ALREADY DONE: Email on new device logins, or require email token (in addition to other 2FA) for new devices?

I’ve appreciated when other services either allow for emailing me when I log in, or sending me an email token for never-seen-before devices or IP addresses. You’ve already implemented email token validation, so requiring email for all new devices, in addition to whatever else 2fa was set up, should be an incremental feature.

Another approach could be a notification sent to all logged-in devices, to allow or disallow the new login. For extra credit, you’d include the requesting IP address. For extra-extra credit, you’d do a reverse geo lookup to say where the login was coming from.

I’d assume it’d be an opt-in option, and I’d be fine with either approach, but it’d be nice if I could get notified when new devices were being granted access to my secrets.

Thanks for BitWarden!

Huh, I just tried again from a different device and I did get a notification, so I guess this is already a thing! Excellent, thanks!


I also think it would be a great feature, if the user would be emailed for every attempt to log into his vault from a new device or a new IP address.

I also think this feature already exist. But could you confirm that it is the case ?

Kind regards.