Deauthorizing sessions = new device login emails?

I recently deauthorized all sessions and then logged in again (web vault, mobile app). I did not receive “new device login” emails which indicates that deauthorizing does not reset device history on Bitwarden’s end.

Assuming this is indeed by design, I find this a bit troubling because I may deauth all sessions but if a bad actor has a way into my account then they can re-login on their previously logged in instance and I will not get a new device login email.

Do I have that right?

1 Like

I am definitely interested in reading a response on this from Mgmt.

Thanks for the discussion all, these are two separate processes, but feel free to post any enhancements/feature requests for voting/discussion.

I noticed this to and I think this would be a great to add this. I noticed someone logged into my account and I went to deauthorize sessions…and since changed my password. But I have no idea if they logged back into my account.

I don’t get notifications if I log back into an account after is deauthorized as well.

FYI, this topic is closely related to an existing feature request:

You may want to add your comments and vote there!