Why YSK: Because if you are like most people, you also store your email’s password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn’t be able to log in to your email to get the verification code, because your email’s password is in the vault itself 👀)
(Imagine leaving your key in your house, lol)
Source: https://bitwarden.com/help/new-device-verification/
Excerpt:
To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.
Good thing I noticed, otherwise I might’ve had a bad time next month 😖
Edit: Updated title to clarify that people who have 2FA are not affected.
How the fuck am I supposed to use 2FA when BW stores my email password?
This is like them saying giving up and making your email the actual password manager.
I need a local password manager that just works when everything else is down.
https://www.makeuseof.com/bitwarden-email-2fa/
Their solution is totally ass: “just remember TWO master passwords”
There are at least three other MFA methods that are not email based, and so no, you don’t have to remember your email password.
Get an authenticator app. Get an authenticator key. Or hell, go use Duo for free (not recommended). And if none of those do it for you, use your 2FA recovery code. That’s what it exists for.
And if all else fails, you can still shoot yourself in the foot and opt out of the change, but you’re just begging to have your passwords stolen ¯_(ツ)_/¯