Logging in to Bitwarden using FIDO2 security key (as 2FA) doesn't work

Tested the new native Android app beta and tried logging in with a security key. It’s still not working. Dialog says:

And error has occurred.

Invalid verification code

I can send a screencast privately if anyone from Bitwarden is interested to see, DM me

I just ran in to this but with iOS.

Apparently according to https://bitwarden.com/blog/native-mobile-apps/ passkeys are currently disabled until phase 2.

I think they are rolled out
Now available: Passkeys go mobile! | Bitwarden Blog

Passkeys support for mobile apps - Feature Requests / Password Manager - Bitwarden Community Forums

Other report of the issue
FIDO2 security key: Invalid verification code · Issue #3334 · bitwarden/android (github.com)

I guess you two are talking at cross purposes.

@MFKDGAF I guess @triceps-tamale is talking about FIDO2 WebAuthn 2FA for Bitwarden. (though just speaking of “logging in with a security key” is open for interpretation as it could also mean “login with passkey”)

@triceps-tamale I guess @MFKDGAF is right, that the current mobile apps do have passkey support, but the new native mobile apps that are in Beta now, don’t have passkey support at the moment. (the blog post @MFKDGAF linked shows that)

1 Like

Jumping in to get and provide some clarification:

  1. Passkey autofill is not yet implemented in the native mobile apps. This means that you cannot use the passkeys stored in Bitwarden to log into apps and websites using the native apps yet.

  2. @triceps-tamale are you talking about this, or about using your security key for 2FA when logging into the Bitwarden app?

2 Likes

Thanks for the clarification @Micah_Edelblut and @Nail1684, indeed my post was ambiguous.
I was specifically talking about logging in to Bitwarden in the new beta native Android app using a FIDO2 security key.

I basically want to ditch all other means of 2FA from my Bitwarden account and have security keys as the only option. It works on desktop browser, but in the new Android app it doesn’t work for me.

Thanks for clarifying.
Two follow-up questions: what Android version are you using, and are you logging into a self-hosted instance?

Hey, it seems clear now what you mean, but for the sake of “clear expression of what one means”… as you just wrote that here it still can mean two things:

  1. FIDO2 WebAuthn as 2FA for Bitwarden can be done via a security key (like a YubiKey) as the second step for the login process to Bitwarden.
  2. Creating a passkey for the Bitwarden account (“login with passkeys”) is also “FIDO2” - and if you created that passkey on your security key, that would also be “using a FIDO2 security key for login”.

That’s the confusion here, that could be avoided. :wink:

Using Android 15 and Bitwarden cloud. See here.

Right, I am trying to use security key (Yubikey) as a 2FA to log in to my Bitwarden account. I actually haven’t tried “login with passkeys” yet but will give it a try

:+1:

Yeah, and now you know that “logging in with FIDO2 security key” can actually mean both - as both is FIDO2 and both can be used with security keys and both are (at least part of) “logging in”. :wink:

“Login with passkeys” is great - but be aware, that it still - unfortunately - only works for the web vault.

PS: I just added the “as 2FA” in the title of the thread…

1 Like

Not directly related to the topic of this thread but I actually just tried passwordless login registration in webvault with my two different security keys

  1. Yubico Security Key NFC - U2F and FIDO2
  2. FEITIAN ePass K9

I was able to register the Yubico key but not the Feitian key. It is giving me “Your device can’t be used with this site” error

Interestingly, both keys work and are registered as a 2FA option. I am also able to register the device on https://webauthn.io

Are there any specific requirements for the passwordlesss login that might be the reason it’s not working for the second device ?

Here’s the comparison between the devices that I have been able to gather:

Feature FEITIAN ePass K9 Yubico Security Key NFC
Standards FIDO U2F, FIDO2 FIDO U2F, FIDO2
Connection USB-A, NFC USB-A, NFC
Supported Protocols Limited information available WebAuthn, FIDO2 CTAP1 & CTAP2, U2F
Multi-device Support Yes (limited documentation on specifics) Yes
Number of Credentials Up to 22 credentials Limited information available
Security Certifications FIDO Certified FIDO Certified
Additional Features None May lack in some areas like PIV support
Software Windows only Cross-platform (Windows, macOS, Linux)

@triceps-tamale Hey, great question - and I don’t know the FEITIAN keys, so I have no immediate answer. But since that goes further away from the “Beta” and 2FA questions/problems, I recommend using the same post to open a new thread as “ask the community”. :+1: