Country Based Geo-IP Block

Country Based Geo-IP Block

"By default, LastPass restricts you to the country where your account was created. If you plan to travel internationally, we recommend adding any additional countries to your trusted list. "

Just wondering if there’s any update on this ?

I think this is very useful for blocking people outside your country.

Any hacker can bypass this with a VPN service. This is more of a sales gimmick by LastPass than real protection, IMO.

16 Likes

It’s still better than allowing anybody in the world to log into your account and it wouldn’t tell the user what country you have to sign in from to use the username/email.

4 Likes

Once U2F is implemented, blocking of any kind becomes moot. The only thing your password serves is to encrypt your vault because you shouldn’t trust BW. You know what I mean. zero-knowledge E2EE and all that.

But how will a hacker know which country I live in. A VPN provider like Private Internet Access has servers located in more than 48 countries. How will the hacker make a decision? This feature will give some security to our accounts.

2 Likes

Yep, uncrackable!

:frowning:

1 Like

This would surely increase the security of the vault, even if the attacker used a VPN or a proxy!

It would also be really nice if Bitwarden notifies the user through email that someone entered the correct Master Password but could not access the Vault because of its IP address isn’t allowed by this setting, because then, the user would be able to change the compromised master password without having any of its passwords stolen!

I would certainly love to see this feature implemented soon! :grinning:

1 Like

Nobody said it is uncrackable. It just makes it harder for somebody in another country to access our accounts. Let’s say you live in Mexico and somebody from Brazil tried to get into your account. They would be blocked from logging in, even if they have your master password. They would just be told that the login info is incorrect, but the real reason is that they logged in from the wrong country.

6 Likes

What’s stopping them from using a VPN? Country blocking is security theater.

2 Likes

This is pretty important and should be added soon.
In addition to block access from TOR network.

4 Likes

Nothing but that’s not the point. They don’t know what country you’re in so that’s another step they have to take, picking the right VPN to even make an attempt. An unsuccessful attempt should not reveal what country you need to be in.

5 Likes

@Keepasser Yup, agreed.

This is needed, I wouldn’t trust any login attempts from countries I’m not living in or visiting. Chances are, that’s not me.

Please block login attempts based on an user defined list of “allowed” countries.

2 Likes

Would be really nice to see this built in.

One of the options in lastpass geo list is to block VPNs… I know that wont work on a private VPN you’ve setup yourself, but they do an OK job of figuring out the endpoints from the commercial VPNs and blocking those if you have that ‘country’ turned on.

3 Likes

Agreed. VPN can defeat this for real threat.

It doesn’t matter if VPNs can defeat this. If you do it the smart way, you still make it harder for people to log into your account and that’s what matters. Let’s say you live in Turkey. How is a bad actor going to know what country to use? Is he going to go through a dozen VPNs to get into my account? Probably not. Is Bitwarden going to TELL the bad actor what country they need to be in to get into my account? Not if they do it right.

1 Like

Yes, the feature would prevent some attacks, but it would basically prevent untargeted attacks and not directed ones since someone can bypass it using VPN or TOR. Is this a useful feature? Yes. but not as useful as improving Autofill. LastPass is the only password manager who implement this feature that I know of.