It seems to me that having the 2FA tokens saved in Bitwarden right next to the password and username kind of defeats the purpose of having 2FA in the first place. If the worst happens and someone breaks my vault, they have my username, password and 2FA tokens so they can log in with no challenge. Bitwarden's free edition supports 2FA via Google Authenticator or a workalike such as Duo Mobile. Most two-factor systems require you to set up some kind of backup, such as a mobile number that. Using Two-step Login (also called Two-factor Authentication, or 2FA) to protect your Bitwarden Vault prevents a malicious actor from accessing your Vault even if they discover your Master Password by requiring authentication from a secondary device when you log in. If you’re unfamiliar with the basics of 2FA, check out our Field Guide.
Hello,
I recently installed Bitwarden_RS. If a user has two factor authentication enabled, the login fails from the Android-App and from the Web-Vault. It is not possible to enter a token. The server-time is correct. If the user only has enabled e-mail verification, an e-mail with a code is send.
Nov 15, 2019 Two-factor authentication (2FA) Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices. Check out our 'what is 2FA' page if you are new to this.
My environment:
Bitwarden_RS version: 1.15.0-52ed8e4d
Bitwarden Web version: 2.14.0
Install method: Docker image
Reverse proxy: Apache/2.4.38 (Debian Buster)
Relevant logs:
[2020-06-14 20:04:48][request][INFO] POST /api/accounts/prelogin
[2020-06-14 20:04:48][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
[2020-06-14 20:04:48][request][INFO] POST /identity/connect/token
[2020-06-14 20:04:48][error][ERROR] 2FA token not provided
[2020-06-14 20:04:48][response][INFO] POST /identity/connect/token (login) => 400 Bad Request
docker-compose.yml:
Pastebin
Thank you very much!
Install Authy
The best way to manage all your 2FA accounts is to use the Authy app. It enables you to have a single mobile app for all your 2FA accounts and you can sync them across multiple devices, even accessing them on the desktop. Install Authy on your device by searching for it in your device’s app store.
Important: If any sites prompt you to use Google Authenticator for two-factor authentication, note that you can always substitute the Authy 2FA app instead. Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, cloud-backups, and easier account recovery should you change or lose your phone or device. Read more information on the features of Authy here.
Locate 2FA
When logged into your Bitwardenaccount, click on the “Down” arrow to the right of your account icon (or the generic image if you haven’t added an image yet.). Then click “My Account.”
In the next window, in the left-side navigation, click “Two-step Login.”
On the next page, take a moment to view and make a note of your Recovery Code. You will need this code if you ever lose the device that you access your authy accounts with. Once you have stored your recovery code in a safe place, scroll down and click “Manage” alongside the section for Authenticator App.
Before continuing, you will be required to re-enter your Bitwarden Master Password. Click “Continue” when finished.
You will now be presented with a QR code which you will need to capture with your Authy app. Keep this window open as you reach for your Authy-enabled device.
Enable 2FA
To capture the QR code, launch Authy on your device. Click ‘Add Account’ at the bottom of the screen. You’ll be prompted to hold your phone up to your computer to ‘Scan QR Code’ and capture the QR code provided by Bitwarden.
Once the QR code is captured, Authy will display your Bitwarden account with the appropriate icon. If you desire you can also change the logo or the nickname you give the account right on the Authy app. When ready, click ‘Save’.
2fa Bitwarden Code
With your Authy app still opened to your Bitwarden 2FA account, return to the Bitwarden screen showing the QR code and enter the 6-digit code. When done, click “Enable.”
Finish Setup
Bitwarden 2fa Android
Once you click “Done,” you’ve completed enabling two-factor authentication on your Bitwarden account, which is now secured with Authy 2FA. From now on, you will need to use the Authy app when you login.