Notify user on login with correct Master Password but none or incorrect 2FA

From Reddit:

It would be really nice if Bitwarden notifies the user (through email) whenever a new login happens, regardless of whether the 2FA was entered or not, as long as the Master Password is correct. This would mean that the 2FA is now the only defense against hackers
The OS version, time of Log in, and the IP address should be included in the notification. The notification should also specify whether it was a full login (with correct 2FA), or whether its only the Master Password that was correct.

This would give the user a Chance to Change the Compromised Master Password before the Vault gets logged into by the hacker and all the passwords get stolen…

I am very happy that Bitwarden notifies on every new login. However, if an attacker somehow got both the Master Password and the 2FA, it would be too late. All the passwords would be stolen…
It would be best that the user can know that its Master Password was compromised, before the Vault gets logged into by a hacker. Bitwarden should always be one step ahead of hackers! :grinning:

If Bitwarden’s Cloud gets hacked, the 2FA wouldn’t be of any use, since the Compromised Master Password is the Decryption Key.

Hope to see this security feature implemented soon! :slight_smile:
Thanks a lot!

A post was merged into an existing topic: Security email alerts

A vote has been moved.