Identity

Mandatory email verification implemented by BitWarden for non-2FA accounts

Widely used password manager Bitwarden has moved to better secure accounts without two-factor authentication with the introduction of mandatory email verification beginning next month, which would prevent password vault access without inputting the sent code, according to BleepingComputer.

"When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults," said Bitwarden, which noted that required email verification codes will be sought after app reinstallation or browser cookie deletion, but not for users leveraging self-hosted instances or those that have already implemented 2FA, API keys, or SSO for logins. Users looking to maintain access to their Bitwarden accounts have been urged to ensure independent credential access or activate 2FA. Despite such protections, users should ensure using robust master passwords that could not be easily compromised in brute-force intrusions.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds