The discussion that was ongoing above (above the merged comments) may resume below…
Yes it was. But as I have explained entering the recovery code had no effect on the process
No, I entered the code, had a little message pop up saying 2FA was disabled and then taken back to the login screen. Which requested the email code.
No, this was in my usual browser
No, I have now “used” it more than once. And I just get the message that 2FA has been disabled. Which it hasn’t and it’s back to square one.
More data.
On my incognito browser accessing the web vault, I turned off all 2FA. I then logged out and logged in straightway - no 2FA challenge.
BUT !!!
I then went to login to my “normal” browser and once again got the verification email challenge for anew device. And …. guess what ? I am still waiting for that email
Fine with me. But I would add, that I already see at least two issues here in this thread:
-
2FA recovery code potentially not working as it should
-
@JLC seems to be confronted by the NDLP in certain circumstances, though 2FA is active
I think those issues may be related, as the latter seems to have been triggered by the former, and that the NDLP is occurring even though 2FA that should not be active is in fact still active.
That would be expected.
Also expected! – I tried to write before, that this is NDLP you are seeing here. And emails for that get sent to your account email, so unless you changed the email address of your Bitwarden account/vault, I wouldn’t expect any change here now.
I’m not exactly sure if I understand @JLC now correctly, but I think they used the 2FA recovery code, because they couldn’t get the email verification codes – and since email 2FA was not activated (according to one of the screenshots), then NDLP would have been there for @JLC before the recovery code even was used.
And I am not getting these emails.
We can agree on that, including the fact that it is unclear what 2FA methods were enabled for JLC’s account before they attempted to use the Recovery Code.
Regardless, unless someone can reproduce the sequence of events that JLC experienced, these observations may not be of much value for purposes of formally reporting a bug.
So after a bit more messing - using virtual machines and TOR circuits, the problem seems to be simply that for whatever reason, when a login is attempted with my everyday browser - Brave - then I never get the NDLP email verification.
However if I try and login from any other machine, the NDLP email arrives within a second. So clearly the email mechanism is working and there is nothing wrong with my registered email address.
(I have now re enabled 2FA 
)
If BitWarden support get back to me I’ll supply what they need. But it’s been 3 days now.
Really I should close this thread and open a new one. But since I have a workaround (my ITIL training kicking in) then I can carry on with my life.
Interesting! – Honestly, the thought that it might have a connection to using Brave also occurred to me yesterday. There was this thread a few weeks ago: Google accounts keep logging out in Brave after installing Bitwarden extension – and I also made a post in there about Brave causing reauthentication requests on a certain banking site literally every few seconds.
But I mainly thought of the 2FA recovery code not working “because” of Brave (speculation!)… so, interesting find, that email verification seems to be “browser dependent” (to a certain degree 
).
Glad to hear that you’ve found an acceptable work-around.
With due respect, you have alleged some unexpected behaviors (possible bugs) in this thread that go significantly beyond “simply” failing to transmit email messages (which is the whole reason that this thread has been separated from the “Emails not being sent” thread). Perhaps we can chalk up those other observations to some one-off technical glitch, and/or to imperfect recall of the events that transpired.
Just to be 100% clear, I am now saying that the fault I am encountering seems to be the NDLP process. Nothing to do with 2FA.
Oh quite. I mean if I was peddling a new drug then I would revisit all the actions here and create a solid hypothesis for retesting and trying to advance the understanding. I mean I would call myself a scientist before a sales executive.
There are a lot more steps I could take to nail this down. I haven’t rebooted this machine for example (which is almost the first commandment of Windows anything debugging).
Superficially I can’t see how a browser can prevent the email generation mechanism. However I am sure there is some real funky javascript in the pages and all sorts of clever callbacks and webhooks and any number of cracks for things to fall into and get lost. Brave does run with an inbuilt set of “shields” to protect from malware.