Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
My email is one of the few passwords I still know without my password manager.
It probably is time for me to rethink that 🤔
100%. Control of someones email is just about the #1 target for someone to breach. It not only gives someone a ton of data about you, its almost always the method companies use to reset passwords. Someone with full access to your email can wreck your day/month/year.
These are basically the same reasons I haven’t turned it over to my password manager.
A weak or reused password is much more dangerous than a secure password manager with mfa enabled.
🤨
…I will be sure to change all of my weak and/or reused passwords.
Thanks for the tip…
If I was in a coma for five years and woke up, I’d still remember my 40-something character password manager password. I should do the same thing for my E-mail.