From GitHub: auditing login history and kill active sessions · Issue #124 · bitwarden/server · GitHub
Ability to see when my master password login has been used, which IP address/location, device used it and the ability to kill a logged in sessions.
10 Likes
original requestor here.
If not yet implemented, I consider access auditing fundamental to any system. Unfortunately I can’t even consider this product without the ability to see how and where my account is used and accessed. This is one of those fundamental features that shouldn’t be limited to enterprise users as the comments in the github discussion shows.
I am sensitive to the amount of requests and how development work has to be prioritized (heck, I’m amazed that you all can keep up! Account management and all of the applications is a massive puzzle to undertake.) but I hope this will be taken as a fundamental feature some day.
5 Likes
In the old thread it was mentioned this was implemented in enterprise and coming to premium users. Is there any update to this? Its been a year.
3 Likes
Any update on the logging feature? Doesn’t seem like we’re asking for too much here…
5 Likes
I am also eagerly waiting for this feature to come to Premium users!
I think this is a very basic security feature that should have already been implemented.
3 Likes
Can anyone point me to the Milestone or feature branch in Github for this functionality?
I also agree, that account access history is something that, at a minimum, the Web UI should be able to display at the footer of every page. Or optionally, a “recent logins” type page. That lists all logins for X amount of time.
Thanks!
4 Likes
For privacy reasons, it would be good to be able to turn IP logging on and off.
Otherwise, great feature request IMO.
4 Likes
This is definitely a feature I feel is sorely lacking!
I got an email about an unauthorized login on one of my accounts, and started tightening security on that account. After a second unauthorized login attempt on the same account within a short timeframe I started wondering if anything else is compromised as well, like for instance my Bitwarden Vault.
I find that unlikely, but even so it seems like I can’t actually find out if anyone has logged in to my Vault since there’s no login history. I would definitely feel an extra sense of security by being able to see a log of my various logins to the Vault.
1 Like
You know whats funny about this feature request? They have this feature for the Bit Warden Forums. But not BitWarden itself.
Isnt this the same request as Session management
5 Likes
What about this request and this one?
Both are quite basic and useful.
1 Like
Bitwarden Community Forums is actually made by Discourse https://www.discourse.org/, a complete open source forum platform. So Bitwarden only like host this platform, the rest are pretty much done by the community.
1 Like
Bitwarden does send emails to you when a new device logs in. The Ip address and some other info are also provided.
1 Like
This is still pending, yet a very useful feature for all users, and knowing that enterprise clients get it but we premium users do not, it feels off. Almost all other cloud services for password managers have this feature, wich is pretty critical for a user to be able to asses a security breach.
Is this gonna be addressed at any point?
We don’t have it on a development timeline at this point, but one option for the time being would be to use our Teams Organization. We recently added full event logging and API access to it, as well as including Premium access for users.
This feature request seems pretty similar to:
Hope this important security feature will be implemented soon!
2 Likes
Is there a way to implement an account history option which could show the logins and events that occurred?
The account history feature would allow users to view all logins and events for your account, and the IP addresses associated with them. History is particularly useful if you’re concerned about unauthorized access to your account.
Logins – This login history could display the following for logins:
Date: The date login was used.
Name: Name of the domain accessed and/or failed login attempts.
Group: Name of Folder (if any).
IP address: From which the login was used.
DNS: From which the login was used.
Method: Method by which it was used (e.g., web browser name, device type, etc.).
Events – This events history could display the following for events:
Date: The date the event occurred.
Name: The name of the domain accessed.
Group: Name of folder (if any).
IP address: From which the event took place.
Action: Action taken within the account (e.g., change of Master Password, failed login attempts, enable/disable of multifactor authentication, etc.).
2 Likes
Yes i agree, display stuff like that if there ever were to be a feature like that added to bitwarden. But just to be clear If you want to display information like that, it should be accurate all of the time, if possible of corse (for example. an ip address should be displayed above everything at the top and it should be displayed using ipv4 address’s and NOT ipv6 address’s. (unless, of course you are un-able to do so witch in that case sure but it’s not recommended.) ) and it also should be easy to use and understand for the non technical people out there.
With Kind Regards,
Ebay,
A Bitwarden Customer,
Full access history logging/alerts/etc. may be overkill but being able to observe and selectively deauthorize current sessions seems like a pretty elementary feature. I am a bit annoyed with myself for jumping into a premium subscription before realizing it isn’t available. The deauthorize all sessions shotgun isn’t adequate in my opinion.
1 Like
Of course!
I did not opine on “nice to have”. I just noted what I think is pretty elementary but doesn’t seem to attract much (any?) interest given the multi year trail of user requests.