I may be in the wrong place and this may be covered somewhere else, but I really need help. I just switched from LastPass to Bitwarden. I actually tried another manager first before Bitwarden, but Bitwarden really impressed me. However one thing has me regretting my choice now that I am setup and into daily use. I spend an HOUR every day clearing my email programs of the “Another device has logged into Bitwarden”. I can’t find anywhere to turn these off. I log out, and log back in whenever I am away, after all Bitwarden is now literally the keys to my kingdom. But this generates literal pages and pages of emails cluttering my email account. I use both Chrome and Edge, because I have some sites that just work better on one or the other, thus I log into extensions for both. I also like to keep the desktop app up as well. Anyway, this flood of emails can NOT continue.
PLEASE tell me there is a way to turn this off. My only other solution is to get a dead email address that I won’t use and attach it to my bitwarden account. Which would be terrible because if I DO need a notification of like changes to my account, etc. I do want to recieve THAT notification. But, why do I need an email for every login. I KNOW I logged in. Please help! I love this program and would hate to have to go to something else over something so… simple to fix.
Do you delete cookies automatically whenever you close your browser? Or do you only use incognito mode? If “yes” then you have found the reason why Bitwarden is convinced that you are on a new device whenever you log in. This could lead to constant emails.
Hey @jphogannet just to confirm, you prefer to fully log out clients vs keeping your vaults in a locked state? Are you preventing your browser from storing cookies?
These emails are typically when logging in from a new device.
John, this is overkill. Almost all Bitwarden users keep their vaults logged in at all times, and secure the vaults by locking them when not in use (which can be done automatically, using vault timeout settings).
The main difference between logging out and locking your vault is that in the latter case (locking), Bitwarden retains a cached copy of your vault data stored on your device — however, these locally cached vault data are fully encrypted using AES-256, and cannot be decrypted by anybody who does not know your master password. If your master password is sufficiently strong (e.g., a passphrase consisting of 4 or more randomly generated words, that have been selected by a passphrase generator), then the risk of the “keys to the kingdom” falling into the wrong hands is completely negligible.
One benefit of keeping your devices logged in, is that it provides an opportunity to access your data if Bitwarden’s servers are ever temporarily down, if you have network connectivity issues. In some cases, the cached vault copies have even been useful for recovering data when a user has changed their master password and forgotten the new password.
Finally, if the above has not convinced you to stop logging out so frequently, what email app do you use? Someone may be able to help you configure an email filter that automatically clears out the notification emails so that you don’t have to deal with them.
Overkill? To lock my pc when I step away? I have tried setting it to use Windows Hello, a pin, etc. When I come back, a few keystrokes and I am back in. So most likely I AM locking but it still sends an email every time. I also use multiple screens and multiple browser sessions, so when I return, its several instances of emails. I have gotten it simplified to just a few keystrokes and I am back in business, but the emails. And to make matters worse I didn’t give the email address I give the public that I only look at occasionally, I used the email address that hard notifies me for every email. So each email is a notification on my phone, laptop, desktop, ipad, etc. The one my own mother is not priviledged to know. I guess changing the email to one that goes unchecked is going to have to be the solution but this really sucks.
Just curious, how hard will it upset the applecart if the address sending these emails gets a reply from my servers for every one of those emails? Will my domain end up on a spam list? Because that is the email address I am tempted to give it, my dead letter box for spammers. Ugh.
No, I set it where I use a pin or windows hello. I guess I don’t know the difference between logout and lock. But yes, where someone who has physical access to my pc doesn’t get access to my passwords. But I use muliple sessions and screens so I am typing that pin a lot. And it apparently sees ALL of those as a separate login.
I have to add that I have recieved NO emails today. Yesterday it was in the 100s. I am wondering if it is my unique setup where that I use muliple browsers, multiple machines, multiple screens and regular VPNs, etc. It took the system some time to learn my habits? I guess if the price of admission to Bitwarden is that I have to look at a subject line filter and deal with an occasional deluge of emails when I change something on my system… But I would really really still like the ability to say no to the emails.
Not sure what you are saying with the questions above. Yes, logging out of every Bitwarden client multiple times a day is overkill. Locking your PC (e.g., using Win+L) when you step away is not overkill.
Also, you have not answered my question about what email client you use.
Using a PIN or biometrics is only possible for unlocking (not logging in), and this will not trigger an email notification (unless you are experiencing some obscure bug, in which case you should contact tech support). The only client that logs you out automatically (without requiring that you explicitly click something that literally says “Log Out”) is the Web Vault client. Most users rarely use the Web Vault, only for account maintenance (changing security settings, bulk deletion/moving of multiple vault items, or importing data). You should be using the browser extension for most of your Bitwarden use on a PC. If you stop using the Web Vault when not necessary, you should not be getting the email notifications at the kind of frequency you are describing.
Because it didn’t seem relevant as I use different clients on different devices and that would launch a whole side discussion which would be irrelevant. Yes, I could potentially squelch them with a filter, but I prefer not to do that, though it seems if this comes back, I will certainly consider it.
It appears to be. Or perhaps it is the fact that I use multiple browsers, devices, VPNs, etc. If you find my latest update you will see it has not sent any mails today. Perhaps the system just had to learn all the different ways I log in/access Bitwarden to be able to fulfill my purposes.
I am. This is what seems to be generating the biggest portion of the emails. It seemed to take each Browser, machine, etc. as a separate new login. I use multiple browsers and multiple windows and screens. I was not getting the setting to NOT log out but to lock on many of them.
At any rate the problem has appeared to subsided as no emails this morning and I have logged into everything and working away. If it resurfaces then I may just do a subject line rule to sweep them away. Or, I may just block Bitwarden at the domain level. As it is I have spent far too much time on this issue. Thank you one and all for your help!
This much is true, and if your IP address ever changes in the future due to VPN use (or travelling), or if you clear your browser cookies, it will again register as a new machine (triggering a new notification).
However, what is categorically not true is that Bitwarden generates emails when you unlock a client that is already logged in. Take a good look at the Bitwarden sign-in interface: do you see the words “Your vault is locked” and “Unlock”, or do you see the words “Log in”? If you see “Unlock” and not “Log in”, and if unlocking then causes you to get an email notification from <[email protected]> with a body that starts “Your Bitwarden account was just logged into from a new device” (with a timestamp that matches the time that you unlocked the client), then congratulations — you have discovered a bug in the software.
If you have the time (sounds like maybe not) and if you want the bug to be fixed, you can file a bug report (including a description of the steps taken to reproduce the behavior) by opening a new “issue” on GitHub.