Two-step Login via FIDO2 WebAuthnTwo-step login using FIDO2 WebAuthn authenticators is available for premium users, including members of paid Organizations (Families, Teams, or enterprises).
Any FIDO2 WebAuthn Certified authenticator can be used, including Security Keys like YubiKeys, SoloKeys, and Nitrokeys, as well as native biometrics options like Windows Hello and Touch ID.
Existing FIDO U2F security keys will still be usable and will be marked (Migrated from FIDO) on the Two-step Login → Manage FIDO2 WebAuthn dialog.
FIDO2 WebAuthn cannot be used on all Bitwarden applications. Enable another two-step login method to access your vault on unsupported applications. Supported applications include:
Losing access to your two-step login device can permanently lock you out of your vault unless you write down and keep your two-step login recovery code in a safe place or have an alternate two-step login method enabled and available.
Get Your recovery code from the Two-step Login screen immediately after enabling any method.
Select the profile icon and choose AccountSettings from the dropdown:
Select the Security page and the Two-step Login tab:
Locate the FIDO2 WebAuthn option and select the Manage button.
You will be prompted to enter your master password to continue.
Give your security key a friendly Name.
Plug the security key into your device's USB port and select Read Key. If your security key has a button, touch it.
Windows Hello is natively a FIDO2 authenticator. If you're using Windows Hello but want to register a key or other device, you may need to dismiss the native Windows Hello prompt by selecting Cancel on the following screen:
Select Save. A green Enabled the message will indicate that a two-step login using FIDO2 WebAuthn has been successfully enabled and your key will appear with a green checkbox (  ).
Select the Close button and confirm that the FIDO2 WebAuthn option is now enabled, as indicated by a green checkbox (  ).
Repeat this process to add up to 5 FIDO2 WebAuthn security keys to your account.
We recommend keeping your active web vault tab open before proceeding to test the two-step login in case something was misconfigured. Once you've confirmed it's working, log out of all your Bitwarden apps to require a two-step login for each. You will eventually be logged out automatically.
Use FIDO2 WebAuthn
The following assumes that FIDO2 WebAuthn is your highest-priority enabled method. To access your vault using a FIDO2 WebAuthn device:
Log in to your Bitwarden vault and enter your email address and master password.
You will be prompted to insert your security key into your device's USB port. If it has a button, touch it.