I bought a Yubikey 5c NFC and enabled the security key for my browser. However, I’m confused about multifactor authentication when it comes to the Android app. The Settings page takes you to the web app for Two-step login, which I’ve already configured. The Unlock options for the Android app are Biometrics or PIN code. Is there no way to secure the Android app with the Yubikey?
If you have the NFC key registered for 2FA, if you log out of the BW app then you’ll have to reapply the key to the back of the phone for the 2FA (I’m pretty sure, I generally just let mine Lock on the phone). But when you unlock, it’s either the biometrics or PIN, whichever you selected.
I’m lost trying to use a Yubikey for MFA (2FA?) login for the Android app on my Samsung Galaxy Note20 Ultra phone. I am a newbie in the Bitwarden world, as well as secure authentication in general. I have the same issue as Steve_Sharpe trying to use a Yubikey 5c NFC on my phone. I set up the Windows Bitwarden (Opera browser) to require a Yubikey during login; but my phone only requires the Master Password, and, as Steve_Sharpe mentions the Android app redirects me to a web app trying to set up the Two-step login.
Any suggestions? Again, I am a newbie at this and still easily confused by the terminology. Thanks!
Okay, I’m not sure why, but on my 4th or 5th Bitwarden Android app login it finally required the Yubikey NFC authentication to finish the login.
Is there a way to ensure it requires the Yubikey for Android login at all times?
Thanks,
Jim L
@RPN_Guy Hi!
Well, if we are talking about this Two-step Login via FIDO2 WebAuthn | Bitwarden Help Center and you successfully added your YubiKeys, then I would think, that it maybe had to “sync” with the local data of your Android app at first, especially if you set it up right before logging out and logging back in again in the Android app. (PS: Or put in other words: it may have been a “hiccup”, that it didn’t work immediately as it should.)
If you have enabled 2FA, then that’s for your complete Bitwarden account - regardless of the app you are trying to login with (web vault, mobile app, browser extension, desktop app…). So as long as you don’t check “remember me” for the 2FA, then with every login to your Bitwarden account (with any Bitwarden app) it should require the second factor.
Apart from that, just for locking or rather unlocking the vault via one of the apps also doesn’t require your 2FA.
So, maybe test for yourself, if when you log out (and not just lock) on the mobile app, without “remember me”, you always get the request for 2FA…
Nail1684,
Thanks for your response. The “remember me” and “locking” versus “logging out” makes sense. I have 2FA working on my Android app now. Interestingly, using the Opera One browser Bitwarden app (Windows 11 Pro) occasionally logs me back in with only my master password, even though I think I previously logged out. I’m trying to get it to repeat so as to prove my sanity. So far the insane option is winning.
Jim L