Seeking Advice: Offline Bitwarden Unlock Strategy After Potential 2FA Lockout - Reward for Help

Hi guys and gals,

I am willing to PayPal $150 to three people who help me get access to my account, anywhere in the world.

I’m in a sticky situation here and I don’t want to be reminded of what’s happening while I’m on holiday because the dread is slowly killing me. Half of me is wanting to rush back home to try and fix the problem with the other half wanting to put my head in the sand while hoping for my neck to snap while doing it. LOL. but I’m half way across the world with ideas running in my head and I need solution to get me out of this hole I’m in.

I have a Bitwarden account set up on my main phone (google pixel 5) and on a Firefox extension on my laptop (MacBook air 13-inch 2015). I have been on holiday and took a secondary phone that had a reduced number of apps. Bitwarden is not on the secondary device. I did this so I could get away from it all and disconnect.

I have two Yubi keys, one with a complex strong password, physical stored in a secure location with the password stored to access the hardware device in a Bitwarden note. We can call this one the backup Yubi key.

The second key I had was on my key ring which had no password and to which I used as the main hardware 2fa device to access my accounts.

I lost the key ring. Meaning I had no main Yubi login device, but this was not an issue as I had a backup Yubi key and still had access to Bitwarden which stored the password. No issue here ;).

So, I ordered a new Yubi key. The issue here was when I was setting up the Yubi key device, I added a simple password to the device. It’s a very simple password 3 to 6 letters. But I have forgotten this, as you tend not to need the 2fa device as much when you are logged into everything already. You also only get 8 tries before the device wipes itself.

Before I left for holiday I knew in the back of my mind, I did not remember the main Yubi key password. That should not be an issue as I will not be out of the country for that long and I forgot about auto logouts as it was not top of mind. Push comes to shove and I’m am out for over 3 months. The auto logout for extensions is 30 days and 90 days for the mobile device. This realisation while lying in a hotel bed made me freak out as I knew I did not know the Yubi passwords and only had a few changes to get back in without losing data. I never thought I would go this long without using the Bitwarden account as I use it nearly daily for personal and business use cases. I have spent years building that library of saved passwords.

bitwarden[dot]com/help/security-faqs/#q-how-long-does-bitwarden-cache-session-information

The phone I have locked, I think! I asked a family member to power on the phone and I was able to remote connect to the device and try to enter the password. I was on the screen where you could enter the master password and if it was correct move forward into the vault. I think Bitwarden calls this state, locked mode. I failed to remember the password and it pushed me back to the first login screen where I need to log in with 2fa. I have been away for so long I have forgot the password and I only remember it while touch typing on my laptop (MacBook air 13-inch 2015).

This is where the issue arises. The main chance I had to resolve the issue I failed to log in. now I’m looking at trying to break a system that is used to secure passwords and the people making this application are not dumb dumbs like me.

What I need out of the password manager (READ ONLY ACCSESS)

I only need read only access to a note file within my Bitwarden. So I can;

1. Gain access to the strong login password for the backup Yubi key so I can safely reset the main Yubi key, safely.

2. Reset code for 2fa on the Bitwarden account (same note file).

My plan to get around this and try and get back into the account is;

I’m hoping that I can use offline mode to skip the “logging in” step (master password + 2fa) by using the “encrypted vault data” stored on the disk of the laptop device. I basically want to time travel back in time.

I want to do this by back up the Firefox extension data, disabling WIFI and changing date and time setting. Tricking the laptop into thinking I’m offline and within the 30-day window for offline usage.

bitwarden[dot]com/help/understand-log-in-vs-unlock/

Assumption

1. The MacBook air is old. A 2015 model. It does have a poor battery management. Sometimes you charge device to 100%, unplug the device and the lid will think its open and drain all the battery. So I’m hoping its fully dead. This means that it’s in a frozen state that died within the 30 days since last log in.

2. I don’t need to connect to Bitwarden server for first time unlock. I can go straight into offline mode without needing any connection to the internet.

What I want to do in three steps,

Step one; physically remove the WIFI / Bluetooth card

I will do this so that the laptop cannot speak to the internet. this will do two things

hopefully push the Bitwarden Firefox extension into using offline mode*

allow me to manual set the device date and time to within the 30 days of when I last logged into the device and stop the device reaching out to date and time checking services. Tricking Bitwarden into allowing access using only master password.

physically removing the WIFI / Bluetooth card, using this guide.

ifixit[dot]com/Guide/MacBook+Air+13-Inch+Early+2015+AirPort-Bluetooth+Card+Replacement/38515

Why physically remove the card, because I’m running out of chances to get back into my account and I don’t want to ■■■■ this up.

Step two; back up data from Firefox extension

I am going to physical remove the SSD and plug it into my desktop and manually backup the extension data by ctrl + c, ctrl + v.

My thought process here is that if I run into an issue where it does not work, I can roll back??

bitwarden[dot]com/help/data-storage/

Step three; change date and time

I will do this by entering macOS recovery, entering terminal, use code “date 0220143023”

I will use method 1 of this guide

thetechylife[dot]com/how-do-i-change-date-and-time-on-mac-terminal/

after doing these three things, log into the user and try logging into the manager

1. reboot laptop normally

2. Log into my user account

3. Hope that date and time settings save and offline mode is accessible without needing first time connection to Bitwarden servers

4. Firefox will auto open because of start-up app settings

5. Hope that the following screen pops up, where I only asks me for my master password
preview[dot]redd[dot]it/why-does-bitwarden-show-a-full-unlock-screen-on-ios-v0-qurc13x4o8ag1.jpeg?width=640&crop=smart&auto=webp&s=0a874b92b4599bb1a93da53ea237711554358fad

Questions I have

1. Am I understanding it correctly that due to my first login using 2fa, I can force skip checks using local stored data and offline mode. To gain read only access to the vault using my master password only?

2. do you see any way this could go wrong?

3. Does the method I use to change the date and time save when I boot normally (restart so I can access the user on the laptop)?

4. Is there anything else I should do?

5. If this goes well, what steps should I put in place to stop this from happening again?

6. On windows there is a safe mode, is there a safe mode in mac that I can boot into the check to see if the date and time saved before I boot into the real user?

6. Is offline mode accessible without needing to reach out to Bitwarden services for first time connection / unlocking?

7. Is there any else I should backup?

8. If you have another work arounds, I’m all ears!!

9. Surely there is not a brought force method to gain access to the Yubi keys backup or replacement? the backup Yubi key is old, like 6 years plus old, if that could help.

Post-accident process updating

1. Keep a written log for passwords that are needed / backup passwords that remove 2fa. Write on paper and store in secure location. Away from 2fa keys.

2. Don’t rely on your memory. Write ■■■■ down.

Key items I need

I have one note with all the backup codes in, this was my point of failure as I thought that I would never looser access to the vault and because of this did not implement a way to access if I lost my 2fa. I only need read access to two lines in that note file.

How will I make sure I remember the password, If I only have one chance?

I will go to bitwarden.com → login → enter my email → enter my password until I get to the next screen which will ask me for my 2fa code. I will do this after I remove the WIFI card and back up Firefox data.

Please if there are any questions, you have put them in the comments. Again, for the top three people who help me gain access to the account I’ll send over $150 PayPal.

I will cross post this to Reddit and the Bitwarden forum.

I’m all ears and because I think I’m fucked. I will be back from holiday around end of the month 1/6/26. After posting this im going to go get some braised beef with noodles. Im not a happy chappy at the moment.

Signing out, thanks for any advice . I will update this post with outcome and steps used if any.

edit while posting - wish I could add more links, blocked because new user. no problem no problem.

@Lost_freak5 Welcome to the forum!

Well, don’t get this the wrong way – your text reads a bit like a hacker wanting some more information how to break into a Bitwarden account… let’s assume for a moment, this is not the case and you’re just another person seeking help…

I’m not sure if I get everything from your text… You cited this Help Site yourself already: Understand Log In vs. Unlock | Bitwarden – And now to that point, one main question would be: was your BW account in a “locked” state on your MacBook? Or were you already “logged out” with your BW account on your MacBook (like clicking “log out” or getting logged out due to a session timeout when the MacBook was on and running back then)?

If you were/are logged out, then that would mean that the local data was already deleted on your MacBook three months ago.

(emphasis my edit)

Like just written before, if you literally are talking about logging in (and not just “unlocking”), then that would mean there is no local BW data on your MacBook and a connection to the BW servers would be needed to even “get the data” and log you in.

Your post is very long, so I have not read anything. But, if it is true that you have a computer that has a logged-in browser extension, and if you can ensure that this computer never connects to the internet while the browser is open (until you have successfully created a vault export), and if you have the ability to unlock the browser extension (e.g., by entry of the master password), then you should be able to unlock the browser extension in offline mode and export the vault data (again, using your master password), choosing the unencrypted ZIP option.

If you do not have your master password, but if your browser extension is logged-in and configured in a way that allows you to unlock it with a PIN or biometrics after a browser restart, then you can unlock your browser extension in off-line mode using one of those methods. You may still be able to export your vault data even if you don’t know the master password, using some JavaScript manipulations (I can point you in the right direction, if need be).

The most important thing is to prevent the browser extension from connecting to the internet, as this will immediately de-authorize your login session, logging you out and erasing all locally cached vault data — leaving you SOL. The safest approach would be to disable WiFi and power off your WiFi router.

Thanks for the response @Nail1684

Well It my account. Don’t want to loose it.

Last state was logged in where you could edit stored data. I did not click the logout button and I don’t think it’s setup logout unless you click logout (power of the defaults). Just closed the lid and went about my day. Normally that would mean I only need to enter my master password to get back in.

Going of that I think the data is still on the device given that it has not been opened or connect to the internet while I have been away. It’s an old laptop the battery should be dead given it’s been over 2 and a bit months.

Given I think the data is on the laptop do you think what I plan on doing by disconnecting the internet and changing data and time will work ?

