I need help, locked out of Vault by Yubikey

I was working with my Yubikey 5C NFC on my mac and a window from Bitwarden popped up. I didn’t read it and clicked okay I think. Now when I try to get into my Vault it asks for my Yubikey, I put it in and the pin and it gives my an login error. I can’t get into the vault at all. Anyone have any Ideas? I have the correct password, PIN and Yubikey.

@THUDDOME Welcome to the forum!

The only potentially relevant Bitwarden pop-up is the one that asks if you want to store a passkey (for some other website) inside Bitwarden. Even if you accidentally OK’d such a prompt, it would not affect your ability to log in to Bitwarden.

Registering a passkey to use for logging in to your Bitwarden account (either as 2FA or as a passkey) requires several deliberate steps to be completed, and is highly unlikely to happen accidentally.

Can you try to log in at https://vault.bitwarden.com (or .eu, if that is where your account is hosted), and tell us what you see?

You should first get a screen that asks for your email address:

 

When you click Continue, you should get a master password prompt:

 

When you click Log in with master password, if you have a Yubikey set up for 2FA using FIDO2/WebAuthn, you should get to Bitwarden’s “FIDO2 WebAuthn” screen, which will most likely trigger a pop-up from your operating system (below, the Windows Security prompt for passkey selection is shown):

 

When using a FIDO2/WebAuthn key as 2FA for your Bitwarden login, you will not be prompted to enter a PIN. Just touch your security key when prompted, and you should be logged in to your Web Vault.

 

Do you see anything different when you try to log in? If you get an error message, can you screenshot that error message and post it with your response (after redacting any sensitive information, if applicable)?

Keep in mind I’m on a Mac so I don’t get the windows security window. (Loggin into vault on the website, also happens on browser plug in) )Here’s what I see after I put in email and password and what I get after I touch the Yubikey:

Ironically on my Android phone the app still works and if I look it’s not set to MFA, nor have I ever set it up for MFA. And yes I did export my data so if I have to burn down the account and start over I can. At the time my Yubikey was plugged in and I wasn’t doing anything with Bitwarden, I was actually in Office 365, which is configured to use YK for MFA. I’m more curious, I have everything that should get me into the vault no matter what happened.

I just figured something out, it’s only the Bitwarden website. I can get into the app on my mac and phone. Just can’t login to the website or web extension.

When you say “get in”, are you referring to the full login ceremony, including email, master password, and 2FA?

And if so, is the 2FA method that you are (now successfully) using still the same Yubikey?

And on the website (or browser extension), when you get to the 2FA prompt, what do you see if you click the link “Use another two-step login method” at the bottom?

Finally, can you confirm that your successful logins on the Bitwarden app on your Mac are on the same Mac where you’ve been unsuccessfully attempting to log in to the web vault and browser extension?

In the app on my mac there is no 2FA.

If I try “Use another method” it offer my phone which then wants the Yubikey which fails.

And yes it’s the same Mac.

It seems the Yubikey is somehow attached to vault.bitwarden.com

This doesn’t answer my question. I believe that your Mac Desktop app is already logged in, and you are merely unlocking it. Does the button say Log in with master password or does it say Unlock? If you are just unlocking it, then that is the reason why it is not asking for 2FA in the app (2FA is not required for unlocking, only for logging in).

 

If I try “Use another method” it offer my phone which then wants the Yubikey which fails.

What do you mean “it offer my phone”? Can you show a screenshot of what you see when you click the “Use another two-step login method” link in Bitwarden’s 2FA prompt?

Finally, where are you getting the code that you are entering into the YubiKey OTP 2FA prompt?