Help understanding 2 step authentication on different devices

I have found and read the articles on using two step authentication.

Where my sticking point is is whether I can use a mix of these (Yubikey on PC and Authenticator on Android).

Is mix and match like this possible?

Given all of the warnings about totally messing things up with 2-step, I’d appreciate any guidance before I go in ham fisted :smiley:

Many thanks for any pointers

To use not only a single method for 2FA is not only possible but also a good idea as you will still be on the safe side if - for whatever reason - one of these methods stops working.

I am a bitwarden free user. at this moment I have activated two factors via authy, because if I also activate the one via email, the codes via the authentication app are deactivated? can’t i have two different methods at the same time?

Hey @Sav9, you can enable multiple 2FA methods, such as having TOTP codes and hardware keys etc…

More info Two-step Login Methods | Bitwarden Help & Support and Field Guide to Two-Step Login | Bitwarden Help & Support.

Hardware keys are only available on premium.

1 Like

Keep in mind that 2FA on Bitwarden and the 2fa on your site are two different things. I am not sure what you are referring to.

For example, you can setup bitwarden to require 2FA and then setup a method. I believe to use Yubikey you have to pay the premium price.

For each website you add the Bitwarden vault, you can setup 2FA for them, but they are outside of Bitwarden. If my bank supports Yubikey, i could setup the site to use Yubikey as 2FA. Since that is handled outside of Bitwarden, you do not need the premium version. Each entry you add to Bitwarden can have its own version of 2FA. In fact, this will be normal because each site has its own 2FA type that it will support.

Keep in mind security is only as strong as your weakest link. Suppose you setup your site to use Yubikey and then use SMS phone text for 2FA in case you forget your key, then your site is only as safe as the SMS because the hacker will hack your SMS instead because it’s easier. The proper way to handle yubikey recovery is to buy a cheaper yubikey as a backup to use in case you lose your original key.

The takeaway is that each website can have its own 2FA method, but don’t mix 2fa method in the same site.