The Bitwarden Blog

Adding more security to Bitwarden user accounts

authored by:Ryan Luibrand
posted :
  1. Blog
  2. Adding more security to Bitwarden user accounts

Starting in February, Bitwarden will bolster user account security for those users who are not utilizing two-step login (2FA) for their Bitwarden account. When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults. Read on to learn what this means for you and why this is being enacted.

Verifying new devices to strengthen vault security

Having a strong master password that has never been used anywhere else is the best protection for your Bitwarden vault. The next best protection is having two-step login (2FA) turned on to protect account authentication. Many users follow these best practices, but some do not, increasing their risk of being a victim of a cyber attack, such as credential stuffing (automated password-guessing) or phishing.

Password vaults are valuable targets for hackers, making it important to ensure they’re strongly secured. Bitwarden is placing a new verification measure on logins from unrecognized devices to vastly improve the protection for accounts lacking the critical security measure of two-step login. This ensures that these users’ sensitive information stays private and out of hackers’ hands.

The new verification process at login

Soon, after you enter your Bitwarden account email address and master password, if the device where you’re logging in is not recognized by the Bitwarden server and you do not have two-step login enabled nor are using enterprise SSO, Bitwarden will email a verification code to the email account on file. You will need to go to your email account to access the code and provide it to the Bitwarden application to continue.

The new verification screen in the web app during the login process for users without two-step login turned on. - The new verification screen in the web app during the login process for users without two-step login turned on.
The new verification screen in the web app during the login process for users without two-step login turned on.The new verification screen in the web app during the login process for users without two-step login turned on.


Ensure you have access to your account email if you don’t have two-step login turned on

Emailed verification codes are common today, and everyone is generally used to receiving them. However, Bitwarden users who store their email account credentials within their Bitwarden vaults would have trouble accessing the sent codes if they are unable to log in to their email.

To prevent getting locked out of your vault, be sure you can access the email associated with your Bitwarden account so you can access the emailed codes, or turn on any form of two-step login to not be subject to this process altogether. In-product messages in the Bitwarden applications and email reminders urge users to take either of these actions to ensure access to vaults remains uninterrupted.

Read the FAQ document in the Bitwarden help center to learn more details on what triggers this process, who it applies to, and what constitutes an unrecognized device.


How to stay protected

The best security starts with you!

First, be sure your master password is strong. It should have never been used before anywhere else, and doesn’t follow a pattern of any other passwords you’ve had in the past.

Next, turn on two-step login (2FA). Choose any type! Bitwarden Authenticator is a free app that generates login passcodes and is a great option for two-step login.

Practice good security habits! Be aware of what phishing emails look like, be skeptical of communications asking for passwords and personal information, and protect your device from malware and infostealers.

Finally, fill out the Bitwarden security readiness kit. Protect against lockout with the Bitwarden security readiness document, which provides a place for you to save all the information needed to access your vault in case it's forgotten or lost. Store it in a safe place, which could mean printing it out (yes, on paper!) and keeping it in a fireproof safe or bank safe deposit box.


Keep your digital life secure

Use Bitwarden Password Manager to improve your security and that of your business too! Bitwarden offers unlimited free individual plans and 7-day free trials for business plans. Bitwarden provides all the tools you need to stay safe online, including generating, saving, and autofill strong, unique passwords for every one of your accounts. Get started today!

Get started with Bitwarden today.