Introduce a anti-phishing phrase for all emails which will uniquely identify the Bitwarden service provider and your account.
Binance has this feature where you introduce a specific phrase into the account settings, and then this phrase will then appear in all Binance communication emails:
Pros:
Cons:
This sounds like an interesting idea.
So, that is a “static phrase”, right?
I also think it’s an interesting idea in general.
But a “static phrase” could itself get phished or otherwise “stolen” by malware (probably not in your BW account itself, but in your emails then).
There is a feature called BIMI that is supposed to make it easier for a user to verify email authenticity
What is BIMI and why is it important? | DigiCert FAQ
My understanding is email programs (like gmail) won’t display the logo in that position unless the full suite of dmarc/dkim/spf checks is configured in the most secure way, and they all pass. Many messages that will make it through the spam filter won’t meet the requirements for displaying a bimi logo.
Unfortunately, Bitwarden notification emails don’t always pass DKIM…
yep, it could, although this is a step away from no phishing protection.
It’s not a bullet proof solution but compared to how easy it is to implement, it’s a good one imho.
There is a way to accomplish this today… plus-addressed email. Most email providers allow you to append a plus sign followed by an arbitrary string to your name, for example,
If you use a plussed-address email address exclusively for Bitwarden, it can serve as the equivalent of an anti-phishing identifier.
The complication is that you will also need to login to your vault using the plussed-address.
I think it’s effortless to add a piece of dynamic text to an email.
