I had a weird login request that I accidentally approved on my iPhone. I’m not sure if it was my login request. My Chrome extension had logged me out, and I had chosen to log in with my iPhone. However, I was also logged out of my iPhone. I logged in entering my master password with the Chrome extension and then logged into my iPhone. After logging into my iPhone, that’s when I received the popup. Not sure if it’s from my attempt with Chrome extension or not, but it has me worried that I accidentally let some attacker into my vault.
I’ve since changed my master password and also used the deauthorize access option for all devices that were logged in.
Does Bitwarden offer a list of IPs that logged in to see if a nefarious person has been allowed into my vault based on my inadvertent actions?
When I logged back in and chose to use the mobile device approval, it still asked me for my 2FA (key, authenticator code, or backup code).
So if a new location logs in regardless of mobile device approval, 2FA is still required before you can access the vault? If that’s the case, I love the increased security this offers.
I wish there was an email generated with each login that would provide the IP address, platform (Chrome, Windows, macOS, etc.), and date/time. Maybe even include a map showing where the IP address is. This would be a huge benefit to users. I would even prefer to have it with the option to show every login (even for known devices).
There is an email generated for logins from new devices (or apps) and it does include the IP address and type. The subject is "New Device Logged in From …] and it’s sent to the email address associated with you account.
I haven’t logged in from a new device in a while. I was more wanting to look at a webpage that had a list of IPs where recent logins occurred (like the last 25) even from known devices. It would be a great security enhancement.
In my case, I was afraid I accidentally approved a threat actor’s request for me to verify them using my device. I had tried to use my device to verify, but my phone was logged out. I ended up logging into my computer first with the password, and then I logged into my phone. When I logged into my phone, I received an authorization request that I quickly hit authorize for without realizing the one I initiated should have no longer been valid (it was >5 mins).
I hear you and no I’m not aware of a centralized list of recent sessions.
But if someone did try to log in and even if you did accidentally approve their device login request you will receive an email with the IP address of the newly permitted connection.