bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-16 16:23:20 +00:00
Code Issues Releases Wiki Activity

two-step login articles

Browse Source
This commit is contained in:
Kyle Spearrin
2017-07-25 12:23:18 -04:00
parent 28aba5a9e7
commit 3a30073fb9
7 changed files with 200 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
_articles/account/lost-two-step-device.md
View File

@@ -7,8 +7,22 @@ popular: false
tags: [two-step login, 2fa, two factor authentication, account] tags: [two-step login, 2fa, two factor authentication, account]
--- ---
If you have lost access to the device that you use for two-step login (2FA) you can recover your account using your two-step login **recovery code**. The recovery code is a 32 character alpha-numeric code that was given to you when you activated two-step login in the web vault. Visit <https://vault.bitwarden.com/#/recover> to complete the recovery process. If you have lost access to the device or method that you use for two-step login (2FA) you can recover your account using your two-step login **recovery code**.
The recovery code is a 32 character alpha-numeric code. You can get your two-step login recovery code in the [web vault](https://vault.bitwarden.com) under **Settings** -> **Two-step Login**, then click the **View Recovery Code** button. We recommend that your print your recovery code and keep it in a safe place.
{% warning %}
Without your recovery code, two-step login can permanently lock you out of your bitwarden account. It is very important to have your recovery code if you plan to use two-step login.
{% endwarning %}
## Recovering Your Account
Visit <https://vault.bitwarden.com/#/recover> to complete the recovery process.
The recovery process will deactivate two-step login on the account so that you can log in without requiring the normal two-step login verification code. You will need to re-enable two-step login in the web vault if you wish to continue using it after recovering the account. The recovery process will deactivate two-step login on the account so that you can log in without requiring the normal two-step login verification code. You will need to re-enable two-step login in the web vault if you wish to continue using it after recovering the account.
If you do not have your recovery code, unfortunately there is no way to fully recover the account. The only option to gain access to the account again is to have the account deleted by [contacting bitwarden support](https://bitwarden.com/contact) so that you can register again and start over. Note that deleting the account will also delete all of your stored login data associated with the account. If you still have an active login session open in the browser extension you can export your data from **Tools** -> **Export Vault** so that you can import it back in after the account has been deleted and you have registered again. If you do not have your recovery code, unfortunately there is no way to fully recover the account. The only option to gain access to the account again is to have the account deleted by [contacting bitwarden support](https://bitwarden.com/contact) so that you can register again and start over. Note that deleting the account will also delete all of your stored login data associated with the account.
{% tip %}
If you still have an active login session open in the browser extension you can export your data from **Tools** -> **Export Vault** so that you can import it back in after the account has been deleted and you have registered again.
{% endtip %}

33
_articles/account/setup-two-step-login-authenticator.md Normal file
View File

@@ -0,0 +1,33 @@
---
layout: article
title: Set up two-step login with an authenticator app
categories: [Account Management]
featured: false
popular: true
tags: [two-step login, 2fa, two factor authentication, account, google authenticator, authy, totp]
---
bitwarden supports two-step login by using a third-party authenticator app such as [Authy](https://authy.com/){:target="_blank"} or [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en){:target="_blank"}.
## Enable Two-step Login with Authenticator App
{% warning %}
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in a safe place in the event that you lose access to your authenticator app.
{% endwarning %}
1. Log in to the web vault at <https://vault.bitwarden.com>
2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**.
3. Select the **Authenticator** option and then type in your master password to continue.
4. Follow the steps that appear
- Download an authenticator app (usually on your mobile device). We recommend [Authy](https://authy.com/){:target="_blank"}.
- Scan the QR code with the app.
- Enter the verification code from the app.
5. Click the **Enable** button. A green alert will appear at the top stating that two-step login has been enabled.
6. Click the **Close** button and confirm that the **Authenticator** option now shows as **Enabled**.
## Test
1. **IMPORTANT:** Ensure that you have copied down your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in case something goes wrong.
2. Log out of the bitwarden web vault.
3. Log back into the bitwarden web vault. You should now be prompted with an authenticator two-step login option.
4. Authenticator protection works with all bitwarden applications (web, mobile, desktop, browser). Log out of and back in to any other bitwarden applications that you are using to confirm that two-step login via authenticator app is properly working. You will eventually be logged out automatically.

25
_articles/account/setup-two-step-login-duo.md
View File

@@ -1,7 +1,7 @@
--- ---
layout: article layout: article
title: Set up two-step login with Duo Security title: Set up two-step login with Duo Security
categories: [Getting Started, Account Management] categories: [Account Management]
featured: false featured: false
popular: true popular: true
hidden: true hidden: true
@@ -37,29 +37,30 @@ It is recommended to install the free [Duo Mobile](https://duo.com/product/trust
## Enable Two-step Login with Duo ## Enable Two-step Login with Duo
{% warning %} {% warning %}
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your two-step login **recovery code** in a safe place in the event that you lose access to your normal two-step login methods. Two-step login can permanently lock you out of your account. It is very important that you write down and keep your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in a safe place in the event that you lose access to your normal two-step login methods.
{% endwarning %} {% endwarning %}
1. Log in to the web vault at <https://vault.bitwarden.com>. 1. Log in to the web vault at <https://vault.bitwarden.com>.
2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**. 2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**.
4. Select the **Duo** option and then type in your master password to continue. 3. Select the **Duo** option and then type in your master password to continue.
{% image two-step/duo/select.png %} {% image two-step/duo/select.png %}
5. Enter the configuration information provided from the Duo Admin **Web SDK** application that was set up earlier: **Integration Key**, **Secret Key**, and **API Hostname**. 4. Enter the configuration information provided from the Duo Admin **Web SDK** application that was set up earlier: **Integration Key**, **Secret Key**, and **API Hostname**.
{% image two-step/duo/config.png %} {% image two-step/duo/config.png %}
6. Click **Save** to enable Duo. 5. Click the **Enable** button. A green alert will appear at the top stating that two-step login has been enabled.
7. Click the **Close** button and confirm that the Duo option now shows as **Enabled**. 6. Click the **Close** button and confirm that the **Duo** option now shows as **Enabled**.
{% image two-step/duo/enabled.png %} {% image two-step/duo/enabled.png %}
## Log In, Enroll, and Test ## Enroll and Test
1. Log out of the bitwarden web vault. 1. **IMPORTANT:** Ensure that you have copied down your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in case something goes wrong.
2. Log back into the bitwarden web vault. You should now be prompted with a Duo two-step login option. 2. Log out of the bitwarden web vault.
3. Upon your first login using Duo you may be prompted to enroll your bitwarden account and device(s) with Duo. Complete the Duo enrollment process following the on-screen instructions. 3. Log back into the bitwarden web vault. You should now be prompted with a Duo two-step login option.
4. Upon your first login using Duo you may be prompted to enroll your bitwarden account and device(s) with Duo. Complete the Duo enrollment process following the on-screen instructions.
{% image two-step/duo/enroll1.png %} {% image two-step/duo/enroll1.png %}
{% image two-step/duo/enroll2.png %} {% image two-step/duo/enroll2.png %}
4. After enrolling you can log in with Duo. 5. After enrolling you can log in with Duo.
{% image two-step/duo/login.png %} {% image two-step/duo/login.png %}
5. Duo security protection working with all bitwarden applications (web, mobile, desktop, browser). Log out of and back in to any other bitwarden applications that you are using to confirm that Duo is properly working. You will eventually be logged out automatically. 6. Duo security protection works with all bitwarden applications (web, mobile, desktop, browser). Log out of and back in to any other bitwarden applications that you are using to confirm that two-step login via Duo is properly working. You will eventually be logged out automatically.
Browser extension Browser extension
{% image two-step/duo/browser.png %} {% image two-step/duo/browser.png %}

31
_articles/account/setup-two-step-login-email.md Normal file
View File

@@ -0,0 +1,31 @@
---
layout: article
title: Set up two-step login with email
categories: [Account Management]
featured: false
popular: true
tags: [two-step login, 2fa, two factor authentication, account, email, totp]
---
bitwarden supports two-step login via email. A verification code will be emailed to you during login.
## Enable Two-step Login with Email
{% warning %}
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in a safe place in the event that you lose access to your email.
{% endwarning %}
1. Log in to the web vault at <https://vault.bitwarden.com>
2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**.
3. Select the **Email** option and then type in your master password to continue.
4. Enter an email address that you would like to use that will receive verification codes during login. You can use the same email address that you use for your bitwarden account or any other email address. Click the **Send Email** button to send a test verification code to that email address.
5. Check your email inbox for the verification code and then enter it into bitwarden for confirmation.
6. Click the **Enable** button. A green alert will appear at the top stating that two-step login has been enabled.
7. Click the **Close** button and confirm that the **Email** option now shows as **Enabled**.
## Test
1. **IMPORTANT:** Ensure that you have copied down your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in case something goes wrong.
2. Log out of the bitwarden web vault.
3. Log back into the bitwarden web vault. You should now be prompted with an email two-step login option.
4. Email protection works with all bitwarden applications (web, mobile, desktop, browser). Log out of and back in to any other bitwarden applications that you are using to confirm that two-step login via email is properly working. You will eventually be logged out automatically.

