Email user if master password, email, or any settings are changed

I’ve noticed that we don’t get an email if we change our email, master password, or Encryption Key Settings.

This seems to be a big deal that has gone under the radar. You would not know someone has gotten into your account and made changes because there is no email to alert you of any changes. Someone could sneak into your settings and change the email to something else without you knowing thus locking you out of the account.

If you ask me, any changes made in the settings should send an email.

At least the “My Account” panel of the settings page should send an email if any changes are made.

I would enjoy the addition of that feature as well. On the bad side; IF someone gained access to your vault file they could export the entire contents in seconds. It would likely be too late to prevent a major hassle for you. You would be aware but the “horse is out of the barn”. U2F is your best stop gap at this point. Still, good idea.

Very true!

But the getting the email would help confirm what problems you’re having.

I saw this on the sub reddit and was shocked it was not a thing https://www.reddit.com/r/Bitwarden/comments/hv77er/bitwarden_will_not_accept_my_master_password/fyrisf0?utm_source=share&utm_medium=web2x

A really useful feature that shows its value when something is changed and you cannot recover easily.

For me it’s not only about knowing that something has changed, but also knowing what that change is and with access to my email reverse it. Emails that tell me that my email has changed, to what it has changed, and providing the ability to reverse it can be extremely useful.

The scenario is not only somebody else changing something, but also myself making a change to my email and messing it up, without knowing my new address (speaking from experience :sweat_smile:).

1 Like

We’re working on a bunch of good stuff this quarter and next, but we do have this one captured :slight_smile:

4 Likes

Any update on this?

It’s still on our radar, but not active just yet - we are working on email function updates in general, too.

You’ll see activity for this issue in one of these places:

1 Like

This was standard with LP FREE. TY. Your site is based on security. Odd.

I just started using BW when LP made FREE disappear.
The security features you suggest were standard operating procedure in LP FREE(except for settings). If you changed a password or your Master, you got an email within a minute.
Let’s hope they see this as important as LP did.
Thanks for posting.