In February 2025, Bitwarden is implementing new security measures requiring additional verification for users without two-step login. Users logging in from new devices will be prompted to enter a one-time verification code sent to their email after entering their master password. This extra layer of security aims to prevent unauthorized access even if passwords are compromised. Users with two-step login or those logging in via SSO, passkey, or API key are exempt from this verification. Those concerned about sharing their email with Bitwarden can set up alternative verification methods without using their email address. Overall, the goal is to enhance security for all users accessing their accounts.
https://bitwarden.com/help/new-device-verification/