Two-step Login Methods

Using two-step login (also called two-factor authentication, or 2FA) to protect your Bitwarden vault prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. If you are unfamiliar with the basics of 2FA, check out our Field Guide.

There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. In fact, we think it's so important that we are happy to offer a few methods for free.

The following two-step login methods can be enabled on an individual-by-individual basis from the web vault's Settings → Security → Two-step login menu:

Bitwarden offers several two-step login methods for free, including:

For premium users (including members of paid organizations), Bitwarden offers several advanced two-step login methods:

While all of the above methods can be enabled on an individual-by-individual basis, only teams and enterprise organizations can enable the following methods organization-wide from the Organization Settings menu. You can require your organization's users to use two-step login by enabling the two-step login policy.

You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:

1. Duo (organizations)

2. FIDO2 WebAuthn

3. YubiKey

4. Duo (individual)

5. Authenticator app

6. Email

   warning

   Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.

Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button: