Adding more security to Bitwarden user accounts | Bitwarden Blog
bitwarden.com
Bitwarden is bolstering user account security for logins from unrecognized devices. Learn more about what triggers the new verification process and who is affected.

Bitwarden users who store their email account credentials within their Bitwarden vaults would have trouble accessing the sent codes if they are unable to log in to their email.

To prevent getting locked out of your vault, be sure you can access the email associated with your Bitwarden account so you can access the emailed codes, or turn on any form of two-step login to not be subject to this process altogether.

  • MaiqEnglish
    132·
    2 days ago

    My problem with this is my email accounts are locked behind bitwarden. Can’t login to email without bitwarden. If both my devices get stolen at the same time I’m fucked. I’m not going to pay for premium to enable a emergency contact.

    Downloaded bitwardens authenticatior app. Now firefox on my computer is asking for me to press on a security key which I assume is some sort of biometrics my computer doesn’t have.

    I love 2FA I just don’t see how it is supposed to work if you need bitwarden to open your email to get your 2FA code.

    Let’s say your backpacking through south america and both your devices get robbed. Your ticket home is in your email. What’s the solution here? You can’t go to a coffee shop and login to your email because its securely locked behind bitwarden. You can’t login to bitwarden because you can’t access your 2FA from your email.

    What am I missing?

    • theredhood@lemm.eeEnglish
      14·
      2 days ago

      Use something else for 2fa not email. I used to use keepass for 2fa on my laptop and phone, but now I’m using ente auth. It’s convenient because I can login ente auth anywhere and get a code but the only thing is you’ll need to remember 2 passwords which is worth it imo.

      • MaiqEnglish
        31·
        2 days ago

        So I need a 2FA application? Just seems a little ridiculous as that is what I use email for. So my bw pass is well over 25 chars and I need to have another app that requires an equally strong pass. Just seems a little overkill! Especially changing passwords every year.

        • exu@feditown.comEnglish
          1·
          9 hours ago

          You only need to enter the 2fa code once on a new device. How often do you switch devices for this to be a significant effort?

          • MaiqEnglish
            1·
            5 hours ago

            I rebuild my OS sometimes three times a year.

    • otp@sh.itjust.worksEnglish
      7·
      2 days ago

      I remember two passwords. My email and my password manager. Oh, and one of my banks.

      Locking the key in the vault, or the backup vault, didn’t make sense to me. It also made sense for me to have access to one bank even if I lose both “vaults”.

      • MaiqEnglish
        5·
        2 days ago

        My email pass is over 25 more or less random characters that I change about once a year. That’s why I use bitwarden!

    • Fushuan [he/him]@lemm.eeEnglish
      3·
      1 day ago

      You provided a situation where your phone was robbed and you didn’t plan for it so you didn’t print the relevant information.

      So… Prepare ahead? Go to a relevant office with identification to get access to the relevant tickets again?

      “What can I do if all the tools at my disposal to get the relevant information are stolen?” You get fucked. Idk what else to tell you.