New Device Login Protection (February 2025)

To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.

Most users will not experience this prompt unless they are frequently logging into new devices. This verification is only needed for new devices or after clearing browser cookies.

If you regularly access your email, retrieving the verification code should be straightforward. If you prefer not to rely on your Bitwarden account email for verification, you can set up two-step login through an Authenticator app, a hardware key, or two-step login via a different email.

Users affected by this change will see the following in-product communication and should have received an email informing them of the change:

This change will go into effect starting February 2025.

Bitwarden is implementing this change to enhance security for users who don’t have two-step login activated. If someone gains access to your password, they still won’t be able to log into your account without secondary verification (the code sent to your email). This extra layer helps protect your data from hackers who often target weak or exposed passwords to gain unauthorized access.

You will only get prompted for this verification when logging in from new devices. If you’re logging into a device that you’ve used before, you will not be prompted. 

A new device is any device that hasn’t been previously used to log into your Bitwarden account. This could include a new phone, tablet, computer, or browser extension that you’ve never logged in from before. When you log in from a new device, you’ll be asked to verify your identity via a one-time code sent to your email. 

Other scenarios that will initiate a new device will be:

Email verification codes will only be required on new devices for users that do not have two-step login enabled. You will not see this prompt on previously logged in devices and you will log in as normal with your account email and your master password. 

If you are logging into a new device, your Bitwarden account email will receive a one-time verification code. If you have access to your email, i.e. a persistent logged in email on your mobile phone, then you will be able to grab the one-time verification code to log in. Once logged in to the new device, you will not be prompted again for the verification code. 

If you regularly log into your email using credentials saved in Bitwarden or do not want to rely on your email for verification, you should set up two-step login that will be independent from the Bitwarden account email. This includes an authenticator app, security key, or email-based two-step login with a different email. Having any 2FA method active will opt the user out of the email-based new device verification. Users with 2FA active should also save their Bitwarden recovery code in a safe place.

The following categories of logins are excluded:

• Users who have two-step login set up are excluded.

• Users who log in with SSO, a passkey, or with an API key are excluded.

• Self-hosted users are excluded.

• Users who log in from a device where they have previously logged in are excluded.

• Users who opt-out from their account settings, to which an option will be added, are excluded (Not recommended).

No. Users logging in with SSO will be exempt and not asked to verify the login on a new device. However, if a user, without two-step login enabled, logs in with a username and password without going through SSO, they will be asked to verify the new device.

Users who want to remain anonymous have several options available:

• Use a two-step login option that doesn’t require an email, including an authenticator app, security key, or email-based two-step login with a different email.

• Use an email alias forwarding service.

• Self-host Bitwarden.

Bitwarden encourages users to have an active email, as Bitwarden sends important security alerts like failed login attempts.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!