Verification on a new device, but cannot access my email

ZCs · May 11, 2025, 1:40pm

Hi,

I want to log in from a new device. I know my email address as well my master password. However, since this is a new device, Bitwarden sends a verification code to my email. The problem is: I don’t know the password for this email because it’s stored in Bitwarden. What can I do?

Thank you.

grb · May 11, 2025, 1:59pm

@ZCs Welcome to the forum!

You should contact Customer Support (using an email address that you do have access to) and explain your situation. They are able to temporarily waive the New Device Login Protection requirement, so that you can log in without the verification code. The waiver is only for 24 hours, so make sure that you frequently check your email for responses after you have submitted your support request.

When you get the waiver, do the following:

Log in to the Web Vault on a normal browser (not Private/Incognito).
Enable Two-Step Login.
Obtain your Two-Step Login Recovery Code.
Disable New Device Login Protection (see the last paragraph in the Opt-Out Instructions).

For maximum protection against future mishaps, also do the following:

Create an encrypted ZIP export.
Create a Security Readiness Kit (a.k.a. “Emergency Sheet”), and store it securely; the emergency sheet should include not only your Bitwarden login credentials but also the login information for your new email account.

ZCs · May 11, 2025, 2:47pm

Thanks a lot @grb.

grb · May 11, 2025, 3:41pm

Let us know how it goes.

ZCs · May 11, 2025, 4:38pm

The Bitwarden support was very responsive. They suspended the new device login protection for 24 hours, so I could log in.

When you get the waiver, do the following

So what you recommend is that I use a two-step login instead of new device protection?

Create an encrypted ZIP export

I can see four options: .json, .csv, .json (Encrypted) and .zip (with attachments). The zip file turned out not to be encrypted.

Nail1684 · May 11, 2025, 5:57pm

@ZCs When you enable Two-Step Login (2SL/2FA) for the Bitwarden account/vault, then New Device Login Protection (NDLP) automatically get’s deactivated.

So, there are two possible ways here - and both have some valid arguments:

you can deactivate NDLP when you activate 2FA - but be aware, if you ever deactivate 2FA, then NDLP would still be deactivated and you would have no other additional protection than only your master password
you can let NDLP be “active in the background” (i.e. deactivated as long as 2FA is active), but then, be aware, that if you ever deactivated 2FA – either by deactivating every 2FA-option in the web vault or by using the 2FA recovery code – NDLP would activate itself automatically → but as long as you have the login credentials (password, 2FA…) for your Bitwarden email address on your emergency sheet, then you won’t lock yourself out (or even, as you see now, the Bitwarden support can deactivate NDLP temporarily if you can verify yourself to them)

So, I personally don’t see the absolute need to deactivate NDLP…

Yes, .zip export with attachments is fairly new and doesn’t have an “encrypted” option at the moment… (maybe @grb meant, to encrypt this export afterwards?!)