Bitwarden Now Forces Email Verification to Protect Password Vaults from Unauthorized Access

Bitwarden Now Forces Email Verification to Protect Password Vaults from Unauthorized Access

Bitwarden Enhances Security with Mandatory Email Verification

Password management service Bitwarden is implementing a new security feature for users who haven’t enabled two-factor authentication (2FA). Starting February, the platform will require email verification when detecting suspicious login attempts from unrecognized devices.

The new security measure will trigger in three scenarios:
– Logging in from new devices
– Reinstalling mobile or desktop applications
– Clearing browser cookies

Users will receive a verification code via email, which must be entered to access their password vault. This effectively creates a basic form of two-factor authentication for all users, though Bitwarden still recommends implementing stronger security measures such as authenticator apps or FIDO-compliant passkeys.

Important Exceptions:
– Users with active 2FA
– Accounts using API keys
– SSO-enabled accounts
– Self-hosted Bitwarden instances

The company has addressed potential concerns for users who store email credentials in their Bitwarden vault, warning of possible access issues. To prevent lockouts, users should either maintain separate access to their email accounts or enable proper 2FA on their Bitwarden account.

Bitwarden emphasizes that this additional security layer doesn’t replace the need for strong master passwords, and users should continue maintaining robust password practices.

Share This Article