Additional security email alerts

Hi I was wondering if there were any plans to add email alerts on certain things like:

  1. Failed login attempts,
  2. Logins from unknown devices,
  3. Failed customer service interactions regarding your account

These seem like a good way to keep a pulse on your account especially if you were exposed in some breach you may not even know about and people are trying to access the accounts involved.

Thanks,
John

3 Likes

Also for organisations, to the admin when new users are added

5 Likes

I would very much like to see this option implemented.

5 Likes

Email alerts for new device logins are now live.

11 Likes

Thank you, will this be coming to on premise versions too?

1 Like

Would be great to see more options for this. i.e. send security alert whenever I logged in on web vault.

2 Likes

This is a very very critical feature, imho.

2 Likes

From Reddit: https://www.reddit.com/r/Bitwarden/comments/hp64zc/should_bitwarden_notify_more_often/

It would be really nice if Bitwarden notifies the user (through email) whenever a new login happens, regardless of whether the 2FA was entered or not, as long as the Master Password is correct. This would mean that the 2FA is now the only defense against hackers…
The OS version, time of Log in, and the IP address should be included in the notification. The notification should also specify whether it was a full login (with correct 2FA), or whether its only the Master Password that was correct.

This would give the user a Chance to Change the Compromised Master Password before the Vault gets logged into by the hacker and all the passwords get stolen…

I am very happy that Bitwarden notifies on every new login. However, if an attacker somehow got both the Master Password and the 2FA, it would be too late. All the passwords would be stolen…
It would be best that the user can know that its Master Password was compromised, before the Vault gets logged into by a hacker. Bitwarden should always be one step ahead of hackers! :grinning:

If Bitwarden’s Cloud gets hacked, the 2FA wouldn’t be of any use, since the Compromised Master Password is the Decryption Key.

Hope to see this security feature implemented soon! :slight_smile:
Thanks a lot!

10 Likes

Yes, email, SMS, app notification, any warning helps!!
Anyone trying to hack, the very first failed, we should be notify.
In fact, even the very first success, I want to know too.
For password management software, there is nothing is too careful, don’t you think?

2 Likes

@pkhliu
Exactly! Security ought to be number one for any password manager, especially for one like Bitwarden!

2 Likes

I agree with the fact that we should be warned if someone try to connect but enter the wrong password, but also if the wrong password is used but not the 2FA, meaning the master password has leaked.

1 Like

Both events are “login failed”, so messages for this event would be sufficient I guess.

I’m surprised this isn’t already a feature.

2 Likes

Please add this soon, this is another basic security feature together with Argon2 and GEOIP blocking and session management, bitwarden is missing.

2 Likes

Bumping this.

It would be nice to have failed login attempts. It doesn’t need to be an email but an option in settings. Even if it’s a premium feature it would be nice to have. It would also be nice to know if someone got my master password correct and the 2FA stopped them.

6 Likes

Yes please add this.

1 Like

same, would like to see such feature

i hope these security feature can be improved so that we as users can know when any Unauthorized login is made

3 Likes

@Kim2002 Same! We need this feature!

2 Likes

It would provide extra piece of mind if it were possible to receive failed login notifications by email to warn you that someone tried to gain access to your account.

I’m not sure what I would do if I got one, - but it’s always nice to know.

1 Like