Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)

(Imagine leaving your key in your house, lol)

Source: https://bitwarden.com/help/new-device-verification/

Excerpt:

To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.

Good thing I noticed, otherwise I might’ve had a bad time next month 😖

Edit: Updated title to clarify that people who have 2FA are not affected.

  • darkstarEnglish
    1·
    20 hours ago
    1. Use a 2FA app that allows you to export encrypted backup (I use Aegis)
    2. Make an encrypted backup of your 2FA keys and store that using the 321 rule.
    3. The 321 rule is 3 copies, 2 different types of media, and 1 copy offsite.

    If your 2FA backup is encrypted, you can even store it in Google Drive or wherever, ask a family member to keep a copy, it doesn’t matter if the password is strong.

    If you’re extra scared of losing your keys then you can use something like Authy as a last resort, they make it super easy.

    I work in cyber forensics and incident response, 2FA and strong passwords can prevent 99% of the shit I see.