this post was submitted on 28 Jan 2025
252 points (96.7% liked)

Technology

76339 readers
4448 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Bitwarden users who store their email account credentials within their Bitwarden vaults would have trouble accessing the sent codes if they are unable to log in to their email.

To prevent getting locked out of your vault, be sure you can access the email associated with your Bitwarden account so you can access the emailed codes, or turn on any form of two-step login to not be subject to this process altogether.

you are viewing a single comment's thread
view the rest of the comments
[–] jim@programming.dev 2 points 8 months ago (2 children)

I understand this change by Bitwarden, but I wish they gave us the option to turn this off or at least given us more time before forcing this on us.

There's a lot of comments talking about how this increases security, which is true. But it also increases the risk of account lockout. This is especially true in two scenarios: traveling and incapacitation.

Traveling - for those of us who travel frequently, we carry all of our belongings with us. This makes us particularly vulnerable to account lockouts. We can't securely store backup devices or documents in easily accessible locations. We can't easily rely on trusted friends or family because they are so far away. Also, internet accounts are more likely to lock us out anyway because we are logging in from a different country, which is suspicious behavior.

Incapacitation - god forbid, if there comes a time when we are permanently or temporarily incapacitation, it becomes important for our loved ones to access accounts. When we are in the hospital, it's important that our loved ones get access to our personal accounts. I personally have advanced directives and have worked with an estate lawyer to make sure that my Bitwarden account becomes available. I also have instructions for immediate trusted family on how to access my vault if I were ever in the hospital. With this short notice, I need to scramble to get all of that updated and provide a way for them to access the account without my 2FA devices.

The above scenarios are based off of my real experience. These are real and likely risks that I have to account for. Security is not just making sure that outside bad actors CANNOT gain access, but it also means that the right people CAN get access at the right time.


What am I going to do? I'm weighing my options.

  1. I believe the self-hosted version of Bitwarden does not require this. This comes with its own set of risks though.
  2. Pay for premium, which comes with lockout support - I need to see if this can take care of both use scenarios above.
  3. Turn on 2FA and memorize the recovery code. While viable, since I will only use the recovery code once, I'm likely to forget it.
  4. Change the email to a non-2FA email address, only used by Bitwarden, with a strong but easily memorable password. This email must allow access from foreign countries without lockout (gmail is out). I'm actually strongly considering this.
[–] Toribor@corndog.social 1 points 8 months ago

I've had a good experience self hosting Bitwarden (using Vaultwarden). I've printed off some instructions for my wife or family to gain access in case something happens to me. I haven't done this yet but I also want to occasionally export my vault to an encrypted USB to keep alongside things like passports and birth certificates.

Those might be good options for you too considering the risks you've outlined.

[–] MangoPenguin@lemmy.blahaj.zone 1 points 8 months ago (1 children)

The other option for traveling that might be better is use Keepass with the file stored on your phone, that way no internet is needed and there's no chance of lockout from your password DB.

[–] Toribor@corndog.social 3 points 8 months ago* (last edited 8 months ago) (1 children)

Bitwarden caches passwords locally so if your self hosted instance goes down or is inaccessible to can still access those cached credentials and OTP codes.

I tested this thoroughly and was very nervous that a server outage at home would lock me out of the credentials I need in order to fix it. It's been good enough for me to get by until I can fix whatever is broken.

[–] MangoPenguin@lemmy.blahaj.zone 1 points 8 months ago (1 children)

Yeah that's true. I just have worries that the app might do something weird and require a log in and re-sync.

[–] Toribor@corndog.social 2 points 8 months ago

Yeah it's worth considering risks. If I lose access to my credentials it would be a ridiculous amount of work to recover, probably losing access to some things forever.