Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
That’s the problem, many people only have one device. (My parents, grandparents, probably aunts and uncles all mostly use their phones, probably doesn’t have a second phone, or even touched a computer for a while, imagine if one of them used Bitwarden)
I personally haven’t used my PC for a while, since I don’t feel like playing games anymore, so most of my time using electronics is mostly doomscrolling Lemmy and watching Youtube (don’t judge). So if my phone happened to break, or if my app got corrupted for some reason and I had to re-download, I could definitely have gotten locked out, but luckily I saw that notice, I have the Email password saved in Keepass, so now that threat is over).
(I know I should’ve backup the vault, but I kinda procrastinated 🙃)
They have different threat models. If they don’t have a PC, they most likely don’t and never will have bitwarden. They’ll let apple or Samsung or Google handle their security for them. In the end, we all accept some level of risks across different threat dimensions. Some people are more lax and some people are more strict. It’s not the end of the world.