Change my phone number

Change my phone number. How do I change the phone number that Bitwarden has for me? I can’t find it in account settings billing or security. I got an email suggesting I set up 2 step log in. I already had it set up with my two Yubikeys but I saw there was a new and better protocol so I tried to set up FIDO2 WebAuthn protocol on my Yubikeys. I set up FIDO2 WebAuthn protocol for my first Yubikey. I realized that I had messed up, I had to choose what Bitwarden client I wanted the Yubikey to work for. I thing the choices were my Zenfone, something else, and my Yubikey. The first choice, the Zenfone was checked by default but I didn’t notice that. I clicked next and got a prompt to enter a PIN. I tried entering the PIN for my Yubikey but it is a word and the form would only accept numbers so I tried my usual PIN but it was incorrect. I saw some small italic print saying that my Vivaldi browser was requesting the PIN. I had no idea. I tried the PIN that unlocks my PC and got a message that it worked and now I could use Windows Hello to sign in (not something I have ever used or anticipate using). Anyway. I decided to remove that Yubikey and try again. When I tried again I checked my phone, the Zenfone as that’s where I wanted to use the Yubikey and proceeded. Another phone, a Pixel 5, that sits on my desk lit up with a notification of my account’s fingerprint phrase. That phone has a household number whereas the Zenfone has my personal number. The Pixel phone would have had my personal number until I got the Zenfone. Anyway, somehow Bitwarden knows I got a new phone, the Zenfone, but doesn’t know I moved my SIM to the new phone. I might have used Bitwarden from the household number if I was using my Zenfone for a call I didn’t want to risk dropping or maybe they got it from VISA? I don’t want Bitwarden communicating with that phone, setting up the FIDO2 WebAuthn protocol has been problematic enough with the ambiguous choices built into the process. How can I change my number with them?

Bitwarden does not collect your telephone number, unless you have filled out a contact form like this form for becoming a member of Bitwarden’s Partner Program. The only other possible place where your phone number could be stored is if you have previously set up two-step login using DUO, and then registered a phone number for receiving 2FA codes from DUO by SMS text message or push notification.

It is unclear what exactly you were doing when the Pixel5 phone received a push notification with your fingerprint phrase. If you are able to reproduce the sequence of events that you have described, then I would recommend that you take screenshots of the key steps (and prompts/notices that you see) and post them here.

If you don’t want Bitwarden to communicate with a particular phone, then simply uninstall the Bitwarden app from that phone (and delete the phone number from DUO, if applicable).

Thanks, I’m agnostic on BW communicating with me by phone, I just want it to use my personal phone not a device handed down to another duty as a household/backup phone with another number. I was setting up a Yubikey with FIDO2 WebAuthn protocol and I’d checked the Zenfone choice I was offered in that setup process. I’ll check on the DUO possibility. I wouldn’t have used the partner form. Oh, just thought. I might have had both numbers on the same phone, the Zenfone I am using as my personal phone. Maybe BW sent 2FA codes to the Zenfone when it had the household number as an e-sim second number. I’ll delete BW from the second phone and see if that forces a correction. Thanks again. FYI: It was at this step that BW sent my fingerprint phrase: Pasword Manager/Settings/Security/Passkey. I entered a Friendly name (Zenfone) and clicked read key then BW sent the fingerprint phrase to the wrong phone and suggested I confirm it was the correct phrase. I guess this is to prevent a man in the middle attack. Thanks again.

Maybe you realize this already, but doing the above was a mistake. Instead of registering your Yubikey as a passkey for Bitwarden two-step login, you registered your Zenfone as a passkey.

The choices offered are not offered by Bitwarden, they are offered by Windows. The choices do not represent “what Bitwarden client you wanted the Yubikey to work for”; the choices represent where you want the FIDO2/WebAuthn passkey to be stored. So your actions caused the Bitwarden two-step login passkey to be stored on your Zenfone.

I am not an expert on how mobile phones store passkeys, but I believe that for passkeys that have been stored on an Android phone, the passkeys are automatically synced to your Google account, and then synced to any other Android devices where you have logged in to your Google account.

Normally, what happens when you click Read Key is that you will see the following prompt from Windows:

 

If you select “iPhone, iPad, or Android device” and then click Next, then the next step is that a QR code will be displayed, which you must scan using the phone where you wish to store the passkey (see example screenshot below). Do you remember scanning a QR code?

 

I think the solution to your problem will be to delete the Bitwarden passkey that is now stored in your Google account, delete the corresponding Zenfone WebAuthn passkey from the Bitwarden two-step login setup, and then start over. When you click Read Key and see the prompt “Choose where to save this passkey”, make sure that you select “Security Key” before clicking Next.

Thanks for explaining that. I was following the instructions but I didn’t understand the warning note about some devices being native FIDO2 authenticators and the need, in that case, to ignore the proferred option. When I did that and selected More choices then Other devices I found it: Security Key. It’s sort of a door at the back of the closet placement. Obvious once you know and it’s a room you visit often. I started over and got both of my Yubikeys set up. I knew it was working when it recognized their PINs. I’ll take the other part of your good advice tomorrow and get that passkey away from Google

1 Like