Fair enough. For what it’s worth, I do also agree that measures and authentication schemes like passkeys will far surpass any layered security approach. However, given that similar schemes like FIDO U2F have failed to gain traction in the past, I really think that these layered approaches will tide over the regular user until such authentication schemes become widespread.
Restrict account access to certain countries/IP ranges
Disclaimer
I would like to contribute to this technical discussion, I hope to make an interesting view for most people. I do not work for Bitwarden and have no connection with the company. In my case, I’m a Bitwarden user and would like to contribute with some ideas.
These ideas are not intended to endorse any position of the company or mine, they are just concepts about the feedbacks I read here. I am not a lawyer, judge, prosecutor, law student. So this text can be corrected or improved or improved by those who understand this subject. So if something is confusing or bad, look for your lawyer.
This feature is something interesting and controversial at the same time. You all can agree or disagree with all or some points of view here, but leave your comment and opinion. I would be happy to hear all positive and negative opinions about these views.
I could be wrong, so don’t take all these views too seriously. I think we should add or think of more points of view. Before this feature is implemented or not.
Ideas
1. From the point of view of the jurisdiction or law of each country
This is interesting because it makes it possible for the Bitwarden password manager to comply with the jurisdiction or law of each country, since in theory when you log into some website, you are logging into a server in some country, and each country has a specific jurisdiction or law too.
2. From a GDPR and legality point of view
GDPR requires that all data collected on citizens must be either stored in the EU, so it is subject to European privacy laws, or within a jurisdiction that has similar levels of protection. Additionally, it applies to both data controllers and data processors so, whether your organization uses or provides a cloud service that processes EU resident data, your company is directly affected. In this case, to be in ‘legality’ there should in that case be a restriction of access to the account for certain countries/IP ranges to comply. Because people who are outside the EU should in theory not access Bitwarden.
3. From a digital security and legality point of view
This is controversial to think about. Because, in theory, this may or may not just be a ‘false sense of security’, as an attacker can and probably will be spoofing your IP via some other route as advised or suggested by @kspearrin. At the same time, this creates a legal loophole, as the applicability of the law of one or more countries would not be met.
4. From a design, user experience, usability and legality point of view
If this feature is added, maybe when you travel, you will be blocked or prevented from accessing the password manager. This is bad, because the user would have a bad experience using the password manager.
At the same time it is illegal from a GDPR point of view. Because in theory you should access bitwarden according to your country of origin. When such access is not possible, a VPN or proxy etc specification must be selected for this. Or if this is not possible, access the country where you are in fact, if you are traveling.
5. From a data centralization point of view
If you change the account or restrict access to certain countries/IP ranges, it becomes ‘impossible’. The bad thing about this is that certain places or emails are banned, even when that access is certainly legitimate. Because, this creates a centralization of decision making, it is something similar to the allowed or not allowed lists in email.
6. From a privacy, anonymity point of view
If this feature is added, it might give something minimal to people who want greater privacy, control, and anonymity. It would be ‘impossible’ from a legal point of view to know where the data is stored and which ‘country is responsible’ for that data. And this generates a false sense of security, as you cannot be absolutely or minimally sure which country would be more or less safe for you to store your data. We should, in theory, have a way to avoid being identified as a user.
7. From the point of view of the applicable jurisdiction
There are countries that, despite having some specific and constitutional jurisdiction, do not always comply with that specific and constitutional jurisdiction. So much so that, after the leak of the Snowden documents, there is still some concern on the part of users, companies and other governments regarding the trust related to ‘data residency’ vs data ‘sovereignty’. For example, if users store login data for each site, and each site is stored in a specific country. In theory, you should have a restricted access account to certain countries/IP ranges to avoid any legal issues down the road. At the same time, this is problematic as it creates a legal loophole in each country’s jurisdiction and even with the GDPR.
This is how lastpass have implemented this
Restrict LastPass access to specific countries
Anyway for the enterprise version of bitwarden this is a must have. In my sector this is a basic requirement for any cloud app.
So you can only log in to the company cloud apps though your coorporate cloud web proxy (Zscaler, Netskope, etc). What you do is to add the IP’s of your proxy to all the cloud services. This is a basic layer of security
1 Like
Hey everyone.
