Register Without Email

Please add an option to register without an email address and as an alternative you can register with an username and password. Of course by doing this option it should warn you that there is no account recovery if you forget your username or password. And username accounts should not allow any automatic renewal on payments.

I would like to use an open source cloud storage password manager but I cannot find one that will have email as optional. VPN providers like Mullvad and IVPN allow for registration without an email.

To prevent abuse of people signing up without an email and using the premium features for free there are a few ways to do this.

1. Registering without an email will not grant you any free trails of any premium features. Only registering with an email will allow you a free trail on premium features.

2. Registering without an email will require a one time payment when signing up to prevent many empty accounts from being created.

There is no account recovery option with Bitwarden as they don’t know your master password to begin with. No password manager should allow you to reset your password by email anyway.

As of now, you don’t need to enter a real email address. Bitwarden will ask you to verify your email but it won’t force you to do so. You could use 33mail or https://simplelogin.io/ to create a burner email and verify the account and turn those addresses off. Both of them are free.

The only thing the email is used for is letting you know of new devices logging in and other warnings. It’s also used for getting invited to an organization too. So there is no need to use a real email if your threat level is that big.

Should Bitwarden allow user to set username in account settings instead of using email for logging in? This option is interesting for anyone using vault as the first online account.

You mean creating an account without an email address?

Kinda, or just simply having the Username field in account settings, and add username as additional login identity beside email.

Try voting for this feature: Add "Username" and "Email" as separate entries

Alas, the fastest way to get a feature is to implement it yourself. ::

It’s kinda a bit different, this thread is about account & login form of Bitwarden itself

I love this feature request

Bitwarden should allow adding username in profile for logging in. When the vault is the access point of everything, email doesn’t exist first in theory.

FYI, there is a similar Feature Request (proposing an option to hide the email address), in which @tgreer had suggested implementing an account “nickname” as an alias for the email.

However, I think that you may be suggesting something different. FYI, the email address is required to deliver notices about failed login attempts and successful logins from new devices, as well as reminders about subscription renewal; in addition a verified email account is required to enable the Bitwarden Send feature.

Hi,

Can you add a way to disable your email as a login. So, when you first create an account after signing up with a email.

Can we have an option in settings to disable the email login and then for a way to create a unique username that can be changed anytime (as long as that username is not the same as other users to avoid conflicts with other users). To then login into the Bitwarden account with just username and password?

As if this is added it would add greater security. As, now if an attacker knows your email they cannot gain access unless they know your username.

As it would register as account not found as the way to login with email would be disabled and now the username would be required to login.

Thanks

Most email providers support plus addressing. With it you can set your Bitwarden login to be something like "[email protected]. Then, a bad actor would fail due to “User Not found” if they tried to login with “[email protected]”.

Yeah I understand that. But the issue with that is. You can’t create reply emails from a plus alias. You can only respond if the recipient is the one to initiate the conversation with said plus alias. Or when you find a contact email form to put in your details. Thankfully Bitwarden does have one.

If it were a username it would be more secure than using alias emails that can be phished. As usernames can be totally random and not linked to anything. Like a user can make a username “dog6473” or if they want a more secure one “ajfhrudj3672gsh”.

Usernames would be the better alternative to emails. As they can be completely random and you can keep the email the same even if breached. As you know your login username and the attacker doesn’t which makes it more secure.

Even if I were to make my email a plus alias like

Randomuser+bitwarden@gmail

Or

Randomuser+gdakei629@gmail

It still defeats the purpose as they are going to figure out the email part anyways. Randomuser is the default part of the email. So technically what the user is doing is yeah still gonna be more secure with an alias. But now they lose the advantage of sending out an email from that alias to solve issues and if caught up in the data breach is still gonna have the email breached. So the user might as well just use their email with no plus alias.

So why not have a setting for a username to be the only way to login? So that even if the email is breached knowing the username is the only way an attacker could successfully locate the account.

They could even have a email, username, password, combination. That would also be more secure than default email and password.

The user having options would be a great addition.

Like having:

Option 1 (Email and Password Setting)

Email:

Password:

Option 2 (Username and Password Setting)

Username:

Password:

Option 3 (Email, Username and Password Setting)

Email:

Username:

Password:

To choose from

Check out this URL: Can I send email using a plus address? - Gmail Community

That is the reverse from what you initially mentioned. It too is possible, through the use of anonymous email services.

I understand your opinion.

But a username is still superior compared to an email (especially since emails can be used to contact and phish you with). Whereas a random username is just that a username and no way to contact it via email and no way to know it. Unless the service is breached and you tell someone.

Therefore a username that is in-fact totally random and not related to any personal facts about the user or their email is by far more private than an email. As it can be changed easily and monitored efficiently.

And to your point about anonymous email services. I am not personally going to use some anonymous email service to use for one account. Especially if it needs to be a paid or free like DuckDuckGo. I am going to stick to my public email like every other ordinary individual that uses the internet and is not overly paranoid about having to have separate emails for each account (and yes you do not need to be paranoid to use anonymous email services, there are security advantages, which I understand. But not everyone needs them if they practice good cybersecurity hygiene like using a password manager to create strong unique passwords on every site etc)…

That is where a username solves that issue of a user using one email for security. Especially if the user likes to keep a watchful eye on data breaches. As usually keeping one email is better for the user to get to know exactly what data got exposed from what service and it is also easier to track. Also using one email is better for data removal services.

If a user is using separate anonymous email aliases for each site they will not know of certain information being breached especially if they deleted that email long ago along with the account as they will not have access to it and if the user never kept note about it for that service. So the user would not know how to take action for that data being exposed. Since hence the account being deleted or alias.

So, how would they know if the service still had their information etc. As deleting an alias email would leave it impossible to ever receive an email about the data breach. Especially also if they deleted the account as maybe 10 years down the road. If they decide they may not need the disabled email anymore. The user then decides to delete it. But then the company gets breached and surprise their data was in that breach, even though it was 10 years and they thought since their account was deleted the data had been too since it past the amount of time in the privacy policy. That is why personally I believe a user should always use just one email.

So, maybe some people prefer that method. But it is expensive and unnecessary/time consuming to keep track of. As these anonymous email services usually get you banned or your account suspended and then you have to submit a personal request to get it reinstated (cough, cough, EA and GitHub etc)(Personal Experience).

So, that is just my opinion and personal experience. If you like to go that route that is fine and you are all but able to. Hope this didn’t come off as rude as I am just trying to state my opinion. As aliases are just not for me.

Sorry for the rant I didn’t know how to explain it any other way.

I do thank you for the Gmail alias information. Didn’t know that was possible. Still won’t sway me to use aliases though as it is just not my thing.

But I do thank you for the discussion.

@dandeankook @anon78408789 I have merged your feature requests into an existing feature request, to consolidate all votes and comments.

Per earlier comments, it is possible to use a fake email address as your Bitwarden login username (or to use a temporary email address that is disabled after verifying the email). There are some drawbacks of using a non-functional or non-verified email address for your Bitwarden login, though, so the request for a username feature is well taken.

Wanted to add my vote to this. You can still keep the email that can be used for communication like login attempts but I want the ability to disable signin via my email.