Summary: Bitwarden is implementing an additional security measure for users without two-factor authentication (2FA), requiring email verification for accessing accounts from unrecognized devices. This step aims to enhance account safety by prompting users for a verification code before granting access to their password vaults. Users are encouraged to activate 2FA for optimal protection against potential threats.
Affected: Bitwarden users without 2FA enabled
Keypoints :
- Users logging in from unrecognized devices will need to enter a verification code received via email.
- The security measure acts like two-factor authentication, even for those who have not activated traditional 2FA.
- Events triggering the email verification include logging in from a new device, reinstalling the app, or clearing browser cookies.
- Users must ensure they have independent access to their email credentials to avoid being locked out of both accounts.
- The update does not replace the need for strong master passwords, which should be long, unique, and varied in character types.