Bitwarden increases access security for user accounts
Bitwarden increases the security of access: Anyone who has not activated two-factor authentication will receive confirmation codes by e-mail.
(Image: Song_about_summer/Shutterstock.com)
The password manager Bitwarden is to receive better protected access. Users who have not yet activated two-factor authentication will then have to enter a confirmation code from an email when using new, previously unknown devices. This is therefore a kind of enforced two-factor authentication "light". The mechanism is now set to be activated in February.
Bitwarden recently announced this in a blog post. Password vaults are a valuable target for attackers, writes the project. It is therefore important to ensure that they are strongly secured. "Bitwarden is placing a new verification measure on logins from unrecognized devices to vastly improve the protection for accounts lacking the critical security measure of two-step login," the authors write, "this ensures that these users’ sensitive information stays private and out of hackers’ hands".
Best protection remains a strong password
The best protection for a Bitwarden password vault is therefore a strong password that has never been used elsewhere. The next best option is a two-step login with two-factor authentication to protect access security. "Many users follow these recommendations, but some do not, which increases their risk of becoming a victim of a cyberattack such as credential stuffing (the automatic trying out of passwords) or phishing," writes Bitwarden.
Videos by heise
The mechanism itself is relatively simple: shortly after entering the email address and password of the Bitwarden account, Bitwarden sends a verification code to the email address on file, provided the server does not recognize the device, 2FA is not activated and no single sign-on (SSO) is used. Those affected then need access to their emails to access the code and submit it to the Bitwarden app.
Bitwarden points out that it can be problematic if those affected store their email access data in Bitwarden and do not have 2FA activated. Access to the email account could then no longer be possible, and consequently also access to the password vault. Anyone who has not activated 2FA should therefore ensure that they can access their emails in another way. However, it is best to activate the two-step log-in directly.
(dmk)
