Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
This introduces so many failure modes. What if my email provider goes bankrupt, or fucks up their servers, or bans me? Access to my Bitwarden Vault is now dependent on some company’s whims
I mean, you could set up 2FA and save the QR code that you used to set up the 2FA in unencrypted format on some cloud, making it a de facto 1FA. That could be the workaround if you just refuse to use 2FA.
Or you could just move to Keepass like I’m planning to do.
I set up 2FA, took a screenshot of the QR code, printed it out, and stuck it in a fire safe.
This is only for devices you haven’t logged in from before.
I liked the thought that if I were to lose my phone while traveling, I could just borrow a computer and access all my accounts anyway and not getting very uncomfortably stuck. This is putting me at big risk there.
there will be an option to turn it off, so no worries