Hi there,
I have a question when someone gets a new phone due to the old one dying, and the mfa app didn’t synchronise, She still has access tot bitwarden on her laptop, but on the phone the bitwarden app wants the mfa, and because the mfa app dind sync sh has no mfacode to complie.
The bitwarden browser app connects her to the bitwarden site for the mfa settings, and sh never logged in on this laptop in the browser, so she is stuck. Is there any way of fixing this?
If your friend does not have her recovery code for turning off 2FA, my recommendation would be to export from the still logged-in app and start a new account.
@scss Welcome to the forum!
She needs to create an export a.s.a.p. (using the ZIP format, unless she prefers the export to be encrypted — in which case the JSON–Encrypted should be selected for the export format, being sure to also select the Password-Protected export type; however, please note that the JSON format does not include any file attachments that may have been uploaded to the vault).
FYI, occasionally, Bitwarden apps may be logged out without warning. If this happens before an export is created, your friend will immediately lose access to all of their vault contents (assuming that they do not have their Two-Step Login Recovery Code).
As others said, create a backup ASAP. Even if you think you may have a solution, it will reduce the risk of things getting worse.
As your friend creates a new vault, she may want to follow the getting started document to minimize the risk to her vault (both “data disclosure” and “vault lockout”).
She can try logging into Bitwarden on her laptop and accessing the account settings. From there, she should look for the option to disable MFA temporarily. After that, she can set up MFA again using a new authenticator app on her new phone.
@Paired I think the scenario for the Bitwarden account here was:
→ in such a scenario, you can no longer log in to the web vault to change the 2FA settings → therefore, such a BW account is essentially lost (and therefore the advice to export and start a new account, as given above…)
PS: The only “last straw” would be a 30-day 2FA-“remember me” for the web vault…