Starting in February, Bitwarden will bolster user account security for those users who are not utilizing two-step login (2FA) for their Bitwarden account. When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults…
I need to add 2fa to my Bitwarden… I have been meaning to do so, but so worried about getting locked out of it. Going to export my vault now.
When you set up 2FA for your Bitwarden account, create an emergency sheet
Please make sure we can turn this off. I use my bitwarden a lot and the last thing I want is to have to switch to a third app just to retrieve my password. I want simplification not complication.
I’m with you- if I’m accessing my vault from an unknown device, it’s usually because I don’t have my phone. So now I need to log in to my email on an unknown device, as well as my vault…
It’s only for unrecognized devices, similar to a lot of 2FA setups.
Simplification is when I tell my grandma to just use the password manager built into chrome. BitWarden provides security, and if you’re already accessing it with 2FA as you should then this change shouldn’t even affect you!
If this is something implemented in-client, we should be able simply to block updates. Failing that… well, a spreadsheet and notepad worked well enough before.
Bitwarden will let people opt out
Will they? I can’t find any mention of it
What it says on the FAQ: If users do not want new device verification, do not want to set up an alternate two-step login method, and do not want any security on their account, there will be an option to turn off new device verification in the Danger Zone settings when the feature goes live. However, we must emphasize that this is strongly not recommended, as it leaves your account vulnerable to various attacks.
Thanks for the update