Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
Thanks for the heads up, though this would be less of an issue if you have the email app on your phone or the tab pinned in Firefox.
The real issue is i gotta use another authentication app for my email now, have been using Bitwarden itself for 2fa codes for proton. Definitely can’t use proton pass to 2fa for my proton account.
I don’t even know. Gonna have to find another reputable authenticator app.
Guess I should also check if Bitwarden or proton support physical security keys. Would be pretty bomb proof since my keys are always in my pocket anyway.
Aegis is a good Authenticator app you could consider
Generally, it’s not recommended to keep TOTP and passwords at the same place
Two apps on the same device is still the same place. Same app but on different devices is different places.
Bitwarden supports phys. keys but you have to pay for the premium subscription to use them, which is 10$/year