Hello,
I’m wondering if it’s a coincidence that (from my perspective) there are increasing problems with using Bitwarden (backend) during the last 1, 2 weeks? Or is this “normal”?
Two users in this forum report unauthorized access to their vault (presumably, but not entirely certain, their own fault)
And now, I just tried to unlock the app (Windows) using another device. It worked before, but now it doesn’t. There’s no notification in BW iOS (about the request), and after a few seconds, the app (Windows) reports that an error has occurred (all 2025.4.x versions).
I would like to update - but “how”? I mean iOS App Store, Bitwarden website (for Win), browser plugin still offer 2025.4.x., and no updates for 2025.5.
Sorry, I wrote “2025.5.x” in a general meaning for “current versions”. Obviously you can only update to the respective latest (released) versions of any app. (those “latest versions” for any app can best be found on GitHub - only the mobile apps get sometimes released in the “stores” first and then on GitHub…)
The browser extensions should be all on 2025.5.0 now (probably with exception of MacOS/Safari ).
Also the Bitwarden from the App-Store is not 2025.5 - I checked this morning and no update available. I assume that with the app update also the browser extension for Safari will be updated (which is also still 2025.4.x).
I think we somewhat get questions about account breaches regularly, although these ones are post new device verification.
From my personal point of view, BW releases can be buggy. You may be fortunate not to have run into them. I may be unfortunate for running into them enough that I don’t update without seeing the bug reports first. Eek, but this still seems pretty normal.
@mutilator : I recommend the read these two posts (if you have not done it), very interesting and, I think so, important for all users - to try to avoid some “mistakes” in the future. I used this to check some settings and also to some side aspects. Like I had the Bitwarden login info saved in the DuckDuckGo password vault (which is also in sync with the PC at work) - do I really need it? Then I found in the DuckDuckGo password vault some other, older password entries - made a spring cleaning here. So, I used these two cases to check the “settings” for Bitwarden, Firefox …
On the webiste of Bitwarden I can download 2025.4.2 for Windows. I think it is a little bit strange that users should update to 2025.5 (for the new device login protection) but even Bitwarden does not offer this new version on their own website. I used the update function of the Bitwarden app (Windows) and here again: You are using the newest version of Bitwarden 2025.4.2. Browser Extensions (e.g. Safari) is also on 2025.4.0, the MacOS app, the iOS app also … Only 2025.4.x. Very confusing.
Where is written that you should update to 2025.5.x for the new device login protection?
(I should have better written 2025.4.x/2025.5.x – but again, I already tried to clarify, I more or less meant, you should just update to a current version, since you wrote 2024.4.x in that typo…)
Yeah, indeed, it would be simpler if every last (and “same”) version of every BW app would have the same version number and would be released all on the same day only. But here we are.
PS: I just saw the updated “forum announcement/message”:
No password manager is immune to “hacking” if any of the following apply:
The vault password is not sufficiently strong (e.g., not randomly generated with the help of a cryptographically secure pseudorandom-number generator or a true entropy source, such as dice).
The vault password is not unique (i.e., it has been used for any purposes other than logging into or unlocking your vault).
The vault password has ever been disclosed (whether intentionally shared, or accidentally leaked, or stolen via a phishing scheme or “shoulder surfing”).
Your vault has ever been accessed on a compromised device.
Your vault password has been digitally stored in a compromised device.
Your devices have been accessed by other individuals.
etc.
End-to-end encryption is no magic solution — each end user must still take responsibility to keep their devices and vault password secure. This is true in Bitwarden, and it is true in any other competing password manager product.
@Nail1684 : I also read it and found it confusing. Because it is not clear enough saying “very old versions”. What are very old, or just old versions? We all know, use, read version numbers. So it should be possible to make a clear announcement, which version numbers are supoorted and which ones are not.
Well, in the end it is not a problem. But in such security aspects it should be clear and simple/easy to understand info.
PS: I just saw the updated “forum announcement/message”:
@mutilator : Here you get all info about this feature:
I recommend to have a look at the help/support section regular. I do it also from time to time and I discover something new, something I have not known before.
@clausimausi already provided the relevant link, but in short, I would say the “NDLP” is an email verification for “new devices” you try to login with/to (additionally to the email address and master password), which is mainly (/only) active for your Bitwarden account/vault, when you don’t have any form of 2FA activated. (as an additional protection for those BW accounts without 2FA)
(those “latest versions” for any app can best be found 
).