Two-step Login Methods

Category: Two-step Login
On this page:

    Using Two-step Login (also called Two-factor Authentication, or 2FA) to access your Bitwarden Vault protects all your logins by preventing a malicious actor from accessing Vault items, even if they discover your Master Password. Since your Password Manager stores all your logins, we highly recommend that you secure it with Two-step Login.

    Enabling Two-step Login will require you to complete a secondary step each time you Log In, in addition to entering your Master Password. You will not be required to complete the secondary step to Unlock your Vault. For help configuring Log Out vs. Lock behavior, see Vault Timeout Options.

    Available Methods

    In the Web Vault, enable Two-step Login methods from the Settings menu.

    Free Methods

    Bitwarden offers several Two-step Login methods for free, including:

    Method Setup Instructions
    via an Authenticator app (for example, Authy or Google Authenticator) Click here.
    via Email Click here.

    Premium Methods

    For Premium users (including members of Paid Organizations), Bitwarden offers several advanced Two-step Login methods:

    Method Setup Instructions
    via Duo Security with Duo Push, SMS, phone call, and U2F security keys Click here.
    via YubiKey (any 4/5 series device or YubiKey NEO/NFC) Click here.
    via FIDO U2F (any FIDO U2F certified key) Click here.

    Using Multiple Methods

    You can choose to enable multiple Two-step Login methods. Logging in to Bitwarden will prompt for your highest-priority enabled Two-step Login method, according to the following order of preference:

    1. FIDO U2F
    2. YubiKey
    3. Duo
    4. Authenticator App
    5. Email

    You can swap to a lower-preference method by selecting the Use another two-step login method button:

    Use another two-step login method
    Use another two-step login method

    Was this helpful?

    Rate this article: