Can't login on Android: An error has occurred. Two-step token is invalid. Try again.

LemonyIdle · February 27, 2025, 7:14am

I have searched for other topics on this error.

OS: GrapheneOS, Android
Installed Bitwarden from F-Droid and Google Playstore.

When I attempt to login with the Bitwarden app, after authenticating with my yubikey, I get returned to the app and this error pops up: An error has occurred. Two-step token is invalid. Try again. I re-installed Bitwarden on both F-Droid as well as Google Playstore. I tried with Brave and Vanadium. I used the NFC method as well as USB.

I want to note that I am able to login on my desktop (with Brave browser), using the same yubikey.

I know my yubikey works, that being said, WebAuthn has been hit or miss for a few years - I regularly have issues when I use my yubikey with other apps like Tuta and Proton, particularly on Android but also on Desktop to a lesser extent. I think the WebAuthn implementation has deteriorated ever since passkeys were introduced, and using hardware keys has become increasingly frustrating.

Another post on this error mentioned having the time on my device synced. My time is synced. I’ve also rebooted my phone. No other devices are logged into my account.

This error seems to have existed since at least 2020. It’s the first time I’ve seen it, and I last logged into my account on Android in June 2024 (I rarely login). I have a secondary 2FA method (TOTP) but according to another issue posted here, they got the same error even with TOTP.

Nail1684 · February 27, 2025, 10:15am

@LemonyIdle Welcome to the forum!

When you log in to the web vault… and when you then go to Settings → Security → Two-step login → Passkey → “Manage”… do you see “Migrated from FIDO” behind your registered YubiKeys here (in my screenshot, the “Migrated from FIDO” is not there):

If you see “Migrated from FIDO”, you should re-register your YubiKeys.

(and maybe see this thread FIDO U2F keys are being phased out in 2025 - make sure to replace those in time - the last posts are the most “accurate” ones )

LemonyIdle · February 27, 2025, 12:18pm

@Nail1684 Unfortunately, I don’t see any keys marked “Migrated from FIDO”.

This is what my FIDO2 WebAuthn page looks like.

Should I re-register my keys anyway?

Nail1684 · February 27, 2025, 12:24pm

Oh no, that’s rather “fortunate”, as your keys then are already on the newer protocol. (it sounded like your YubiKeys might be long-registered, that’s why I thought of that “U2F-to-WebAuthn change”)

I don’t think it’s necessary, then… But if you did it (with caution), it wouldn’t harm either.

Hm, I must confess I didn’t search for other similar posts right now, but it seems to me, you maybe should contact support and possibly also report it as a bug (“New issue” on GitHub here)

LemonyIdle · February 27, 2025, 12:33pm

I appreciate your help anyway. I’ll contact support.