Two-step Login Methods
tip
February / March 2025: To increase account security, Bitwarden will soon require additional verification for users who do not use two-step login when logging into your account from a new device or after clearing browser cookies. You may have received an email and product notification indicating this.
After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email. Alternatively, you can:
Preemptively set up two-step login by following any of the guides on this page.
Opt-out of this feature from the Settings → My account screen in the Danger Zone section.
Using two-step login (also called two-factor authentication, or 2FA) protects your Bitwarden vault in case someone gets ahold of your master password. It works by requiring authentication from another source when you log in. If you are unfamiliar with the basics of 2FA, check out our Field Guide.
There are many different methods available for two-step login. You can have as many active as your like. What's important is that any form of two-step login is active to be sure your account is protected.
Anyone can set up two-step login on their individual account by visiting the web app and choosing Settings → Security → Two-step login.
Set up at least one of the following two-step login methods. Setup instructions are available for each:
Method | Setup instructions | Subscription requirements |
|---|---|---|
FIDO2 WebAuthn credentials (for example, hardware keys like YubiKeys and Google Titan) | Free for all | |
Authenticator app (for example, Bitwarden Authenticator) | Free for all | |
Free for all | ||
Duo Security with Duo Push, SMS, phone call, and security keys | Requires premium | |
YubiKey OTP (any 4/5 series device or YubiKey NEO/NFC) | Requires premium |
While each user can activate two-step login on their accounts using the methods on the chart above, Teams and Enterprise organizations have additional options:
Method | Setup instructions | Subscription requirements |
|---|---|---|
Duo Security with Duo Push, SMS, phone call, and security keys | Click here. | Requires Teams or Enterprise |
Additionally, Enterprise organizations can require two-step login with a policy, and the same protection can be achieved outside of Bitwarden using your Identity Provider when using Single Sign-On (SSO).
You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:
Duo (organizations)
FIDO2 WebAuthn
YubiKey
Duo (individual)
Authenticator app
Email
warning
Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.
Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button:
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support