My Account > Two-step Login > Setup Guides
My Account > Two-step Login > Setup Guides

Two-step Login via YubiKey

Two-step login using YubiKey is available for premium users, including members of paid organizations (families, teams, or enterprise). Any YubiKey that supports OTP can be used. This includes all YubiKey 4 and 5 series devices, as well as YubiKey NEO and YubiKey NFC. You can add up to five YubiKeys to your account.

Tipp

Most modern YubiKeys, including 5 series keys, support the FIDO2 WebAuthn protocol. If your key supports it, which you can determine using the YubiKey Manager application, we recommend setting up your key as a FIDO2 WebAuthn device by following these instructions.

Setup YubiKey

To enable two-step login using Yubikey:

Warnung

Wenn Sie den Zugriff auf Ihr Gerät für die zweistufige Anmeldung verlieren, können Sie dauerhaft aus Ihrem Tresor ausgesperrt werden, es sei denn, Sie notieren sich Ihren Wiederherstellungscode für die zweistufige Anmeldung und bewahren ihn an einem sicheren Ort auf oder haben eine alternative Methode für die zweistufige Anmeldung aktiviert und verfügbar.

Rufen Sie Ihren Wiederherstellungscode sofort nach der Aktivierung einer beliebigen Methode auf dem Bildschirm für die zweistufige Anmeldung ab.

  1. Log in to your web vault.

  2. Select the profile icon and choose Account Settings from the dropdown:

    Kontoeinstellungen |
    Kontoeinstellungen

  3. Select the Security page and the Two-step Login tab:

    Two-step Login |
    Two-step Login

  4. Locate the YubiKey OTP Security Key option and select the Manage button.

    Select the Manage button |
    Select the Manage button

    You will be prompted to enter your master password to continue.

  5. Plug the YubiKey into your computer's USB port.

  6. Select the first empty YubiKey input field in the dialog in your web vault.

  7. Touch the Yubikey's button.

    If you will be using the YubiKey for a NFC-enabled mobile device, check the One of my keys supports NFC checkbox.

  8. Select Save. A green Enabled message will indicate that two-step login using YubiKey has been enabled.

  9. Select the Close button and confirm that the YubiKey OTP Security Key option is now enabled, as indicated by a green checkbox ( ).

Repeat this process to add up to 5 YubiKeys to your account.

Hinweis

Wir empfehlen Ihnen, die aktive Registerkarte des Web-Tresors geöffnet zu lassen, bevor Sie mit dem Testen der zweistufigen Anmeldung fortfahren, falls etwas falsch konfiguriert wurde. Sobald Sie sich vergewissert haben, dass es funktioniert, loggen Sie sich von all Ihren Bitwarden-Anwendungen aus, um jeweils die zweistufige Anmeldung zu verlangen. Sie werden dann automatisch ausgeloggt.

Self-hosted setup

If you're an organization administrator, you'll need to configure a pair of environment variables in global.override.env in order to allow calls to be made to the YubiKey OTP API:

Variable

Description

globalSettings__yubico__clientId

Replace value with ID received from your Yubico Key.

Sign up for Yubico Key here.

globalSettings__yubico__key

Input the key value received from Yubico.

Use YubiKey

The following assumes that YubiKey is your highest-priority enabled method. To access your vault using a YubiKey:

  1. Log in to your Bitwarden vault on any app and enter your email address and master password.

    You will be prompted to insert your YubiKey into your computer's USB port or hold your YubiKey against the back of your NFC-enabled device:

    YubiKey Prompt |
    YubiKey Prompt
    Tipp

    Aktivieren Sie das Kontrollkästchen Angemeldet bleiben, um Ihr Gerät für 30 Tage zu speichern. Wenn Ihr Gerät angemeldet bleibt, müssen Sie den zweistufigen Anmeldeschritt 30 Tage lang nicht mehr durchführen.

    If you are using a non-NFC YubiKey on a mobile device:

    1. Plug your YubiKey into the device.

    2. Tap Cancel to end the NFC prompt.

      Cancel NFC |
      Cancel NFC

    3. Tap the text input field, denoted by a gray underline.

    4. Tap or press your YubiKey button to insert your code.

  2. Select or tap Continue to finish logging in.

You will not be required to complete your secondary two-step login step to unlock your vault once logged in. For help configuring log out vs. lock behavior, see vault timeout options.

NFC troubleshooting

If your YubiKey's NFC functionality isn't working properly:

Check that NFC is enabled:

  1. Download YubiKey Manager.

  2. Plug the YubiKey into your device.

  3. Select the Interfaces tab, and check that all boxes in the NFC section are checked.

Check that NFC is configured properly:

  1. Download the YubiKey personalization tool.

  2. Plug the YubiKey into your device.

  3. Select the Tools tab.

  4. Select the NDEF Programming button.

  5. Select the the configuration slot you would like the YubiKey to use over NFC.

  6. Select the Program button.

(Android-only) Check the following:

  • That you checked the One of my keys supports NFC checkbox during setup.

  • That your Android device supports NFC and is known to work properly with YubiKey NEO or YubiKey 5 NFC.

  • That you have NFC enabled on your Android device (SettingsMore).

  • That your keyboard layout/format/mode is set to QWERTY.

© 2023 Bitwarden, Inc.
NutzungsbedingungenDatenschutzerklärungSitemap