Two-step Login Methods

Using two-step login (also called Two-factor Authentication, or 2FA) to protect your Bitwarden vault prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. If you're unfamiliar with the basics of 2FA, check out our Field Guide.

There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. In fact, we think it's so important that we're happy to offer a few methods for free.

Two-step Login for Individuals

The following two-step login methods can be enabled on an individual-by-individual basis from the web vault's Settings menu.

Free Methods

Bitwarden offers several two-step login methods for free, including:

Premium Methods

For premium users (including members of Paid Organizations), Bitwarden offers several advanced two-step login methods:

Two-step Login for Teams and Enterprise

While all of the above methods can be enabled on an individual-by-individual basis, Teams and Enterprise Organizations can enable the following methods Organization-wide from the Organization Settings menu.

Using Multiple Methods

You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:

1. Duo (Organizations)

2. FIDO2 WebAuthn

3. YubiKey

4. Duo (Individual)

5. Authenticator app

6. Email

   warning

   Two-step login via email is not recommended if you're using Login with SSO as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.

Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button: