this post was submitted on 28 Jan 2025

271 points (96.9% liked)

You Should Know

33880 readers

19 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.

Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated.

Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago

MODERATORS

Thekingoflorda@lemmy.world

_MoveSwiftly@lemmy.world

ja2@lemmy.world

Rooki@lemmy.world

FartsWithAnAccent@lemmy.world

FartsWithAnAccent@fedia.io

271

YSK that Bitwarden will require you to enter verification codes sent to your email before letting you log in, starting February 2025 (Edit: This is for those who aren't currently using 2FA) (lemmy.dbzer0.com)

submitted 3 days ago* (last edited 2 days ago) by IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com to c/youshouldknow@lemmy.world

82 comments fedilink hide all child comments

Why YSK: Because if you are like most people, you also store your email's password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn't be able to log in to your email to get the verification code, because your email's password is in the vault itself 👀)

(Imagine leaving your key in your house, lol)

Source: https://bitwarden.com/help/new-device-verification/

Excerpt:

To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.

Good thing I noticed, otherwise I might've had a bad time next month 😖

Edit: Updated title to clarify that people who have 2FA are not affected.

you are viewing a single comment's thread
view the rest of the comments

[–] katamari_22@lemmy.ml 9 points 2 days ago (1 children)

"who do not use two-step login"

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 0 points 2 days ago (1 children)

Enough people that they decided to make this mandatory.

So, probably a lot.

[–] trevor@lemmy.blahaj.zone 3 points 2 days ago (1 children)

They should be using 2FA then. There are at least 3 other multifactor authentication options available. Configure one of them, or you can be affected by the device verification change. Or, you can disable the feature, but without any secondary auth factor, you're just begging to have your passwords stolen.

[–] deegeese@sopuli.xyz 5 points 2 days ago* (last edited 2 days ago) (1 children)

How the fuck am I supposed to use 2FA when BW stores my email password?

This is like them saying giving up and making your email the actual password manager.

I need a local password manager that just works when everything else is down.

https://www.makeuseof.com/bitwarden-email-2fa/

This may sound handy initially, but it poses a problem for people who store their email passwords in Bitwarden. It creates a nasty catch-22 where they need to access their email to get their Bitwarden login code, but they need to access Bitwarden to get their email password.

To prevent this from happening, Bitwarden advises that you make a memorable password for your email account, then add a 2FA layer onto it so people can't access your inbox.

Their solution is totally ass: “just remember TWO master passwords”

[–] trevor@lemmy.blahaj.zone 2 points 2 days ago

There are at least three other MFA methods that are not email based, and so no, you don't have to remember your email password.

Get an authenticator app. Get an authenticator key. Or hell, go use Duo for free (not recommended). And if none of those do it for you, use your 2FA recovery code. That's what it exists for.

And if all else fails, you can still shoot yourself in the foot and opt out of the change, but you're just begging to have your passwords stolen ¯_(ツ)_/¯