Two-step Login Methods
Using two-step login (also called two-factor authentication, or 2FA) to protect your Bitwarden vault prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. If you are unfamiliar with the basics of 2FA, check out our Field Guide.
There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. In fact, we think it's so important that we are happy to offer a few methods for free.
The following two-step login methods can be enabled on an individual-by-individual basis from the web vault's Account Settings menu.
Bitwarden offers several two-step login methods for free, including:
For premium users (including members of paid organizations), Bitwarden offers several advanced two-step login methods:
While all of the above methods can be enabled on an individual-by-individual basis, only teams and enterprise organizations can enable the following methods organization-wide from the Organization Settings menu. You can require your organization's users to use two-step login by enabling the two-step login policy.
via Duo Security with Duo Push, SMS, phone call, and security keys
You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:
Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button: