Ghostboard pixel
Latest news
Privacy

Bitwarden’s New Security Feature Aims To Tackle Unauthorized Access

Bitwarden is enhancing security with a new feature for accounts without 2FA, adding extra protection against unauthorized access.

Sourav Rudra
3 min read

Taking care of your passwords in a reliable and secure manner cannot be understated in today's cybercrime-ridden world. That is why many people use open source password managers to enhance their privacy game.

And no, you should not be relying on a web browser's password manager to handle such sensitive data. That's what I believe.

I have been a long-time user of Bitwarden and can confidently vouch for its reliability and security. However, one thing has always bothered me: the absence of a gatekeeping mechanism for my account that doesn't have 2FA enabled.

Luckily, that's about to change. 😃

Bitwarden Tightens Up Security

a screenshot of bitwarden's new verify your identity page that is asking for a verification code sent to the entered email address
Source: Bitwarden

Starting February 2025, Bitwarden will require a verification code when users without two-factor authentication (2FA) log in from an unrecognized device.

This verification code will be sent to the registered email address of the user, so losing access to that email won't bode too well for their Bitwarden account. The criteria for a device being considered as a new one are the following:

  • You uninstalled and reinstalled the mobile or desktop app.
  • Cleared your web browser cookies or uninstalled the Bitwarden browser extension.
  • This is a new device that you haven't used before to log in to your Bitwarden account.

Bitwarden has started sending in-app alerts and email reminders urging users to either turn on one of the 2FA login methods or to ensure reliable access to their email address.

a photo that shows an important notice for bitwarden sending a code to email addresses to verify logins from new devices starting february 2025
Bitwarden's notice on my Android smartphone.

I have already gotten a notice on my Android smartphone to confirm whether I could reliably access the email address associated with my Bitwarden account.

Of course, if you want to avoid all that, then you can choose to enable 2FA, which will eliminate the need to enter a verification code whenever you log in from a new device. In doing so, you will also greatly strengthen the security of your password vault.

However, there are a few cases where this email-based verification can be skipped. One is the soon-to-be added opt-out setting in the Bitwarden accounts page, and the other is for users who log in using SSO, a passkey, or an API Key; they are exempt from this.

If you don't fit in the above-mentioned criteria, then the next best bet is to either self-host Bitwarden or switch to an alternative password manager like Proton Pass. It has some rather interesting features that can further safeguard your online identity.

For learning more about this change, you can refer to the announcement blog and the FAQ.

Suggested Read 📖

This Single Proton Pass Feature Saved My Inbox
A solid product feature of Proton Pass can help you save your inbox!
It's FOSSAnkush Das
Published in: Privacy
Author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, building custom gaming rigs/workstations, motorsports, and more.

View articles

Read next

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS News.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.