I hope they block it, but when it comes to security, it’s better to assume the worst-case scenario.
It’s impossible to know what or how the attacker will do what they do so it’s better to assume the worst.
When we assume the worst we see that the number of possibilities for geo-blocking is 195 countries while compared to TOTP 2FA the number of possibilities is 1,000,000 every 30 seconds. So it’s better to go with TOTP 2FA than it is to have geo-blocking. Bitwarden already has TOTP 2FA for every account for free and thus no reason to have inferior geo-blocking.
I use 2FA but I’d still take GeoIP block as another measure on top of that.
I don’t get why you guys are against this or think we are solely depending on this to protect us. I want GeoIP as yet another layer or protection. We may get it or we may not, but I’ll take it if they offer it.
I am against it because a GeoIP wall provides negligible protection for the vast majority of BW users. I would much rather have the great folks at Bitwarden pour their limited resources into implementing other features that will make a real difference, like TouchID on all eligible devices and apps or FIDO U2F support for all apps, etc.
IP address geolocation often can be inaccurate. There is nothing tying an IP address to a physical location. You are dependent on arbitrary IANA and other records
If you forgot to disable this functionality and travelled to a different country or accessed from an IP that was incorrectly attributed to a different country, you would lose access to your account
For this to be useful as a defence, the logon failure message would have to not specify the cause of the failure. Otherwise an attacker would just hop onto a VPN to bypass the control. In doing that however would make it very hard for legitimate users to understand why their logon was rejected
Perhaps make it an opt-in option for those who want it and are consciously accepting the risk they could be locked out of their account against their intentions. I could see this being a support nightmare.
IP address geolocation often can be inaccurate. There is nothing tying an IP address to a physical location. You are dependent on arbitrary IANA and other records
Geolocation for IP addresses is used by major companies - Google, Amazon, and Microsoft all redirect/adjust their interfaces according to geolocation received from the user’s IP address.
Also, many of the major CDNs (Cloudflare and AWS Cloudfront) allow users to limit entry by geolocation, which is derived from a user’s IP. This is the vast vast majority of the web.
If you forgot to disable this functionality and travelled to a different country or accessed from an IP that was incorrectly attributed to a different country, you would lose access to your account
Simple VPN can help with that, otherwise it’s similar to forgetting your master password (only that you can access your account once you’re back, making it much less severe).
For this to be useful as a defence, the logon failure message would have to not specify the cause of the failure. Otherwise an attacker would just hop onto a VPN to bypass the control. In doing that however would make it very hard for legitimate users to understand why their logon was rejected
How would an attacker know which VPN they need? Would they be trying VPN servers from 120+ countries until they get lucky? Sounds impossible.
Blockquote
I don’t think people who use Bitwarden are likely to leave that many breadcrumbs for people to find about them. I don’t even have a single social media account, for example. The email address I used to sign up for this forum is ephemeral, even.
So you believe that any average person, or even a less technical who swallows the LP marketing, is also the person who would pick a dedicated email for their password manager. Well you are free to believe that, I’m not going to try anymore
Yes and they get it wrong frequently. I extensively use Microsoft cloud services from Azure AD to Office 365. Every authentication through Azure AD is attributed to a location via IP address geolocation. It is wrong often. Most of the errors are the state not the country. Country attribution is reasonably accurate but not 100%. Just because an IP range is assigned by an RIR doesn’t mean it is necessary used where expected.
Assume you mean which VPN end/exit point. If it was a random attack, they wouldn’t know. If it was a targeted attack, then they likely know your country of residence or where you are currently located… you know via that thing called IP geolocation
Assume you mean which VPN end/exit point. If it was a random attack, they wouldn’t know. If it was a targeted attack, then they likely know your country of residence or where you are currently located… you know via that thing called IP geolocation
I’m only talking about random attacks, which are by far the most frequent (db leaks, bots, etc.).
@dangostylver There is a difference between 2FA and GeoIP. If the attacker needs your 2FA to access your account, it means that the attacker already knows your Master Password, and you wouldn’t know that it’s compromised. Also, not many people use 2FA or a strong master password, as 2FA is pretty inconvenient and most people value convenience above security. The average Master Password is probably only around 40 bits. NIST recommends 80 bits and above.
But if GeoIP is enabled, the attacker doesn’t know that the Master Password he/she tried is correct, because Bitwarden would just say that the Master Password/username is incorrect. The attacker would need to try 195 times all the guesses to be sure that the guesses are incorrect, which would significantly increase the attack time. Bitwarden should also notify the user that the Master Password is compromised, but that the attacker wasn’t able access the vault because of the wrong IP address. This would allow the user to change the Master Password before the attacker finds out.
Also, blocking using IP address is a common practice. If you use a VPN (from a different location) or Tor to access your Gmail or Outlook account, you wouldn’t be able to access it without verifying with your recovering email/phone number.
In the end, it depends on whether the Bitwarden Team views this as a priority or not.
For somebody smart enough to hack, and wanting to get to your vault this is not going to be a stopper, it is not even going hinder them. It is comparable to locking you front door, and leaving the backdoor open.
We can have ALL of those things, you know. I don’t get why people think this is all we want to protect us…
Of course. Nobody would want it any other way.
We would never want it done by state.
Yes! This is the greatest benefit to Geoblocking. Anything that slows down an attack might be the difference between success or failure.
Hate to break it to you but the majority of people who take people’s accounts can’t hack.
And if somebody foolishly left their auth key next to their master password in an unsafe place, which happens even to users of password managers, the only thing that might help them is being in a country that is Geoblocked to a random password farmer, giving the user time to change it and their auth key when Bitwarden notifies them that somebody was blocked from using their account by GeoIP.
If somebody did that then they are foolish. I have made many mistakes over the years, but I am most unlikely to leave one of my security keys next to a copy of my master password, all in a public place.
100% agree. Also, the following Password Managers offer some sort of IP restrictions:
LastPass, 1Password, Zoho Vault, ManageEngine, RoboForm, One Identity.
The security benefits are clearly substantial when so many companies have adopted these policies.
It’s a no brainer. The more layers of protection you have, the better. So this is a useful and desirable feature.
Does it prevent a dedicated attacker from hacking your account? No. But it’s another layer, another obstacle - however small - for them to overcome. Another possibility for you to notice something spurious going on and for you to be able to take preventative action.
I can see no downside to providing this capability. Your account is not weaker if you get alerts about login attempts from barred geo locations!
