Choose priority of 2FA-method when several are enabled


When several 2FA-methods are enabled, Bitwarden takes the following priority:

  1. Duo (Organizations)
  2. FIDO2 WebAuthn
  3. YubiKey
  4. Duo (Individual)
  5. Authenticator App
  6. Email

(From Two-step Login Methods | Bitwarden Help Center )

Meaning if I have Webauthn and Yubikey enabled, but I want to primarily use the Yubikey (which is quicker on the phone) I have to press the “use another two-step login method” every time. It would be practical if we could change this priority :slightly_smiling_face:


Please… I have exactly the same remark!

Title: User selected 2FA method prioritization

I had my Yubico Security key NFC setup as one of my methods (in addition to Google Authenticator). The dongle worked great at home, I could plug in the USB and voila. However, my phone (Pixel 5a) just will not recognize the dang NFC dongle, no matter how many times I try. And, it’s not a USB-C type connector, so no luck there. I even tried a USB-A - USB-C converter thingy, but the phone simply wouldn’t accept anything but NFC for this dongle. For some reason, I also didn’t see how I could select another of my chosen Bitwarden 2FA methods (Google Authenticator) when trying to login on my phone… unlike when I was on my computer. Whew, hope that explains it.

I suspect having a physical dongle “may” be more secure than Google Authenticator (but I’m not a security expert)… so that’s probably what led to the dongle being the preferred 2FA method?

Anyway, IMV it would be nice to be able to prioritize the 2FA methods to suit your preference.

Thanks for considering this feature request,

Hi Tim - you can select a different 2FA method on Android - when you are prompted with the WebAuthn prompt, just click the X in the top-right corner of the screen to back out, which takes you back to a screen with a button that allows you to “Try Again”. But this screen has a three-dot menu in the top-right corner that you can select and chose Use Another Two-Step Login Method. Then you can pick what you want.

Also, NFC FIDO2 keys should be supported by Android, but I have had issues with it because I use the Firefox browser by default. I have heard (although, not tried it myself) that it works with Chrome. Maybe someone else here has more experience and can confirm or correct me.

Finally, your feature request for setting the 2FA method priority is a good one - I am going to merge it with an existing thread requesting something similar to clean up a bit. I hope you don’t mind! Cheers.

Just as an addendum, in case it helps somebody else:
The method to click the “X”, described by David H above, didn’t work in DuckDuckGo for me. I had to change my default browser to Chrome to get it to work.


1 Like

Bumping this old thread as I came to post the same request.
Please provide an option to change 2FA priority.

I personally use an authenticator app as my primary method and own a Yubikey as a backup that I keep locked in a drawer. Bitwarden defaults to Yubikey and I have to cancel the Windows/Edge prompts every time.

Same issue here! I Have Authy, Yubico, and FIdo2 WebAuthn, the app keeps asking for the last one I registered! It would be easier if we could define the preferred one, or if the app remembers the last one used!

Exactly what P92 writes! It seems that this request has been here for a while. Just setup FIDO2 Webauthn for backup and have Auth app as day to day MFA. FIDO2 prompts before anything else(except duo) which is really annoying having to tap the three dots and change it manually.

Please, please consider allowing manual priority order of MFA. I recently moved from another pass manager, one reason being FIDO2 Webauthn support, but that priority is annoying!

Thanks :slight_smile:

Every few months I come back here to check if there is any update.
Not being able to choose the priority of 2FA-methods is so annoying.

On Android with Firefox it is even worse because sometimes you can get stuck in FIDO Webauthn screen and then you have to restart Bitwarden and enter your password again.

It can not be that hard to implement this or is it? Please consider.