Adding more security to Bitwarden user accounts

Starting in February, Bitwarden will bolster user account security for those users who are not utilizing

for their Bitwarden account. When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults. Read on to learn what this means for you and why this is being enacted.

Having a

that has never been used anywhere else is the best protection for your Bitwarden vault. The next best protection is having two-step login (2FA) turned on to protect account authentication. Many users follow these best practices, but some do not, increasing their risk of being a victim of a cyber attack, such as

credential stuffing

(automated password-guessing) or phishing.

Password vaults are valuable targets for hackers, making it important to ensure they’re strongly secured. Bitwarden is placing a

on logins from unrecognized devices to vastly improve the protection for accounts lacking the critical security measure of two-step login. This ensures that these users’ sensitive information stays private and out of hackers’ hands.

Soon, after you enter your Bitwarden account email address and master password, if the device where you’re logging in is not recognized by the Bitwarden server and you do not have two-step login enabled nor are using enterprise SSO, Bitwarden will email a verification code to the email account on file. You will need to go to your email account to access the code and provide it to the Bitwarden application to continue.

Emailed verification codes are common today, and everyone is generally used to receiving them. However, Bitwarden users who store their email account credentials within their Bitwarden vaults would have trouble accessing the sent codes if they are unable to log in to their email.

To prevent getting locked out of your vault, be sure you can access the email associated with your Bitwarden account so you can access the emailed codes, or turn on

to not be subject to this process altogether. In-product messages in the Bitwarden applications and email reminders urge users to take either of these actions to ensure access to vaults remains uninterrupted.

Read the

in the Bitwarden help center to learn more details on what triggers this process, who it applies to, and what constitutes an unrecognized device.

The best security starts with you!

First, be sure your master password is strong. It should have never been used before anywhere else, and doesn’t follow a pattern of any other passwords you’ve had in the past.

Next, turn on two-step login (2FA). Choose any type!

is a free app that generates login passcodes and is a great option for two-step login.

Practice good security habits! Be aware of what phishing emails look like, be skeptical of communications asking for passwords and personal information, and protect your device from malware and infostealers.

Finally, fill out the Bitwarden security readiness kit. Protect against lockout with

, which provides a place for you to save all the information needed to access your vault in case it's forgotten or lost. Store it in a safe place, which could mean printing it out (yes, on paper!) and keeping it in a fireproof safe or bank safe deposit box.

Use Bitwarden Password Manager to improve your security and that of your business too! Bitwarden offers

and

7-day free trials for business plans

. Bitwarden provides all the tools you need to stay safe online, including generating, saving, and autofill strong, unique passwords for every one of your accounts. Get started today!