43
_articles/account/setup-two-step-login-u2f.md Normal file
View File

@@ -0,0 +1,43 @@
---
layout: article
title: Set up two-step login with FIDO U2F
categories: [Account Management]
featured: false
popular: true
tags: [two-step login, 2fa, two factor authentication, account, u2f, fido]
---
bitwarden supports two-step login via [FIDO U2F](https://www.yubico.com/solutions/fido-u2f/){:target="_blank"}. Any FIDO U2F certified device will work. We recommend a [YubiKey](https://www.yubico.com/products/yubikey-hardware/){:target="_blank"}.
{% note %}
Due to platform limitations, FIDO U2F cannot be used on all bitwarden applications. You should enable another two-step login provider so that you can access your account when FIDO U2F cannot be used.
Supported platforms:
- Web vault on a desktop/laptop with a U2F enabled browser (Chrome, Opera, Vivaldi, Brave, or [Firefox with addon](https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/){:target="_blank"}).
- Browser extensions on Chrome, Opera, Vivaldi, or Brave.
{% endnote %}
## Enable Two-step Login with FIDO U2F
{% warning %}
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in a safe place in the event that you lose access to your FIDO U2F security key.
{% endwarning %}
1. Log in to the web vault at <https://vault.bitwarden.com>
2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**.
3. Select the **FIDO U2F Security Key** option and then type in your master password to continue.
4. Follow the instructions shown:
- Plug the security key into your computer's USB port.
- If the security key has a button, touch it.
You will receive a success message when your key has been properly read. Click the **Try again** button if it fails.
5. Click the **Enable** button. A green alert will appear at the top stating that two-step login has been enabled.
6. Click the **Close** button and confirm that the **FIDO U2F Security Key** option now shows as **Enabled**.
## Test
1. **IMPORTANT:** Ensure that you have copied down your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in case something goes wrong.
2. Log out of the bitwarden web vault.
3. Log back into the bitwarden web vault. You should now be prompted with a FIDO U2F two-step login option. Insert your FIDO U2F security key (if it has a button, touch it) to complete logging in.
4. Log out of and back in to any other bitwarden applications that you are using to confirm that two-step login via FIDO U2F is properly working. You will eventually be logged out automatically. If the application (or device) your are using does not support FIDO U2F you will be presented with other two-step login options that you have configured (if any).

57
_articles/account/setup-two-step-login-yubikey.md Normal file
View File

@@ -0,0 +1,57 @@
---
layout: article
title: Set up two-step login with YubiKey
categories: [Account Management]
featured: false
popular: true
tags: [two-step login, 2fa, two factor authentication, account, yubikey, yubi, yubico]
---
bitwarden supports two-step login via [YubiKey](https://www.yubico.com){:target="_blank"}. Any YubiKey that supports [OTP capabilities](https://www.yubico.com/products/yubikey-hardware/compare-yubikeys/){:target="_blank"} can be used. This includes all YubiKey 4 series devices as well as YubiKey NEO.
{% note %}
Due to platform limitations, YubiKeys cannot be used on all bitwarden applications. You should enable another two-step login provider so that you can access your account when YubiKeys cannot be used.
Supported platforms:
- Web vault on a device with a USB port that can accept your YubiKey.
- Browser extensions.
- Android on a device with [NFC capabilities](https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices){:target="_blank"}. Read more [here](https://forum.yubico.com/viewtopic.php?f=26&t=1302){:target="_blank"}.
{% endnote %}
## Enable Two-step Login with YubiKey
{% warning %}
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in a safe place in the event that you lose access to your YubiKey.
{% endwarning %}
1. Log in to the web vault at <https://vault.bitwarden.com>
2. Click **Settings** on the sidebar. Click **Two-step Login** in the sub-menu that opens under **Settings**.
3. Select the **YubiKey OTP Security Key** option and then type in your master password to continue.
4. Follow the instructions shown:
- Plug the YubiKey (NEO or 4 series) into your computer's USB port.
- Select in the first empty Key input field.
- Touch the YubiKey's button.
Repeat this process for each YubiKey you wish to add to your account. You can add up to three YubiKeys to your account.
5. If you are using a YubiKey that has NFC capabilities (YubiKey NEO), check the **One of my keys supports NFC** checkbox. This option enables the use of your YubiKey on Android devices that support NFC.
6. Click the **Enable** button. A green alert will appear at the top stating that two-step login has been enabled.
7. Click the **Close** button and confirm that the **YubiKey OTP Security Key** option now shows as **Enabled**.
## Test
1. **IMPORTANT:** Ensure that you have copied down your [two-step login recovery code]({% link _articles/account/lost-two-step-device.md %}) in case something goes wrong.
2. Log out of the bitwarden web vault.
3. Log back into the bitwarden web vault. You should now be prompted with a YubiKey two-step login option. Insert your YubiKey and touch it's button to complete logging in.
4. Log out of and back in to any other bitwarden applications that you are using to confirm that two-step login via YubiKey is properly working. You will eventually be logged out automatically. If the application (or device) your are using does not support YubiKey you will be presented with other two-step login options that you have configured (if any).
## Android
If you are having trouble getting the YubiKey NEO to work on your Android device, confirm the following:
1. You have checked the **One of my keys supports NFC** checkbox from step 5 above.
2. Your Android device [supports NFC](https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices){:target="_blank"} and is [known to work properly](https://forum.yubico.com/viewtopic.php?f=26&t=1302){:target="_blank"} with YubiKey NEO.
3. You have NFC enabled on your Android device. Enable NFC by going to Android **Settings** -> **More** and enable the **NFC** option.
If the YubiKey NEO can be used on your Android device you will be prompted with a YubiKey option while logging in to bitwarden. Simply place the YubiKey NEO on the back of your Android device near the NFC receiver. If you do not know where your NFC receiver is located, you may need to move it around some, trying different areas. Once bitwarden detects the YubiKey it will automatically validate and log you in.

