Bitwarden is one of the most popular password administrators. It has many users, on different platforms, and continuously launch improvements to increase security. In this article, we echo the last change they have introduced to make it more complicated that they can break the security without two steps authentication. We are going to talk about what it consists of and how can help you.
What they have done is add an additional security layer in those accounts that are not protected by the authentication of two factors, which is something we always recommend having. They will require an extra verification, to avoid that a possible intruder can enter the account and collect passwords.
Bitwarden improves protection
The two -step authentication consists of a double verification to enter an account. Beyond putting the password, it is required to enter a code, which can reach you through an SMS or through a 2FA application, such as Google Authenticator. With this, you avoid that, even if they steal your password, they can enter the account.
The problem is that not all users have enabled this option in Bitwarden. Then, passwords can be exposed if you access an intruder. To reduce risks, what they have done from Bitwarden is to create an additional verification for all users who have not enabled the 2FA. This consists in having to put a code they receive by e-mail.
But when does this novelty act? This only appears when Bitwarden detects that you are trying to log in from a new device, which can be potentially suspicious. In that case, you will ask that the user introduce that code, that extra verification, which will arrive by e-mail.
We can say that it is an authentication measure in two steps. Although users do not have it enabled in their account, somehow Bitwarden “forces” to have something to double a login and thus avoid complications, with the aim of protecting the saving passwords to the maximum.
When the additional message is activated
As we say, this additional code will have to put it when you detect that there is a suspicious login. In that case, they will send this additional message and play it to enter the account and access the stored keys.
This will appear whenever you log in from a new device. For example, if you always enter from your mobile and suddenly log in from a tablet or a computer. You will also have to put the code in case of reinstalling the application on the device or if you have deleted cookies in the browser.
In short, Bitwarden now shields more and protects users who have not enabled two steps authentication. If this is your case, from networks we recommend that you configure the 2FA and correctly protect your account. It is not something you should do only in the Bitwarden application, but in any other registration on the Internet, in any other account.
