Bitwarden - Expanded 2FA with FIDO2 and broader biometrics add security and usability options

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
This latest release continues the Bitwarden mission of making password management easy and accessible for individuals and businesses. New features, such as FIDO2 WebAuthn Support for Browser Extensions and Biometrics for Safari, provide more flexibility for users to be productive on the devices and browsers they prefer. Bitwarden Send also includes enhancements based on community feedback and cybersecurity needs.

More details of what’s included in the release are outlined in the release notes.
  • FIDO2 WebAuthn for Browser Extensions
  • Biometrics for Safari
  • Expanded Privacy and Security with Bitwarden Send
  • Optimized Language Support
Availability:
These updates are currently being rolled out across Bitwarden clients.
Read more on Bitwarden's blog post:
Release Notes:
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

How to configure Two-Step Login via FIDO2 WebAuthn in Bitwarden​

To set up FIDO2 WebAuthn, do the following:
  1. Open the Bitwarden website and log in to the account.
  2. Select the profile icon in the upper right corner and then Account Settings.
  3. Switch to Security and then the Two-step Login tab.
  4. There, all available two-factor authentication options are listed.
  5. To use WebAuthn, activate the manage button next to it.
  6. Type the master password for confirmation.
  7. Select a name for this security key or biometric authentication option. Now, pick one of the following options:
    1. Plug the security key into the USB port of the device and select "Read Key". If the key has a button, it needs to be touched.
    2. Use native biometric authentication, e.g., Windows Hello. Select Read Key, and authenticate using Windows Hello or Touch ID.
  8. Select Save to complete the process.
  9. On the Two-step login Settings page, select "View recovery code".
  10. Type the master password.
  11. Write down or print the code, as it is used to gain access to Bitwarden's vault, even if the two-step login method is no longer available (e.g., device lost, PC stolen).
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Earlier this month, I wrote a tutorial on enabling the upcoming security standard WebAuthn in Bitwarden as a two-step login protection. WebAuthn, which stands for Web Authentication, is integrated into operating systems, browsers and other programs.

One of the shortcomings of the standard is, that it is not available universally at the time. Bitwarden users who set the authentication feature up on a device may notice that they lock themselves out on other devices.

This may happen under two circumstances:
  • The "other" device or software does not support WebAuthn yet.
  • Operating system specific authentication options, such as a Windows Hello Pin, were selected for authentication.
When I set up WebAuthn in Bitwarden on my work laptop, I configured it to use the Windows Hello Pin. The other option, using a security key, was not selected at the time. Attempts to sign-in to Bitwarden on other devices, even other Windows devices, were met with a prompt to enter a security key for authentication. The Windows Hello Pin is valid only on the device it is set up on.

Once WebAuthn is set up, Bitwarden users may run into this issue. The only way to resolve this is to add a second two-factor authentication option to the account, which may then be used on other devices. Bitwarden users who have access to a security key, e.g. a Yubikey, may use that method as well, but it may still lead to issues on devices that do not support WebAuthn.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top