Edit (Update/Correction):
It looks like I was very likely wrong (a good thing in this case!).
According to this entry in the official Bitwarden Help Center bitwarden[.]net is official too!
Its still weired that the login failed multiple times and bitwarden[.]net doesn’t redirect to the homepage, as the other official domains do, and so on.
Nonetheless, all seems to be fine, gladly. Thanks for your input.
I’ve tried to log into Bitwarden and used vault.bitwarden[.]net, it failed. Also, this page is the only one on this domain (nothing on bitwarden[.]net) and the SSL Certificate differs.
vault.bitwarden.com (and bitwarden.com) behaves as expected.
I think I’ve actually used a phishing site. 2FA probably safed me pretty hard. Changed creds.
Might be a testing/beta website, note the version number displayed at the bottom:
- .net is at
Version 2023.5.1
- .com is at
Version 2023.5.0
Also, the login form definitely does behave like the original site (given that Bitwarden is open-source, that is extremely easy to accomplish, however).
Interesting. I’ve updated my post, .net is official according to their help center (linked in post).
- .net is at
Thanks mate, just updated 2FA on mine
I’ve updated my post. Seems to be legit, regarless my issues with this webpage. Still a good thing that you uodates your 2FA!
whois data is redacted for privacy in both cases, but given that the domain is registered since 2018 I guess it’s benign or somebody is in it for the long con.