I had a warning of suspicious connection from a website, and effectively I didn’t connect to that website. In addition the geolocalisation wasn’t mine.
So I was looking for a connection log from Bitwarden, to know if someone logged on my Bitwarden account, or just got access to the website account only.
Something like “Connection from [web/browser extension/desktop/mobile app], date and time of the login, the IP address and a geolocalisation”.
The feature that helped me in this case was the alert from a suspicious connection. It could be useful to add this feature too, or even a “new device connection alert” sent by email.
Q: What do I do if I don’t recognize a new device logging into Bitwarden?
A: If the IP address of a new device doesn’t match any known IP addresses (home network, work network, mobile network, and so on), change your master password and make sure two-step login is enabled for your account. You should also deauthorize sessions from the Account settings page of your web vault to force logout on all devices. If you think your vault items might be compromised, you should change your passwords.
OKAY but where can I see that list of IP devices that connected to my BW account?
I don t see any option like “deauthorize” in “Account settings”
Search your emails for messages received from <[email protected]> that start with the text Your Bitwarden account was just logged into from a new device.. Personally, I have set up an Inbox rule that transfers any such messages into a dedicated mailbox folder.
Please refer to the instructions I provided in another thread:
Thank you so much.
I forgot about the mail we receive, when connecting from a “new” unknown device. An excellent measure.
It was a false alert for me yesterday.
When an SMTP request is sent and when suddenly I get connected to my VPN, and when that happens again, It can actually be considered as a threat by some program of the email provider. Same request from to different IPs.
No threat on my BW vault, then.
I nevertheless should not have shown my password to my friend through Teamviewer, even for 2 seconds. No doubt.
Besides I believe that summer is a typical period for large scale hacking coming from some countries. My other important email account had been hacked once, several years ago, it was in the summer and I saw it in real time.
I reinitialized the account password. You are never too careful.