New Device Logged In From Chrome Extension

According to this post (which is about something else):

… it is possible to get an email when logging in via the extension. I like this feature but I’m only getting the email when logging into the web vault. Have I missed a setting somewhere?

@Interweave Hi!

I’m not a hundred percent sure, but please check the following:

  1. Either you are still logged in to the browser extension and only locked it (and unlock it then) → then your device is not “new” and didn’t log in (because it is still logged in, when only locked)

  2. Or I think, if there is cache/cookies and/or you “remembered” the 2FA, then the device/app is still known to Bitwarden, hence no “new device logged in”-email…

However, there is no setting for these emails. It should be automaticly triggered with every new log in - as I said, as long as the device/app is not temporarily bound, as I would call it now…

1 Like

Hello, and welcome to the community!

Like @Nail1684 has said, there is no setting. BW does keep track of whether you have logged into the client. The way to experiment if you are having problems getting emails because of the extension login or not, is to log into the web vault and deauthorize all the sessions (make sure you have your master password and 2FA handy), getting rid of the tracking states. Then, when you login the next time from other clients, you should get an email.

3 Likes

Thanks @Nail1684 and @Neuron5569 for your replies, it gives me something to try out.

My reason for being confused is also because my extension security settings are:
Extension-Security

AND… every time I close my browser CCleaner removes any and all of cookies and temporary files.

BUT… I’ve been logging in with VPN enabled - I don’t know how you do it(?) - but I’ll try deauthorizing all sessions and only login with VPN off.

Also (this is another topic and may be related to the VPN, I don’t know) but when opening the web vault and setting the preference for timeout to fx. 1 hour. Then by closing the tab and right after opening a new going to the web vault, I’m asked to login again. As I’m writing this, I’m thinking it could also be the shortcut I’m using… hmm… (Bitwarden Web Vault) although it doesn’t seem to say anything about login in the URL. THEN it must be some Brave security thing.

I also use CCleaner. I don’t think the cookie clearance affects the extension. I think the device’s states the extension saves are not cookies, but along the same line as other preferences it saves across logins.

Changing an IP address (as in VPN, CGNAT, etc.) doesn’t affect how BW sees if you log in from a new device either. I have tried looking for the code in the past what info it uses to determine if it’s a new device, but I lost patience/couldn’t find it. So, maybe one day somebody will be curious enough and post info for us non-coders to see!

Regarding closing the tab that seems like a logout, this would make sense from the standpoint of the app not really being a cookie-only-based app, because it needs your encryption key which is kept in memory. Once you closes the tab, the encryption key is gone, and you need to provide the master password, etc., to load the key in memory again.

1 Like

Makes sense that it’s not a cookie when thinking of security and malware grabbing login cookies.

It’s good to know that it should work - although, can be annoying if I can’t figure out why :wink: but I’ll keep my VPN on and about the web vault I just figured I can pin the tab and then it’s all good for as long as I have my browser open. Maybe then, if I leave my computer for the specified time period, the vault will lock.

Alright. Something interesting.

Adding the extension to Chrome and Firefox - and logging in - then I get the notification mail with “New Device Logged In From Chrome/Firefox Extension”.

(… deleted at bunch of text here, tryouts and thoughts and stuff).

For now I know that in all my browsers it only works with the 1st login after installing the extension. So it does work - I just have to figure out why it’s only the 1st login.

… or go and vote for one of those requests about logs of sessions etc. :wink: