i hope these security feature can be improved so that we as users can know when any Unauthorized login is made
@Kim2002 Same! We need this feature!
It would provide extra piece of mind if it were possible to receive failed login notifications by email to warn you that someone tried to gain access to your account.
I’m not sure what I would do if I got one, - but it’s always nice to know.
Would be useful. On a side note, I find this related to my suggestion of having a session management which shows the current logins with devices and IP addresses. You can vote here: Session management
I also think this would be a great feature.
I’m surprised this doesn’t already exist.
Any updates on this? What are the security measures in place to alert an user that their security may be at risk?
hoping for unlock/login failure alerts also (so we know if someone knows our bitwarden acct email, or knows our master password but is just 2fa blocked)
Great point. Love the better safe than sorry approach. Thank you!!
Just chiming in to say that I would also love to receive an email if somehow someone knows my email and master password and 2FA is the only thing preventing them from authenticating.
Maybe a good premium feature to offset the additional email costs. Although for the vast majority of users—hopefully—these notifications will never be needed and will be few and far between.
This is something I would like to see as well. I want to be notified if someone tries to login with my master password, even if they can’t pass the 2FA.
Would it be possible to have an email when someone tries to login?
Currently we get an email when you fully login but in case your password is known by someone else but the 2FA isn’t could an alert be sent stating attempted signin?
This would warn the user to change their password and maybe their registered email.
+1 would be awesome, just like in lastpass.
Great, hoping to have much more active notifications of every login
Are they considering this feature? especially number 1? Knowing or notifying you with failed login attempts will surely help you at least to change your password. Even though you have two of something that your bitwarden needs in order to access the account (password, 2FA), cutting them of by changing the password asap would at least give you a peace of mind.
Thank you and I genuinely hope you guys are reconsidering this.
I looked at the security settings and there are none of these options available. This is by far one of the most needed security implementations to add to user accounts.
It would be nice if alerts/notifications could be triggered when certian credentials were accessed. The alert should include details like the name of the account that accessed the credential, date/time, frequency, actions taken (eg. Copy Password etc…).
To further enhance this sort of thing, if certian credentials could require a justification for accessing them, that justification should be sent in the alert as well.
- every time a new session is opened in bitwarden from a new device
- every time a session is opened from a country/region different to the usual one. The second phase would be to add this feature: Restrict account access to certain countries/IP ranges - #9 by l0rdraiden
- every time there are X consecutive login attempts failed from the usual country.
- every time there is a failed login attempt from a country that is not the usual one.
- every time the password is introduced succesfully but the session fails because the 2 step verifications fails or is not used. (Someone knows your password but wasn’t able to login due 2FA)
The email will contain all the information available about the attempt like the IP, time, browser, location, etc. In addition there should be a log in the web interface to see all the details of the sessions and login attempts
For me it would make sense to try to avoid emails, it would be best to have a public and private key for the login. Generally, they use email for marketing or phishing. There are cool features like these that can make logging into Bitwarden even more secure:
1. Restrict account access to certain countries/IP ranges
2. Private key management for nostr accounts
3. SQRL Identity
4. “A complementary idea would be to add a personalized email to receive notifications and ensure greater control.” that makes sense? what do you all think about this idea?