Two-step Login Methods
Using two-step login (also called two-factor authentication, or 2FA) to protect your Bitwarden vault prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. If you are unfamiliar with the basics of 2FA, check out our Field Guide.
There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. In fact, we think it's so important that we are happy to offer a few methods for free.
The following two-step login methods can be enabled on an individual-by-individual basis from the web vault's Settings → Security → Two-step login menu:
Bitwarden offers several two-step login methods for free, including:
Method | Setup instructions |
---|---|
via FIDO2 WebAuthn credentials | Click here. |
via an authenticator app (for example, Bitwarden Authenticator) | Click here. |
via email | Click here. |
For premium users (including members of paid organizations), Bitwarden offers several advanced two-step login methods:
While all of the above methods can be enabled on an individual-by-individual basis, only teams and enterprise organizations can enable the following methods organization-wide from the Organization Settings menu. You can require your organization's users to use two-step login by enabling the two-step login policy.
Method | Setup instructions |
---|---|
via Duo Security with Duo Push, SMS, phone call, and security keys | Click here. |
You can enable multiple two-step login methods. When you log in to a vault that has multiple enabled methods, Bitwarden will prompt you for the highest-priority method according to the following order of preference:
Duo (organizations)
FIDO2 WebAuthn
YubiKey
Duo (individual)
Authenticator app
Email
warning
Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.
Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button:
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support