At least for the premium version. Although I suppose it would not be such a hard feature to implement.
Maybe as an extra step, send an alert email to the registered account. (I always sync my main account for security reasons).
This would require the camera access of course, but only if the user would allow it in the options menu.
That would be difficult to implement, but would be awesome to see.
However, I foresee a problem with this. If someone is using the Chrome extension or macOS app, the security features of both would ask if you wanted to allow Bitwarden to access your camera. There would need to be a way to preemptively authorize their use so that the popup wouldn’t be received when someone is trying to break into your account.
If someone is trying to remotely access your account, this couldn’t be circumvented to my knowledge. So if someone in Russia is trying to hack into your account, more than likely they would see a popup to allow Bitwarden access to their camera, deny it, and then it would be circumvented.
The only way this would work are on devices where you’ve previously used Bitwarden and authorized camera access.
Please don’t let companies make apps which take pictures of users if they are not pressing the shutter button themselves. It always starts with a logical, reasonable use case such as safety or security.
Any real attempt to break into your vault is not going to consist of some hacker furiously typing password guesses into the Bitwarden login page:
At best, you may catch an ex, a roommate, or a disgruntled employee making some futile attempts, but more likely, you will get pictures of yourself in full fat-finger mode. A real attack will be done off-line, or automated using a botnet, or using social engineering, etc.
are you suggesting that social engineering isn’t when someone would steal your phone? have you ever worked in jobs with w lot of people around? have you ever been in the army? have you ever tried using public transport in busy cities like Athens / Thessaloniki?
surely I would not write such an answer before thinking through what each person goes through in their everyday Life.
Also I don’t mind having pictures of myself in my gallery, as I can easily delete them in less than a second.
I don‘t always agree with @grb but he‘s right with his point. Such a feature would be pretty useless.
There are many problems with it:
You mistype the pw and the picture gets sent over the internet to your inbox. (Your gallery has nothing to do with it.) That‘s a lot of possibilities for someone to intercept the message and you‘d need to delete the picture yourself - isn‘t that annoying?
The security benefit is very limited: If someone already got your phone in an unlocked state and your master password, then you‘ve already lost.
It doesn‘t work if the thief covers the camera or simply removes the permission in the settings.