⭕Bitwarden
Useful information related to setting up your Yubikey with Bitwarden.
This tutorial requires one device of any in the following categories:
The primary authentication method that Bitwarden utilizes is a simple email and password. However, Bitwarden does support security devices such as the Yubikey.
In order to add a Yubikey to your Bitwarden vault, you must have a Premium account.
❊ tl;dr
You can read a description for all of them below.
❊ Bitwarden vs Vaultwarden
| Bitwarden | Vaultwarden | |
|---|---|---|
Type | Service | Self-Hosted |
Premium Features | Free | |
Open-source | ||
Yubikey Support | ||
Bitwarden Client Support | ||
Difficulty | ||
To host your own Bitwarden server on a spare computer or virtual machine, you can use Vaultwarden as an alternative. However, since Vaultwarden does not store your vault data on Bitwarden's servers; you are responsible for the security. The machine you host Vaultwarden on is the machine that will store your vault data. If your Vaultwarden server is compromised, it's game over.
Should you decide on a self-hosted Vaultwarden solution, all the features of Bitwarden will be available. Including the ability to utilize a Yubikey to secure your account. However, on Vaultwarden, these Premium features are free.
❊ Adding a Yubikey to your Account
If using Bitwarden, please remember that you must have a premium account in order to add two-step authentication such as a Yubikey. Otherwise, these features will be greyed out.
On upper-right side, locate circular avatar with a dropdown arrow and click.
From here, select Account Settings.
Locate Account Settings menu on the left and select Security.
Middle of screen, select Two-step Login.
Center screen, you should see a list of providers you can use for Two-step Authentication.
Authenticator App
Yubikey OTP Security Key
Authenticate with Yubikey's OTP feature. By default, when you press the gold button on your Yubikey, a generated string is spit out. You will need to touch your key and provide the generated Yubikey passcode each time you sign in. This method requires SLOT 1 of your Yubikey to be configured for OTP.
Generated string looks similar to: vvcccacrtduerauianecrdrfakitaigitkglfutbvngn
DUO
FIDO2 WebAuthn
This is the most recommended method for two-step login. It is secure, and is the most recent FIDO protocol. it is made up of two components:
CTAP: Client to Authenticator Protocol
WebAuthn: WC3 Web Authentication
FIDO U2F Security Key
Email
Allows you to access your Bitwarden account by confirming your login via an email. This is not secure compared to other providers.
❊ Priority
If you decide to enable multiple providers for two-step authentication, please be aware that Bitwarden will determine which one to use based on priority that is internally programmed. The following is the order of priority:
❊ Master Password
Your master password is the main password you use to login to your Bitwarden account. It is what gives access to your vault all-together.
Ensure that your master password is completely different from any other password you have used for any website or service. It must be something that cannot be leaked, and it must be strong.
If you use the same password for both Bitwarden and a website such as "Kinky Midget Kingdom" and the website ends up suffering a data breach, your Bitwarden vault password is potentially at risk because of a website that is completely unrelated to Bitwarden due to carelessness on the companies' part. If the password on the website is not stored using a hash, or is stored in the website's database as a plain-text field, the password will now be available for all to see and it is only a matter of time before they match your email address and password to any other service that you may use the same credentials for.
Should you use the same password for multiple layers of security, this defeats the purpose of those layers.
Last updated
