Most of the apps have this nice feature that you can see how many devices you are logged in and the type of the device , and i think that it might be amazing if bitwarden have it , basically you get to see in how many devices is your account active and you also get a choice to delete that session from the setting .
Iām out of votes, but I like this idea.
@kspearrin i hope is this feature get your attention.
I would say that an extensive logging should be made visible to the end user:
-
current connections
-
device names (with white-listing and black listing if device is lost)
-
ip addresses and geo information
-
detailed loging information that show when is logged in, with what device and from where and if the login was successfull , when a password is copied, changed, viewed
-
a daily/weekly report the mailbox of the user
I think this feature is absolutely necessarily when rotating your encryption key, per the help article: rotating your accounts encryption key:
Because your accountās encryption key changes, any old sessions with a Bitwarden application that you may be logged into with your account will still have the old, incorrect encryption key. If you make any changes to your accountās vault data with an old encryption key, that data will become corrupted and unrecoverable. After rotating your accountās encryption key it is very important that you completely log out and back in to all Bitwarden applications where you are using that account. Logging out and back in will ensure that your account has downloaded its new encryption key.
Iād like to be confident that Iāve logged out of all my devices but without a list of them, this is hard to do.
@tgreer
Should this be merged into Session management? Seems like itās a duplicate. Thanks!
@bw-admin when will this crucial safety feature be available? Currently, being able to disconnect all sessions is not an optimal solution because you often only need to check which devices are connected to your account, and eventually disconnect the unrecognized one.
Thanks @fabriziobagala this feedback has been passed along to the team.
I want to keep this topic alive. @bw-admin is there any news on the implementation of this feature?
Hi @fabriziobagala - thank you for confirming the continued interest in this feature. The request was passed along to the team earlier this year and everyoneās patience is appreciated as they continue to balance all of the great feature requests received from the community with available resources and other priorities.
Has there been any progress or news about if they will implement this?
Just had a bunch of emails saying someone trying to log on my account and it enables captchaā¦ would be good to see which devices that have been accepted/logged on.
Bumping this as a key necessary feature
Hello! I have been a user of bitwarden for a few years already, but just created this community forum account to mention a feature that I feel is lacking - that there is no way to see all of the devices that are logged in and also no way to invalidate each logged in devices (I understand that we can invalidate ALL logged in devices via the Bitwarden web vault).
Would this feature be in the roadmap/considered for Bitwarden?
Hi, Iād like to make a request to alter an existing feature.
When deauthorizing sessions, Iād like to be able to deauthorize sessions only on devices that I no longer use, or have been lost/stolen, while retaining the sessions that I need.
Question: When deauthorizing, can you then log back in on one of the deauthorized devices / sessions?
@MarkW Welcome to the forum! I moved your post into an existing feature request on the same topic.
Deauthorizing sessions just logs the devices out (and resets the option to waive 2FA, if you had enabled this using the āRemember meā option when logging in previously). You can log back in by providing your username, master password, and 2FA (if configured).
The roadmap was recently updated to include user session management under research, which will include the ability to deauthorize specific devices rather than having to deauthorize all devices. This will also support SSO onboarding improvements as well as the feature, SSO with trusted devices, if any of you are looking into this for your organization.
Will update this thread once the team has started development!
We need the ability to view an active session log that shows all active Bitwarden sessions with as much device information as possible. That way rogue devices can be detected. An active page/portal that shows live sessions under the admin console would be welcomed as well.
Hi @gtran , is there any news on the development of this feature?
I agree this feature is needed, and should be considered a top priority. Iām new to BW and have been looking for this feature on the web extensions, desktop app and web interface. A āpanicā button on all devices (web extensions, mobile and desktop apps, web interface, etc.) that would immediately log out of all sessions would be important to have. Iāve read that this is somewhat available on the web interface, but Iāve still not been able to find it. Itās surprising this feature is either missing or so hard to find.
Update: I just found the āDanger Zoneā on the web interface. Nice to know this is here, but it would be great to have this available on all BW apps (web extensions, desktop apps, etc.) As an Apple Watch user, it would be fantastic to have this feature on my Apple Watch BW applet!
Iāve red the comments here and I also want to extend the session-management functionality. Itās nice you can kill all the active sessions, but this is a little rude and not always necessary. What I would like to see is what Proton (and 1Password) has done for their password manager:
- Show active sessions per device and browser. Show the first date and time and the last active moment
- Make it possible to log-out per device or browser session (Proton and 1Password)
- Make it possible to enforce 2FA for a active device or browser session (1Password)
- When a device or browser session has logout I want always get a mail when the device or browser had successfully loggedin again. Even when if the device/browser has done a successfully login earlier in time.
- Give insights for the last 10 login requests including ip-address. Also the ones which are resulted in a block
This all will give me more insight and will also give me a better feeling about the actual state about the security of my Bitwarden vault.