Bitwarden Yubico

  

I notice that Bitwarden has two different options for setting it up. One is the Yubico way, where the key produces a long OTP, and the other is the FIDO/U2F way where it doesn't produce anything visible. None of these methods ask me for my key PIN (which I've set up and works on some websites), which I assume is a FIDO2-only feature.

  1. Bitwarden Yubikey U2f

Hi there,
I have bitwarden_rs running on a Synology NAS in Docker. I have configured the env parameters for yubikey.
When I want to enable the yubikey in my user account on the web panel, I receive the error Invalid Yubikey OTP provided.
What am I doing wrong? Does the communication with the standard yubikey server work? How can I check that.
When I perform a test with my yubikey on https://demo.yubico.com/otp/verify all looks good.
I have also generated the OTP into notepad and copied it manually into the web interface - but always the same result.
Any ideas are appreciated
Thanks,
Sebastian

Reading Time: 3minutesDocker

Introduction

Yubico and Bitwarden? Posted by 12 months ago. Yubico and Bitwarden? Hello, I use bitwarden with Firefox on my PC. Each time I launch Firefox I need to re-enter my strong password. Is a solution like Yubico can avoid entering my password? Yubico has been a major contributor to the development of open standards for authentication from the initial development of the U2F specification to the latest W3C approved WebAuthn. As we see more services upgrade to modern authentication standards, we can’t help but share in the excitement. Errors include Yubikey OTP disabled, Yubico client id or secret key environment variable not set. If we all need to have access to all our customer's credentials in Bitwarden, we'd have to create 100 organizations with 3 users each. That's $900 per month before even a single customer actually received access to their credentials. Bitwarden, Inc., parent company of 8bit Solutions LLC, brings you Bitwarden. Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. The websites and apps that you use are under attack every day.

Password Managers is still a necessity in 2020, and will be for a long time. I’ve been using Bitwarden with YubiKeys for a while now, so it was about time to share some experience, and how easy it’s to get started.

Bitwarden https://bitwarden.com/ is an Open Source Password Manager that is hosted on GitHub https://github.com/bitwarden. This means that you have full control over source code, and you also could contribute to the project. With Bitwarden you can simply self-host it, or run their Organization Plans that is hosted on Azure https://bitwarden.com/help/article/cloud-server-security/. Bitwarden offers different Organization Plans. To see what fits your demand go to https://bitwarden.com/#organizations. The Enteprises Plan supports Azure AD integration. I will cover this in another blog post.

Bitwarden yubikey ios

Configure Bitwarden with your Favorite FIDO key

Bitwarden self hosted yubikey

Bitwarden supports a whole range of Providers. When enabling 2FA you will also be prompted to download recover Code. Download these first, before proceeding to the 2FA setup! And Keep the Recovery codes safe, in case things went south!

To configure your FIDO key with YubiKey.
Go to:
1) Settings
2) Two-step Login
3) Manage

Just add your YubiKey with the Touch/Tap were it will populate the OTP or U2F, I recommend at least two YubiKeys, in case you lose your primary key. With the second backup key you can access your account if you ever lost your key! Yes, that will eventually happen 🙂 You could also configure Bitwarden with another supported OTP/U2F key if you have another brand in your possession. If you do not have one, Authenticator Apps like Authy, Google, Duo is supported as well.

The list of supported Yubico keys that will works with Bitwarden https://www.yubico.com/works-with-yubikey/catalog/bitwarden-premium/ Sm465 transmission.

If you need to support an NFC compatible key, use the NFC support. I have NFC supported key, so I can access the Bitwarden on go with my Phone.

Test Login

After you have saved the settings, it’s time to test the login from your browser of preference. The login site https://vault.bitwarden.com

Bitwarden yubikey free

Let’s also test a login with iOS with an NFC compatible YubiKey

Summary

It’s without doubt that configuring 2FA with Bitwarden is straightforward with some simple steps. Just remember! Do not only configure one single YubiKey, that is not good practice.

Bitwarden is feature-packed and should tick all your boxed if you have strong requirements for a password manager. With the wide range of supported OTP/U2F, I think this password manger will make you delighted for a long time. And yes, it’s Open Source that is a big bonus!

Bitwarden Yubikey U2f

Documentation