I have Bitwarden as a Chrome addon which I can login on using my password. But I can’t login on Bitwarden on the web vault or on my phone because it prompts for 2FA code and I have not set that up on the current phone I have. I think I had it configured on my last phone which I lost so not sure what to do now to configure the 2FA so I can login on my phone with the Bitwarden app. Do you guys have any ideas?
I assume you set up the TOTP 2FA app for Bitwarden on your previous phone, but you have lost the phone and now cannot log in to Bitwarden (BW) wherever it requests the 2FA. You may have the following options:
When you set up the 2FA for Bitwarden, it will recommend getting a recovery code. If you have this recovery code, you can use it to log in to BW and turn off 2FA at the same time. You can then turn on TOTP again using another TOTP QR code or secret, and then request for another recovery code.
Some people keep their TOTP secret in their BW vault. If you did this, you can use it to set up another TOTP app.
You still have access to your vault and your password. You can export your vault, easiest in an unencrypted .json file. You can then delete your old account and set up another one using this import. You might want to do this because in the medium to long run, if you cannot figure out how to get around BW 2FA, you might eventually lose access to your vault on the Chrome extension too.
Reiterating some key points from @Neuron5569’s response (but with greater urgency)…
Reading the above statement, you are either mistaken about the claim that you “can login” on your Chrome browser extension, and you are actually just unlocking the browser extension using your password (does the password prompt say “Verify Identity” & “Unlock”, or does it say “Log in with master password”?), or you may in fact be logging in, but at some point in the past, you used the “Remember me” option for the 2FA authentication on the Chrome browser extension (thereby disabling 2FA for that client app).
In either case, there is a high risk that your browser extension session will at some point in the future be deauthorized (by expiring, or as a result of a forced logout), which will completely shut you out of your Bitwarden vault, with no advance warning.
Therefore, you should immediately create a JSON export (plain, not encrypted) as a backup of your vault contents, so that you do not lose all of your vault data when your browser extension eventually stops working. To do so, go to Settings in the browser extension, scroll down to the “TOOLS” section, and click Export vault; ensure that the “File format” is selected as
.json — not
.json (Encrypted) — then enter your master password and click the “Submit” button (and follow the remaining prompts).
If you do not have a saved copy of your Bitwarden 2FA recovery code, nor of your TOTP Authentication Key (or QR code), and if you do not have any alternative 2FA methods (e.g., email or Yubikey) set up on your Bitwarden account, then you might as well start the process of setting up a new Bitwarden account and import your vault export.
Thank you for the great answers. I just exported the unencrypted .json file now. But how can I delete my account now from the Chrome extension?
There is a special web form for account deletion. These are the instructions from the Help Center:
- Navigate to vault.bitwarden.com/#/recover-delete.
- Enter the email address associated with your account and select Submit.
- In your inbox, open the email from Bitwarden and verify that you would like to delete the account.
- If you had to delete a Bitwarden account with a premium subscription, please contact us in order to reapply your existing subscription to the new account.
Thank you, I have made a new account now and 2FA works. I appreciate the help!