Password managers are a great way to store your login details, but if a hacker gets a hand on your master password, they’ll gain access to every account you’ve stored on them. Fortunately, Bitwarden is adding a feature that will make it much harder for hackers to access your vault, even if they know your password.
Bitwarden Users Will Get Two-Factor Authentication Emails by Default
As announced on the Bitwarden website, the password manager app has a new two-factor authentication (2FA) protection layer. Bitwarden users can always add their own 2FA methods via the settings for free, but this update specifically targets people who have yet to enable 2FA:
Soon, after you enter your Bitwarden account email address and master password, if the device where you’re logging in is not recognized by the Bitwarden server and you do not have two-step login enabled nor are using enterprise SSO, Bitwarden will email a verification code to the email account on file. You will need to go to your email account to access the code and provide it to the Bitwarden application to continue.
This may sound handy initially, but it poses a problem for people who store their email passwords in Bitwarden. It creates a nasty catch-22 where they need to access their email to get their Bitwarden login code, but they need to access Bitwarden to get their email password.
To prevent this from happening, Bitwarden advises that you make a memorable password for your email account, then add a 2FA layer onto it so people can’t access your inbox. You can also follow Bitwarden’s guide on adding an authenticator to your account, which will disable the email 2FA method. And if this is the first time you’ve heard of the app, check out why you should use Bitwarden to save your passwords.