a master password and reset accounts provides a seamless end-user password management experience.
Any tool is as effective as the team using it. The same principle applies to password management. Account recovery allows for easy account reset, improving the overall end-user experience. Employees who are following secure password protocols and regularly using a password manager play active roles in protecting their companies from data breaches and help reinforce behaviors that uphold their company’s security posture.
Enterprise administrators are busy -- account recovery empowers them to seamlessly provision new temporary master passwords for employees based on policies set for complexity, strength, and minimum length.
Administrators can enable the Account Recovery Administration policy and designate permission to other administrators. To reset, administrators navigate to the Organization Web Vault, select the specific end user who has lost or forgotten their password and generate a new temporary master password. When the user logs in with the temporary master password they will be prompted to update to a new password of their choosing.
Setting granular permission control is intuitive – administrators can grant access to other administrators or owners based on roles defined in a corporate directory.
The new feature remains consistent with the Bitwarden zero-knowledge encryption model.
If a company uses this policy, end users have a choice to opt-in to allowing administrators to reset their passwords. If activated, a public/private key exchange facilitates the option for an administrator to reset a user password. Administrators also have the option of enabling Automatic Enrollment that that enrolls users upon joining the organization. If the Account Recovery Administration policy is not activated and administrators take a hands off approach to Personal Vaults, end users remain responsible for their master password.
It is essential that companies remain transparent, establish clear communication of policy changes or updates to their employees, and ensure information and documentation of these policies are easy to find.
Our recent blog, “The Importance of the Personal Vault for Business Users,” further articulates the strategic thinking and planning that went into the development of this new feature. Read it here
Bringing open source transparency, end-to-end encryption, and full cross-platform access to enterprises seeking to build resilient password management at scale is a core part of the Bitwarden mission. Recent enterprise solution developments, with direct and ongoing input from the Bitwarden community, include:
Enterprise single sign-on leverages an organization’s existing Identity Provider (IdP) Personal ownership policy requires users to save Vault Items to an Organization Custom role configuration allows for granular user permissions
Bitwarden Send delivers a secure, simple way to share information directly with another person
Expanded biometrics across device types to unlock your Vault
Emergency access to designate Vault access to trusted emergency contacts
Account recovery is part of the Bitwarden June release rollout, which marks new features for usability, upgrades, and enterprise management. Learn more in our June release notes here
Account recovery is available for Enterprise Organizations on a current plan. It is not available to Classic 2019 Enterprise Organizations. If you are interested in upgrading to the current Enterprise plan, please reach out to our team at bitwarden.com/contact
Read the press release
Access the guide on the Help Center
Learn about the importance of the personal vault on the blog
Editor's Note: This article was updated on 10/28/21 with the addition of new details of how Admin Password Reset functions with enhancements from the October '21 release. The article was updated again in July '23 to reflect the renamed account recovery policy.