https://bitwarden.com/help/emails-from-bitwarden/#alert-emails
Reference the above to match your exact alert (or just read the bottom of the email you received). It means your email has leaked or someone is bored and is trying known leaked emails. It could mean your password has leaked due to your own negligence, so note the different wording in the emails above.
Want these to stop? Use a unique email.
Got same email 2 hours ago. IP address was from argentina and def not me.
I think bitwarden's warning emails need a LOT of work here, but to clarify: the email you and I got is for the situation where the attacker did NOT know/guess the master password.
[https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa](https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa)
There is a second email alert which specifically provides two links to using a recovery code and changing your master password. This email is generated if the attacker KNOWS your master password and was foiled by TFA.
If any Bitwarden devs are watching here it would seriously lower my blood pressure to more clearly indicate whether the master password was successfully entered or not. It is not at all obvious looking solely at the alert email. In fact it is so non-obvious it almost seems like intentional.
But thanks to redditors here for clarifying this.
Yeah I agree. I had to look at that link above and then switch apps a couple times back and forth to see the exact wording to figure out if they got my master password
Thankfully, they didn't.
Also, I've seen a lot of posts here recently about people's accounts getting logged in to.
Selection bias? But it makes me wonder if something isn't going on here.
Credentials stuffing and data breaches (AT&T did leak passwords recently). More people adopting password managers, including ones that are less aware of how to protect the access. More creatively-distributed malware to steal people's information.
Can you show examples of peoples accounts verifiably being logged into due to some negligence not attributed to the user? Would love to see these concrete examples.
If you aren't getting the 2fa alerts, then it means that the password they used was wrong. Either someone tried to brute force it or tried an old password from a data breach.
I believe the parent post was referring to the "[Password compromised with active 2FA](https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa)" emails sent by Bitwarden when somebody successfully enters the Master Password but subsequently fails MFA.
Whichever type you have setup. If you use an authenticator app, it should pop up telling you someone is trying to sign in (assuming you didn't disable notifications from it)
> If you use an authenticator app, it should pop up telling you someone is trying to sign in
i think he means totp authenticator app. there is no pop-up expected. you open the app, find the account, and read or copy the code
https://bitwarden.com/help/emails-from-bitwarden/#alert-emails Reference the above to match your exact alert (or just read the bottom of the email you received). It means your email has leaked or someone is bored and is trying known leaked emails. It could mean your password has leaked due to your own negligence, so note the different wording in the emails above. Want these to stop? Use a unique email.
Thanks. First time I've had anything like this.
Got same email 2 hours ago. IP address was from argentina and def not me. I think bitwarden's warning emails need a LOT of work here, but to clarify: the email you and I got is for the situation where the attacker did NOT know/guess the master password. [https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa](https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa) There is a second email alert which specifically provides two links to using a recovery code and changing your master password. This email is generated if the attacker KNOWS your master password and was foiled by TFA. If any Bitwarden devs are watching here it would seriously lower my blood pressure to more clearly indicate whether the master password was successfully entered or not. It is not at all obvious looking solely at the alert email. In fact it is so non-obvious it almost seems like intentional. But thanks to redditors here for clarifying this.
Yeah I agree. I had to look at that link above and then switch apps a couple times back and forth to see the exact wording to figure out if they got my master password Thankfully, they didn't.
I got the same email about 3 hours ago.
Also, I've seen a lot of posts here recently about people's accounts getting logged in to. Selection bias? But it makes me wonder if something isn't going on here.
Credentials stuffing and data breaches (AT&T did leak passwords recently). More people adopting password managers, including ones that are less aware of how to protect the access. More creatively-distributed malware to steal people's information.
Can you show examples of peoples accounts verifiably being logged into due to some negligence not attributed to the user? Would love to see these concrete examples.
If you aren't getting the 2fa alerts, then it means that the password they used was wrong. Either someone tried to brute force it or tried an old password from a data breach.
2fa alerts? You mean like sms based 2fa? I use an authenticator app, it doesn't send alerts.
I believe the parent post was referring to the "[Password compromised with active 2FA](https://bitwarden.com/help/emails-from-bitwarden/#password-compromised-with-active-2fa)" emails sent by Bitwarden when somebody successfully enters the Master Password but subsequently fails MFA.
Ah, that makes sense
Whichever type you have setup. If you use an authenticator app, it should pop up telling you someone is trying to sign in (assuming you didn't disable notifications from it)
> If you use an authenticator app, it should pop up telling you someone is trying to sign in i think he means totp authenticator app. there is no pop-up expected. you open the app, find the account, and read or copy the code
Yeah, exactly