Bitwarden account - Attempted hack today

[Chuckanut]

Most password managers allow for 2FA. Only turn on the 2FA that uses a code generator such as Authy, Google Authenticator, etc. Or those that use a phyusical key such as a Yubikey.

Avoid turning on 2FA schemes that send codes to your phone via a message. Bad guys are experts at stealing your phone number.

 

[target2019]

My phone number with Verizon is locked to my phone.

 

[bobandsherry]

Just got this email from Bitwarden. Thank God I don't keep investment or bank account login data in these password managers. I use Bitwarden as a backup to my LastPass account which is active. At least they were unsuccessful in getting in and stealing things like my Seeking Alpha username/password and a slew of logins for other non-essential websites I visit.

Well Bitwarden, thanks for the EXTRA security, whatever it is. (why wait until a hack attempt before you add the EXTRA SECURITY?)

With due respect, you could have turned "extra security" yourself, 2FA using either Authenticator or passkey. I get you use BW as a back-up, but seems important enough to prevent a simple hack attack and BW provides the tools to require more than a simple password. FWIW, I see daily (and multiple times a day) someone is trying to hack into my Microsoft account. I can see the activity in Microsoft Authenticator. I can't fault the tool for doing what it's supposed to do, just like BW did for you.

 

[aja8888]

My phone number with Verizon is locked to my phone.

With due respect, you could have turned "extra security" yourself, 2FA using either Authenticator or passkey. I get you use BW as a back-up, but seems important enough to prevent a simple hack attack and BW provides the tools to require more than a simple password. FWIW, I see daily (and multiple times a day) someone is trying to hack into my Microsoft account. I can see the activity in Microsoft Authenticator. I can't fault the tool for doing what it's supposed to do, just like BW did for you.

Yeah, I could have, but I didn't.

 

[JBTX]

To me an underrated measure is to either have a unique username and/or a rarely used different email address for highest security applications.

 

[BeachOrCity]

I really don’t see an alternative to using a password manager these days if you need to be able to login from multiple locations etc. storing them on your phone or written down is less safe.
I got off LastPass and on Bitwarden after lp seemed more concerned with their image and profits than security a year or two ago.

2fa thru an app or key is best, but a huge hassle… 2fa thru your phone leaves you a bit vulnerable.

Bottom line is at some point most of us will have someone try to hack phish or otherwise get into our accounts. Just need to be vigilant.