Bitwarden Lockout

Hi,

I’m trying to log into Bitwarden, and I’m receiving my authenticator code via text message. However, the text message isn’t coming through completely—I’m only getting part of it, so I can’t see the full code. Also, the recovery code doesn’t seem to be working either.

Any solution? possible

See attached screenshots, there are two how normally it looked like and how it looks like now


Hi @manjotsc and welcome to the Bitwarden community! :waving_hand:

Bitwarden does not currently support 2FA with SMS/text directly from Bitwarden, so I’m not sure which service you may be using to support this functionality. Duo offers SMS 2FA, and Duo itself is supported, so if you are using that option, you will want to reach out to the Duo Support team for assistance. Otherwise, I would recommend moving back to one of the Bitwarden supported methods of 2FA: Two-Step Login Methods | Bitwarden

I hope this helps, but if you need more direct support, please feel free to reach out to Bitwarden Support through any of our Help Center | Bitwarden pages :slightly_smiling_face:

Sorry, I meant to say it’s the email-to-SMS service from my cellular provider. For some reason, it’s not delivering the full message.

Does the 2FA recovery code you have look similar (in structure) to this one:

… and you can’t access your emails directly, then?

Yes recovery looks similar and no I can’t access the email as login type method, there is no gui.

Okay, good. - Can you remember, if you ever used the 2FA recovery code before for a Bitwarden login?

I’m not sure I understand what you are trying to say here. – Bitwarden sends you 2FA emails to your email address, right? Those emails do get forwarded as an SMS. And you don’t have any access to your email address (PS: and therefore your emails) itself??

Yes I have used 2FA before to login.

My cellular provider offers an email-to-SMS service. To send a text message via email, you can use any Bell customer’s phone number followed by @txt.bell.ca. For example, sending an email to [email protected] will deliver the message as an SMS to that number. No login or password is required—just format the recipient’s address correctly and send your message.

Hm, to be exact, I didn’t mean just “2FA”, but if you used the 2FA recovery code before for a login to Bitwarden. Because if you used it before, it became it invalid and can’t work now. (and then a new 2FA recovery code would have been created, that you would have had to write down again) → if that was the case, it would explain, why your 2FA recovery code doesn’t work now

PS:

Ah, okay, I see. Well, that’s unfortunate in such a case.

Never used the recovery code before.

Did you try to login to the web vault (vault.bitwarden.com or vault.bitwarden.eu) and use the 2FA recovery code?

After entering your email address and master password, you should see a similar screen like this, where you can enter the 2FA recovery code:

If that also doesn’t work - what does the error message say?

And with your email-to-SMS-service… can you configure in any way how you get the messages? It seems like it’s a thing on their end, as the SMS seem to be reduced to one SMS only (160 characters?). – This seems to be an issue with the email-to-SMS-service to me.

There is no error message after enterting recovery code, it just brings me back to https://vault.bitwarden.com/

That sounds an awful lot like this bug now:

It’s not clear (to me) from the discussion in that Github issue, whether there actually is a bug, or whether the OP of that issue was using an old (invalid) recovery code.

@manjotsc What happens if you go to https://vault.bitwarden.com/#/recover-2fa/ (or https://vault.bitwarden.eu/#/recover-2fa/, if your account is hosted on the EU cloud) and submit your recovery code there (along with your username and master password)?

Also, if your cellular provider is truncating email-to-SMS messages at 68 characters, perhaps it would be worthwhile to reach out to them about this problem (which will surely affect more than just your Bitwarden notifications).

That seems to be the case. I even tried using a different browser and device, but the issue persists. I suppose the next step is to export the vault and create a new account.

Also sorry coudn’t post reply due to “An error occurred: We appreciate your enthusiasm, keep it up! That said, for the safety of our community, you’ve reached the maximum number of replies a new user can create on their first day. Please wait 22 hours and you’ll be able to create more replies.

@grb as soon as I click sumbit it redirects to vault.bitwarden.com

Did it log you in to the Web Vault? And if not, does it still ask you for 2FA when manually completing the login process?

Finally, is your SMS-to-email address ([email protected]) used as your account username, or only for your Email 2FA?

Yes, still asks for 2FA and also yes [email protected] was used as just for 2FA.

I have exported the vault and made a new account.

2 Likes

Some additions to exports:

  • be aware, that all exports don’t contain Sends and items in the trash
  • only .zip exports (unencrypted at the moment) also contain attachments
  • and csv exports don’t contain Cards, Identities and passkeys

→ ergo: you may have to copy some things manually :warning:

If you’re done with everything, you can delete your old account without logging in: Delete an Account or Organization | Bitwarden

1 Like