Account access history

anon93789752 · March 23, 2021, 11:11am

Yeah your right. But there are always so many thing people want added to bitwarden that it’s hard to get a topic up there. you see. @davistom

DATA · March 31, 2021, 6:21pm

This is really important to have. Today I received a two-factor code text to my cell phone from my bank (they don’t support other two-factor methods). This could have either been the bank system sending the code in error, someone (or thing) trying to log into my account, or something else I am unaware of.

Well I logged into my bank account and checked my logon history (same as account access history) and was able to view a set of IP Addresses. One IP address was associated with the time that I received the two-factor text. So I was able to see that the code was tied to the event of an actual login attempt.

I called the bank and asked a series of questions. There wasn’t a history of any failed login attempts with an incorrect password. So whatever method my bank account was being signed into with had the correct username and password.

My password was randomly generated in Bitwarden. This means either someone somehow got access to my Bitwarden account or one of my devices was compromised and in away allowing my Bitwarden data to get compromised or something else.

I would love to check my Bitwarden login history but can’t.

Nat · April 1, 2021, 8:27am

@DATA You could “Deauthorize all vaults” in the web vault and change the master password, if you believe that your Bitwarden account Has been compromised.

You can also check the email address that you used with Bitwarden. The email address should include all the new login together with the IP address and the time of the login. But as a precaution, do NOT store the complete password of that email address in the Vault, or else the hacker could easily erase the login record from your email.

nai · September 13, 2021, 1:15pm

I’m really surprised access auditing isn’t already implemented. In my opinion, the feature is essential to any security-critical system. I really want to know ASAP if my master PW is ever used by anyone to get through to the 2FA challenge, but I don’t want to have to use email 2FA to enable that.

haneef95 · November 20, 2021, 11:05am

A must have, but could easily be used by malicious actors to overwhelm the database.

The malicious actor just has to keep trying to login with different credentials and it’ll have a log in the DB. Even 10s of 1000s! Unless ofc, there’s a captcha after x number of attempts.

So, when implemented, there has to be an aggregation algorithm. Maybe, based on session cookie or something.

Harper_Caelestis · January 6, 2022, 1:45pm

ironic, hoping to have these kind of feature added for all users

grapereader · February 15, 2022, 10:58pm

Lack of audit log in such a sensitive security product makes me very uncomfortable.

Miguel_Matos · February 2, 2023, 1:27pm

I hope this see the light of the day.

will · March 14, 2023, 3:14pm

I do not know how to participate in the vote, I do not see any option where I can vote but my vote is in favor of implementing an option where we can view the sessions that have been opened from our account where we can see the date and the device.
Also an option where we can view at all times the devices that are connected or open sessions.
I do not think it is something difficult to implement and any app that has a good reputation in security has these options implemented, I really do not understand how this is not already possible and is something that subtracts level of security to our user accounts within the app.
So bitwarden developers put the batteries with this already because it is something that you should offer us as soon as possible.
Thanks

DROP_TABLE_customers · March 20, 2023, 7:28pm

This is a really important missing feature. I’m investigating a possible password breach and the fact that I cannot tell if someone who wasn’t supposed to accessed the Bitwarden vault makes it really difficult.

davistom · March 21, 2023, 9:46am

This feature request has been in play, in one or another of several variations, since before I first explored BW. That is over three years ago. I naively participated in the related community discussions up to about a year ago when I decided to give up in frustration at the absence of meaningful response. Just some advice from the war weary.

misterp · July 14, 2023, 1:36pm

Hi, I agree with you all. I just did something I shouldn’t have done, yesterday evening, trying to show how to use BW to a good friend, on her computer. I showed my pwd for two seconds. today my main email was blocked by the provider, talking about suspicious activity. I m afraid my BW password could have been stolen but if understand you well I’m completely enable to check a log of connection to BW!
WOW ! That function is extremely important, I would even say CRUCIAL.

milotig · July 16, 2023, 5:42pm

I would also love to a function like this for Bitwarden Premium users. It found it kinda strange it wasn’t there already. (Although of course, you get emails when someone with an other ip-adres tries to login).

nothanco · July 30, 2023, 6:26pm

I tried to use this feature a while ago and realized that it doesn’t exist. In my opinion, it’s necessary, especially for a security-oriented service.

XploD · August 9, 2023, 8:46am

I second that! I would be really eager to see if someone else tried to access my (premium) account (selfhosted docker)

terran5992 · September 2, 2023, 5:00am

Bumping up this feature

Patrice_FERLET · September 3, 2023, 3:07pm

I’m pretty sure that my account was acceded by someone, I cannot check… This is a very importante feature (paid subscription)

Noah_Buhler · November 4, 2023, 7:31pm

Build this!!! A bunch of my Accounts got hacked, and I don’t know if my how safe my Password Manager is. Obviusly I changed Password and logged out all devices, but knowing wheter someone else accesed Bitwarden is pretty important. (The other accounts beeing compromised could also be some sort of Session hijack, as none of my passwords got changed…

Mike_Van_Pelt · November 13, 2023, 3:19am

LastPass has this. After the last breach, and LastPass TPTB handling it (in my opinion) a whole lot like MBAs and lawyers, and not at all like there was any input from actual security professionals, I bailed on my decade of LastPass use and moved everything to BitWarden. When I found there was no “last use of this login” logged, I was astonished that BitWarden does not log this. Not being able to see the last time I have logged into my various accounts is a Major Big Deal for me. I see people clamoring for this feature for years, to no avail.

I’m wavering over switching back to LastPass. I’d much prefer BitWarden’s Open Source approach, but I NEED that last use logging. With any hope that BitWarden is at all likely to add this feature sometime in the relatively near future, I’d definitely prefer to stick with BitWarden, but from what I see here, it’s not looking promising.

DaxInvader · November 20, 2023, 3:58pm

It’s insane that after 3 years this still isn’t done yet.

This is a must have. If I don’t have that feature soon I’m jumping ship. Again. I’m a paid subscriber too.

Created an account just to say this