Two-step Login via YubiKey | Bitwarden Help Center (2024)

Two-step login using YubiKey is available for premium users, including members of paid organizations (families, teams, or enterprise). Any YubiKey that supports OTP can be used. This includes all YubiKey 4 and 5 series devices, as well as YubiKey NEO and YubiKey NFC. You can add up to five YubiKeys to your account.

To enable two-step login using Yubikey:

1. Log in to your web vault.

2. Select the profile icon and choose Account Settings from the dropdown:

   

   

3. Select the Security page and the Two-step Login tab:

   

   See Also

   Hardware-backed protection for your password managerNot using a password manager? Here’s why you should be…Best Password Managers of 2023Best Offline Storage Devices of 2024 - Best Reviews

   

4. Locate the YubiKey OTP Security Key option and select the Manage button.

   

   

   You will be prompted to enter your master password to continue.

5. Plug the YubiKey into your computer's USB port.

6. Select the first empty YubiKey input field in the dialog in your web vault.

7. Touch the Yubikey's button.

   If you will be using the YubiKey for a NFC-enabled mobile device, check the One of my keys supports NFC checkbox.

8. Select Save. A green Enabled message will indicate that two-step login using YubiKey has been enabled.

9. Select the Close button and confirm that the YubiKey OTP Security Key option is now enabled, as indicated by a green checkbox (  ).

Repeat this process to add up to 5 YubiKeys to your account.

If you're an organization administrator, you'll need to configure a pair of environment variables in global.override.env in order to allow calls to be made to the YubiKey OTP API:

The following assumes that YubiKey is your highest-priority enabled method. To access your vault using a YubiKey:

1. Log in to your Bitwarden vault on any app and enter your email address and master password.

   You will be prompted to insert your YubiKey into your computer's USB port or hold your YubiKey against the back of your NFC-enabled device:

   

   

   tip

   Check the Remember Me box to remember your device for 30 days. Remembering your device will mean you won't be required to complete your two-step login step.

   If you are using a non-NFC YubiKey on a mobile device:

   1. Plug your YubiKey into the device.

   2. Tap Cancel to end the NFC prompt.

      

      

   3. Tap the text input field, denoted by a gray underline.

   4. Tap or press your YubiKey button to insert your code.

2. Select or tap Continue to finish logging in.

You will not be required to complete your secondary two-step login step to unlock your vault once logged in. For help configuring log out vs. lock behavior, see vault timeout options.

If your YubiKey's NFC functionality isn't working properly:

Check that NFC is enabled:

1. Download YubiKey Manager.

2. Plug the YubiKey into your device.

3. Select the Interfaces tab, and check that all boxes in the NFC section are checked.

Check that NFC is configured properly:

1. Download the YubiKey personalization tool.

2. Plug the YubiKey into your device.

3. Select the Tools tab.

4. Select the NDEF Programming button.

5. Select the the configuration slot you would like the YubiKey to use over NFC.

6. Select the Program button.

(Android-only) Check the following:

• That you checked the One of my keys supports NFC checkbox during setup.

• That your Android device supports NFC and is known to work properly with YubiKey NEO or YubiKey 5 NFC.

• That you have NFC enabled on your Android device (Settings → More).

• That your keyboard layout/format/mode is set to QWERTY.