How to add a backup two-step login provider to Bitwarden
Earlier this month, I wrote a tutorial on enabling the upcoming security standard WebAuthn in Bitwarden as a two-step login protection. WebAuthn, which stands for Web Authentication, is integrated into operating systems, browsers and other programs.
One of the shortcomings of the standard is, that it is not available universally at the time. Bitwarden users who set the authentication feature up on a device may notice that they lock themselves out on other devices.
This may happen under two circumstances:
- The "other" device or software does not support WebAuthn yet.
- Operating system specific authentication options, such as a Windows Hello Pin, were selected for authentication.
When I set up WebAuthn in Bitwarden on my work laptop, I configured it to use the Windows Hello Pin. The other option, using a security key, was not selected at the time. Attempts to sign-in to Bitwarden on other devices, even other Windows devices, were met with a prompt to enter a security key for authentication. The Windows Hello Pin is valid only on the device it is set up on.
Once WebAuthn is set up, Bitwarden users may run into this issue. The only way to resolve this is to add a second two-factor authentication option to the account, which may then be used on other devices. Bitwarden users who have access to a security key, e.g. a Yubikey, may use that method as well, but it may still lead to issues on devices that do not support WebAuthn.
Tip: read here why you should not enable Bitwarden's PIN sign-in feature.
Bitwarden: adding a backup two-step login option
It may be necessary to access Bitwarden on the device WebAuthn was set up on. Here is the process to add a second option to the account:
- Open the Bitwarden website.
- Select Menu and then Log In.
- Type or paste the email address, or confirm it if "remember email" was selected previously. Select Continue.
- Use the two-step login authentication option to confirm the sign-in process, e.g. type the Windows Hello Pin.
- Open the account settings with a click on the username icon in the upper right corner.
- Switch to Security.
- Select the Two-step login tab on the Security page.
- Bitwarden lists all supported two-step login providers. Using an Authenticator app is a good backup option.
- Select the option and follow the instructions to connect the app to the Bitwarden account. It involves scanning a QR code that Bitwarden displays on the website using the app; this integrates Bitwarden into the app.
When Bitwarden prompts to authenticate using WebAuthn, but the option is not available, select "use another two-step login method" on the WebAuthn prompt.
With this backup option in place, Bitwarden users may once again sign-in to all the service's apps, browser extensions and web vault on all their devices.
Now You: do you use two-step login?Advertisement