this post was submitted on 27 Jan 2025
31 points (94.3% liked)

Bitwarden

882 readers
1 users here now

Discuss the Paswordmanager Bitwarden.

founded 2 years ago
MODERATORS
wuffa@discuss.tchncs.de
31
Adding more security to Bitwarden user accounts (bitwarden.com)
submitted 3 weeks ago by neme@lemm.ee to c/bitwarden@discuss.tchncs.de
12 comments fedilink hide all child comments
top 12 comments
sorted by: hot top controversial new old
[–] Zachariah@lemmy.world 15 points 3 weeks ago (1 children)

Starting in February, Bitwarden will bolster user account security for those users who are not utilizing two-step login (2FA) for their Bitwarden account. When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults…

[–] nokturne213@sopuli.xyz 4 points 3 weeks ago (1 children)

I need to add 2fa to my Bitwarden… I have been meaning to do so, but so worried about getting locked out of it. Going to export my vault now.

[–] Dreamless4561@sh.itjust.works 3 points 2 weeks ago

When you set up 2FA for your Bitwarden account, create an emergency sheet

[–] sabreW4K3@lazysoci.al 5 points 3 weeks ago (3 children)

Please make sure we can turn this off. I use my bitwarden a lot and the last thing I want is to have to switch to a third app just to retrieve my password. I want simplification not complication.

[–] gazter@aussie.zone 7 points 3 weeks ago

I'm with you- if I'm accessing my vault from an unknown device, it's usually because I don't have my phone. So now I need to log in to my email on an unknown device, as well as my vault...

[–] walden@sub.wetshaving.social 2 points 3 weeks ago

It's only for unrecognized devices, similar to a lot of 2FA setups.

[–] smeg@feddit.uk 1 points 3 weeks ago

Simplification is when I tell my grandma to just use the password manager built into chrome. BitWarden provides security, and if you're already accessing it with 2FA as you should then this change shouldn't even affect you!

[–] CaptObvious@literature.cafe 2 points 3 weeks ago (1 children)

If this is something implemented in-client, we should be able simply to block updates. Failing that… well, a spreadsheet and notepad worked well enough before.

[–] Dreamless4561@sh.itjust.works 1 points 2 weeks ago (1 children)

Bitwarden will let people opt out

[–] CaptObvious@literature.cafe 1 points 2 weeks ago (1 children)

Will they? I can’t find any mention of it

[–] Dreamless4561@sh.itjust.works 2 points 1 week ago (1 children)

What it says on the FAQ: If users do not want new device verification, do not want to set up an alternate two-step login method, and do not want any security on their account, there will be an option to turn off new device verification in the Danger Zone settings when the feature goes live. However, we must emphasize that this is strongly not recommended, as it leaves your account vulnerable to various attacks.

[–] CaptObvious@literature.cafe 2 points 1 week ago

Thanks for the update