Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
I’m getting sick of all this two step verification and code confirmation bullshit. I don’t need my Instagram password stored in a bank vault with 24 hour security. Let me opt out of all this extra security and if it gets breached then blame me for opting out.
I don’t even have two step verification turned on for something and I still needed to check my email for a code and then when logging into the email I needed to check my phone for a second code just so I could access the first code for some bullshit account I hardly ever use. It’s incredibly frustrating.
If I want to go through all that shit for security purposes then I will ask you to go through all those steps. Don’t force me to. Fuck.
It’s because PCI requirements, they offer to store credit card information and PCI compliance now requires that be under a 2FA. Also honestly, you should be using 2FA regardless, make it less annoying by using a proper token Authenticator. Authy is a decent one, avoid Google Authenticator bit Warden also offers a separate program for token Authentication that you can use on your phone.
Tokens are still an extra step but less annoying than having to go check your email for a code. Or you can go the extra mile and purchase something like a yubikey, all you have to do is have it plugged into a computer USB port and it will handle the two-factor for you automatically