Two-step Login FAQs
This article contains frequently asked questions (FAQs) regarding two-step login.
Q: Can I use SMS 2FA?
A: Bitwarden does not support SMS 2FA due to vulnerabilities, including SIM hijacking. We do not recommend SMS 2FA for other accounts unless it is the only available method. Any second factor is recommended over having none, but most alternatives are safer than SMS 2FA.
Q: Can I require my organization's users to use two-step login?
A: You can require your organization's users to use two-step login by enabling the two-step login policy. Additionally, you can setup organization-wide Duo 2FA to ensure that all of your users have a secure two-step login method at their disposal.
Q: Is FIDO U2F or FIDO2 WebAuthn supported on my iOS or Android app?
A: Yes! Please see two-step login via FIDO2 WebAuthn.
Q: Why is Bitwarden not asking for my enabled two-step login method?
A: In most cases, one of two things is happening:
You may be already logged in to Bitwarden and only unlocking your vault. Two-step login is required to log in but not to unlock. For more information on the difference between logging in and unlocking, see Vault Timeout Options#vault-timeout-action.
You may have previously checked the Remember me checkbox on a device when accessing your vault using two-step login.
If you used the Remember me option, you will need to Deauthorize Sessions from your web vault (Settings → My Account) for that device to continue asking for your two-step login method.