My AccountTwo-step Login

Two-step Login Methods

Using two-step login (also called two-factor authentication, or 2FA) to protect your Bitwarden vault prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. If you are unfamiliar with the basics of 2FA, check out our Field Guide.

There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. In fact, we think it's so important that we are happy to offer a few methods for free.

Two-step login for individuals

The following two-step login methods can be enabled on an individual-by-individual basis from the web vault's Settings Security Two-step login menu:

Free methods

Bitwarden offers several two-step login methods for free, including:

Method

Setup instructions

via FIDO2 WebAuthn credentials

Click here.

via an authenticator app (for example, Bitwarden Authenticator)

Click here.

via email

Click here.

Premium methods

For premium users (including members of paid organizations), Bitwarden offers several advanced two-step login methods:

Method

Setup instructions

via Duo Security with Duo Push, SMS, phone call, and security keys

Click here.

via YubiKey (any 4/5 series device or YubiKey NEO/NFC)

Click here.

Two-step login for teams and enterprise

While all of the above methods can be enabled on an individual-by-individual basis, only teams and enterprise organizations can enable the following methods organization-wide from the Organization Settings menu. You can require your organization's users to use two-step login by enabling the two-step login policy.

Method

Setup instructions

via Duo Security with Duo Push, SMS, phone call, and security keys

Click here.

Using multiple methods

You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:

  1. Duo (organizations)

  2. FIDO2 WebAuthn

  3. YubiKey

  4. Duo (individual)

  5. Authenticator app

  6. Email

    warning

    Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.

Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button:

Use another two-step login method
Use another two-step login method

Suggest changes to this page

How can we improve this page for you?
For technical, billing, and product questions, please contact support

Cloud Status

Check status

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here