I don’t think anybody has made that statement in this thread, and also, it is not accurate. Bitwarden’s servers will definitely know if you entered the correct password or not — that’s how they decide whether to give you access the the vault.
I looked at the security settings and there are none of these options available. This is by far one of the most needed security implementations to add to user accounts.
It would be nice if alerts/notifications could be triggered when certian credentials were accessed. The alert should include details like the name of the account that accessed the credential, date/time, frequency, actions taken (eg. Copy Password etc..).
To further enhance this sort of thing, if certian credentials could require a justification for accessing them, that justification should be sent in the alert as well.
- every time a new session is opened in bitwarden from a new device
- every time a session is opened from a country/region different to the usual one. The second phase would be to add this feature: Restrict account access to certain countries/IP ranges - #9 by l0rdraiden
- every time there are X consecutive login attempts failed from the usual country.
- every time there is a failed login attempt from a country that is not the usual one.
- every time the password is introduced succesfully but the session fails because the 2 step verifications fails or is not used. (Someone knows your password but wasn’t able to login due 2FA)
The email will contain all the information available about the attempt like the IP, time, browser, location, etc. In addition there should be a log in the web interface to see all the details of the sessions and login attempts
1 Like
Hey everyone.
For me it would make sense to try to avoid emails, it would be best to have a public and private key for the login. Generally, they use email for marketing or phishing. There are cool features like these that can make logging into Bitwarden even more secure:
1. Restrict account access to certain countries/IP ranges
2. Private key management for nostr accounts
3. SQRL Identity
4. “A complementary idea would be to add a personalized email to receive notifications and ensure greater control.” that makes sense? what do you all think about this idea?
Sometimes login from ios or a browser extension usually it always sends me an email saying a new login from that device, but recently I stopped receiving, I don’t know like maybe it’s a bug or something but sometimes I receive sometimes I don’t. I also thought about the following, how about receiving emails for other actions taken in bitwarden, such as email for informing that session has been deauthorized, maybe a email for informing vault has been purged, or specific login has been deleted or some detailed email for following up with account security, now of course it might be a spam but user can choose and select to opt in (everyone is opt out for default to avoid spam), on consent you can opt in to receive detailed activities on your account. Me personally I think it’s a really useful feature, to keep track on everything that’s happening on your account, security purposes. Let me know about your thoughts and opinion on such feature.
Any update about this feature? That would be a huge improvement in terms of security
Yes, especially failed login attempts
Failed Login Attempts have to be there I wan’t to be notified if someone tries to hack in to my account.
Security Feedback: Missing Email Notification for 2FA Authenticator Removal
Currently, when the 2FA authenticator is removed or updated from the security settings, no email notification is sent.
For enhanced security, it would be helpful to receive an email notification whenever this change occurs, ensuring users are alerted about potential unauthorized modifications to their accounts.
@bilgilendir Welcome to the forum!
I moved your request into this existing Feature Request (FR) to the same topic.
Just for the record - and as I don’t use the 2FA recovery code that often…: one does get a notification email when using the 2FA recovery code:
@res I moved your request into this existing Feature Request to the same topic.
I had removed 2FA on my bitwarden account and renewed it - but there was no email notification for that from bitwarden
@bilgilendir Since you responded to my post - did you use the 2FA recovery code for deactivating 2FA? - But I think, I agree, even if you deactivated 2FA in the web vault (without the 2FA recovery code), a warning message about “the result” (2FA deactivated) would be nice, independent of how it “happened”.
It doesn’t matter. When 2FA is disabled an email must be sent as an information
1 Like