What are the conditions for Bitwarden to send failed attemps email?

Hi,

I received this mail from bitwarden. It seems legit, but I have one question :

Does that means the login failed because wrong password were tried ? Or does that means the login failed because the good password was used but the hacker didn’t had the 2FA ?

In the first case it’s not a problem. In the second it is.

Thank you for your help.

@TiTwo102

The email that you received is triggered after 9 consecutive failures to enter the correct master password.

If someone successfully enters the correct master password but enters an incorrect 2FA, then the wording of the email is slightly different:

 

Please note that this second email template ends with a recommendation to “change your master password immediately.”

That, IMHO, is a really poor choice of wording for that warning email.

You have to guess, from the recommendation to change the master password, that the attempts were made with the correct one.

This is something so critical (someone attempted to login in your account with a correct master password) that I think it shoud be highligted clearly in big red bold letters in that warning.

The other possibility is that it was you who was attempting to log in, but your 2FA failed (perhaps the system clock was not correctly synchronized on your device, creating incorrect 2FA codes).

If every such failed 2FA attempt resulted in a notice saying
:warning: SOMEONE HAS STOLEN YOUR MASTER PASSWORD!!! :warning:,
I think this would create a lot of unnecessary panic (and calls to tech support).

Strongly dissagree.

Your wording is also potentially wrong: Bitwarden has no way of knowing if someone has stolen my master password. What it knows is that some used it (be it me or someone else).

The warning should read something along the lines of:

A login attempt with a correct master password failed to authenticate due to a missing/incorrect second step.

I will know if it was me or not and I need to react INMEDIATELY.

Thanks for the answer.

I have to agree that something more understandable should be in the e-mail. Something like :

  • … tried to log into your account by entering the wrong password X time. We recommend you to check the security level of your password and turn on 2FA.
  • … tried to log into your account by entering the wright password but the wrong 2FA code X time. We recommend you to change your password as soon as possible.