When several 2FA-methods are enabled, Bitwarden takes the following priority:
- Duo (Organizations)
- FIDO2 WebAuthn
- Duo (Individual)
- Authenticator App
(From Two-step Login Methods | Bitwarden Help & Support )
Meaning if I have Webauthn and Yubikey enabled, but I want to primarily use the Yubikey (which is quicker on the phone) I have to press the “use another two-step login method” every time. It would be practical if we could change this priority
Please… I have exactly the same remark!
Title: User selected 2FA method prioritization
I had my Yubico Security key NFC setup as one of my methods (in addition to Google Authenticator). The dongle worked great at home, I could plug in the USB and voila. However, my phone (Pixel 5a) just will not recognize the dang NFC dongle, no matter how many times I try. And, it’s not a USB-C type connector, so no luck there. I even tried a USB-A - USB-C converter thingy, but the phone simply wouldn’t accept anything but NFC for this dongle. For some reason, I also didn’t see how I could select another of my chosen Bitwarden 2FA methods (Google Authenticator) when trying to login on my phone… unlike when I was on my computer. Whew, hope that explains it.
I suspect having a physical dongle “may” be more secure than Google Authenticator (but I’m not a security expert)… so that’s probably what led to the dongle being the preferred 2FA method?
Anyway, IMV it would be nice to be able to prioritize the 2FA methods to suit your preference.
Thanks for considering this feature request,
Hi Tim - you can select a different 2FA method on Android - when you are prompted with the WebAuthn prompt, just click the X in the top-right corner of the screen to back out, which takes you back to a screen with a button that allows you to “Try Again”. But this screen has a three-dot menu in the top-right corner that you can select and chose Use Another Two-Step Login Method. Then you can pick what you want.
Also, NFC FIDO2 keys should be supported by Android, but I have had issues with it because I use the Firefox browser by default. I have heard (although, not tried it myself) that it works with Chrome. Maybe someone else here has more experience and can confirm or correct me.
Finally, your feature request for setting the 2FA method priority is a good one - I am going to merge it with an existing thread requesting something similar to clean up a bit. I hope you don’t mind! Cheers.