Something I would like to complement my point of view in this discussion would be to say that current browsers like Google Chrome, Firefox, Vivaldi, Opera implement the idea of connecting with a proxy or vpn in their software. Would it be possible to have a configuration in Bitwarden, where I can decide where I am, if I can add a connection proxy?
Every time I get one of the “Failed login attempts detected” emails (account given additional protection like captcha, usually the IP is from the same obvious culprits), I am reminded of this topic. I would feel much more comfortable setting a whitelist of countries, blocking all the rest. But I understand if this is not considered critical, or its more complicated than I realize.
Hi @vanontom, Welcome to the Bitwarden community! You might want to consider setting a unique email address for your Bitwarden account 3 Tips for Extra Security with Your Bitwarden Account | Bitwarden Blog
First, while the bad guys can use a VPN, this requires them knowing which country corresponds to my account.
Second, why not restrict login to 50 miles from my home IP (or others I whitelist)? If the bad guy’s VPN has them in California and my login is restricted to Ohio, they can’t login.
1 Like
“Second, why not restrict login to 50 miles from my home IP (or others I whitelist)? If the bad guy’s VPN has them in California and my login is restricted to Ohio, they can’t login.”
I really like this idea, not just for Bitwarden but as a general security measure you should be able to opt-in for all sites. This simple measure would really help increase security in a very simple and hassle-free way.
An attacker can’t easily know the specific 50-mile-radius geo location for a given account. Quite brilliant. Of course this would be a user-configurable setting they can adjust and disable as they like.
Say I am in small-town Kansas and I want all logins outside of said small town completely blocked. Surely this would dramatically increase my security? Of course I would be able to disable it before I do any travel and/or adjust it as needed.
Good comment I read:
"When you build a castle, do you forgo the moat around it because the castle doors have locks?
Security happens in layers."
Exactly how I feel.
Geo-IP blocking is my router’s problem, the proper place to localise such protection in my view. Based on observed attacks, if I used it I would have to block USA and much of Europe rather than the usual suspects, so I do not bother.
This is not a router issue. It is about deciding which IP addresses at a given time are permitted to sign in to the vault. It is an excellent feature not only for Bitwarden. In other words, allowing the user to configure a firewall of sorts around their vault, but with simple and easily implemented code.
One more protection layer, like a moat around a castle.
Yeah, firewall geo-IP blocking implemented on Bitwarden’s server hosts configurable by each user in an easy way. Interesting to know what happens if you forget to reconfigure it before travelling. Is there an unblocked VPN exit locally to your home? 
My solution would be to VPN into my home. I use my router for that.
I was making wry comment that attacks are as likely to come from next door or your nominal friends.
My own IP appears as being in a city of millions hours away from where I actually live, so there would not be much point hoping there were no criminal classes there, and mobile devices can appear all over the place of course.
“Interesting to know what happens if you forget to reconfigure it before travelling.”
You would use a recovery code to whitelist your current IP.
If your IP appears as being millions of hours away from where you live, that is how you would configure your Bitwarden firewall.
Remember this feature would be opt-in, so if you didn’t want it enabled you could have it always off.
This simply is a layer of security. Google’s data centers have 6 layers of security: The 6 Layers of Google GCP Data Center Security - ServeTheHome
Security layers makes sense for a security product holding and protecting our highest value assets.
1 Like
Still relevant. Still want. Also, go ahead and send the IP to a security service that will investigate the transgressing IP and maybe even put that IP on a temporary block list when it gets reported enough times.
1 Like
With the advent of starlink (and upcoming sat services), you’d need a larger range, but still YES.
1 Like
For years, LastPass has offered geo-restriction. This seems like a dirt simple safety feature to offer.
Has BW given an official word on why they have not done this or their plans?
1 Like
Agreed. It makes so much sense for our Bitwarden vaults. It should be flexible and configurable so that end users can play with their own moat around their vault. I like the idea of layers of security working together.
BW Admins ------
Any chance we’ll be able to restrict login by country (just like your competitors do)?