Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)

(Imagine leaving your key in your house, lol)

Source: https://bitwarden.com/help/new-device-verification/

Excerpt:

To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.

Good thing I noticed, otherwise I might’ve had a bad time next month 😖

Edit: Updated title to clarify that people who have 2FA are not affected.

  • ERROR: Earth.exe has crashed@lemmy.dbzer0.comOPEnglish
    71·
    3 days ago

    Also, I’m not sure if anyone else get any notice, but in my experience I didn’t even get a notice in my email at all. I just went to the browser page moments ago and saw the notice. I was like “WTF”. I logged in a few days ago on the 22nd and didn’t see that, so this must be recent. Less than 10 days of notice? Wtf Bitwarden?!?

    (I don’t currently use 2fa because I have trouble with misplacing 2fa stuff, so I’m more likely to get myself locked out with 2fa, than having someone hack my vault without 2fa.)

    • theredhood@lemm.ee
      2·
      3 days ago

      Just use something like ente auth, then you can just login online anytime and get your 2fa codes.

    • YarrMatey@lemmy.dbzer0.com
      21·
      3 days ago

      Are you able to remember a strong password? If you can then you can use something like KeePass, it is an offline password manager (and authenticator) that you can use on your phone and PC and backup the file anyway you want, in storage and the cloud. It is very easy to import and export.

      Use the 3-2-1 rule for storing your vault:

      Maintain three copies of your data: This includes the original data and at least two copies.

      Use two different types of media for storage: Store your data on two distinct forms of media to enhance redundancy.

      Keep at least one copy off-site: To ensure data safety, have one backup copy stored in an off-site location, separate from your primary data and on-site backups.

      I have a Bitwarden vault for passwords and a KeePass vault for TOTP. I would use at least 2 Yubikeys as well but I’m using degoogled Grapheneos. I hate email and SMS verification for MFA, and my stupid banks only support these two methods.