30
_articles/account/setup-two-step-login.md
View File

@@ -7,28 +7,12 @@ popular: true
tags: [two-step login, 2fa, two factor authentication, account] tags: [two-step login, 2fa, two factor authentication, account]
--- ---
Two-step login (or two-factor authentication) greatly increases the security of your account by requiring you to enter (in addition to your master password) a verification code generated from another app each time you log in. We recommend that all users activate and use two-step login with their bitwarden account. Two-step login (or two-factor authentication) greatly increases the security of your account by requiring you to complete a secondary step while logging into bitwarden (in addition to your master password). Even if someone were to discover your master password, they could not log into your bitwarden account without access to the secondary step. You can read more about [two-step login here](https://en.wikipedia.org/wiki/Multi-factor_authentication){:target="_blank"}. We recommend that all users activate and use two-step login with their bitwarden account.
bitwarden supports two-step login by using a third-party authenticator app such as [Authy](https://authy.com/) or [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en). Two-step login can only be configured from the [web vault](https://vault.bitwarden.com). bitwarden supports two-step login using the following methods:
## Enable Two-step Login - Authenticator app such as [Authy](https://authy.com/){:target="_blank"} or [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en){:target="_blank"}, [&rarr; setup]({% link _articles/account/setup-two-step-login-authenticator.md %})
- Email, [&rarr; setup]({% link _articles/account/setup-two-step-login-email.md %})
{% warning %} - Duo Security with Duo Push, SMS, phone call, and U2F security keys, [&rarr; setup]({% link _articles/account/setup-two-step-login-duo.md %})
Two-step login can permanently lock you out of your account. It is very important that you write down and keep your two-step login **recovery code** in a safe place in the event that you lose access to your authenticator app (see below for details). - YubiKey (any 4 series device or YubiKey NEO), [&rarr; setup]({% link _articles/account/setup-two-step-login-yubikey.md %})
{% endwarning %} - FIDO U2F (any FIDO U2F certified key), [&rarr; setup]({% link _articles/account/setup-two-step-login-u2f.md %})
1. Log in to the web vault at <https://vault.bitwarden.com>
2. Click **Settings** on the sidebar
3. Click **Manage Two-step Log in** under the **Two-step Log In** panel
4. Type in your current password and click **Continue**
5. Follow the steps that appear
- Download a two-step verification app (usually on your mobile device). We recommend [Authy](https://authy.com/){:target="_blank"}.
- Scan the QR code with the verification app.
- Enter the verification code from the app.
6. Click **Enable Two-step**. Note:
- A green alert will appear at the top stating that two-step login has been enabled; and
- **Very Important**: An orange alert will appear at the bottom with a recovery code. DO NOT IGNORE THIS.
7. Print or write down the recovery code and store it in a safe place. This code is **REQUIRED** to restore your account in the event that you lose access to your verification app (ex. your phone is lost). If you lose access to your verification app and do not have your recovery code, bitwarden support will not be able to assist you in recovering your account. The only option will be to delete your account and start over.
8. Click **Close** and then **Log Out**
9. Log in to confirm that two-step verification is enabled and working
10. Log out of and back in to any other bitwarden applications that you are using. You will eventually be logged out automatically.