Do you think a feature like power nap would affect the situation?

Thanks for taking the time to respond @grb

I’ll have to do the first option as I only have a master password set up.

I don’t want to export data as I only need to access the notes for the 2fa reset code but if I gain access I’ll have that info so no need to export as will have access.

First think I’ll do is take about the WiFi card.

Hoping it work.

Do you know if power nap could mess with browsers extension?

Another thought here (could not edit reply’s) @grb @Nail1684

Does bw check to see if the hardware of the device has been changed?

And if it does detect this it logs you out ?

Not really. It does have a way of recognizing devices where you have previously logged in, but it does so by storing a unique value among the app data (e.g., in a cookie), not by fingerprinting the device hardware.

I’m not familiar with macOS “power naps”, so I can’t speak to that.

I don’t think that manipulating the system clock is necessary, but I suppose it can’t hurt. As a test, I just unlocked a vault backup that had been dormant since December 2022 (using the Windows Portable Desktop app). With the WiFi disabled (and without making any changes to the system clock), I had no issues accessing the old vault data, after unlocking with my master password.

Other than user error (such as failing to disconnect internet access) I think that the main ways that your plan could go awry are:

1. Your browser extension is not actually logged in in and locked, but was in fact logged out already when you last shut down the computer.
2. Your MacBook is so “fully dead” that some critical data has been lost or corrupted.
3. Your muscle memory will not be sufficient for you to recall your master password.

I think you said you planned to create a backup of the Firefox extension data. I think it would be a good idea to back up either the whole computer, or at least the ~/Library/Application Support/Firefox/Profiles/ folder, while the internet is disconnected, the browser is not running, and before you attempt to unlock the browser extension. Then, if you mistype your master password 4 times, restore the backup before attempting a 5th master password entry.

I would recommend also copying down the PIN/password for your other (“main”) YubiKey.

Thanks again for the support

Understood about the hardware fingerprint printing.

I definitely think changing the date and time is needed because bw checks if your within x date and will force logout. I’m outside x so changing is a must.

On the list you give I think those are also points for failure.

I will do a full backup of the Firefox data folder.

See I think doing a full backup might take to much time but if it comes forward that I need it. I will have screwed my self for not doing it.

Yh remembering my master password might be an issue but I think just using another computer connect to the web and just trying to login normally will work as when the 2fa screen request for input pops up, you will know the password is correct.

Yh implement the bw paper print out will be good to stop this from happening again. Should be back in country end of the month so I’ll keep you updated.

Like I said before, I don’t think that doing so can hurt, but I did do a test for you to confirm that I was able to successfully unlock a vault that had been unused since 2022, without manipulating the system clock. My understanding is that expiry is checked by having the server validate the stored session token, and that this check does not (cannot) occur if the device is disconnected from the internet.

So I have logged back in. But I used another method. My old phone broken when I dropped it (has a black blob on the screen) and it was still logged into bw. I got a usb c to usb a dongle and used a mouse to enter my master password. I then looked at my notes for the backup 2fa key. Got that and I could log into my account. I have no clue what the main 2fa password is as I tried what I thought it was and it’s been locked. The fire fox thing did not work as when I logged into the laptop the Firefox browser disabled the all extensions. So it locked me out and I needed to update the browser for them come back. Once that was done the it made me hard login with 2fa.

Could @grb and @Nail1684 send PayPal or transfer wise names and I’ll send the money over. I’m going to delete the post on Reddit as the comments I got were not that helpful.

Next steps for me

1. reset main 2fa

2. use the bw security readiness kit

3. back up other important passwords, like emails and 2fa recovery codes

if there is anything else could you put it below.

@Lost_freak5 Great to hear that you were able to get your vault access back!

Some comments and suggestions:

When you set up Two-Step Login for your Bitwarden account, make sure to obtain the 2FA Reset Code ("Two-Step Login Recovery Code) and record it on your Emergency Sheet (“Security Readiness Kit”) — see below.

This is essential, although you don’t have to use that exact format; an alternative example is available at passwordbits.com. Best practice is to create two or more copies of the Emergency Sheet, securely stored in two different locations (to protect against fire or similar catastrophic loss). At a minimum, your Emergency Sheet should document the following information:

• Your Bitwarden server URL (bitwarden.com or bitwarden.eu, or self-hosted server URL)
• Your Bitwarden the username (email address)
• Your Bitwarden master password
• Your Bitwarden Two-Step Login Recovery Code
• The file password for your vault exports (backups).

Additional helpful information to record would be:

• Username/password required to log in to your devices.
• Username/password required to log in to your email account (the email address used for your Bitwarden username).
• Username/password required to log in to your authenticator app.
• Authenticator keys (TOTP “secret”/“seed”) used for 2FA to access your Bitwarden account and/or your email account.
• User verification PIN for hardware security keys.
• Contact information for any Emergency Access grantees.

If you have any concerns about the security of plaintext Emergency Sheets, the best solution (IMO) is to use Shamir’s Secret Sharing.

Besides recording the most essential credentials on your Emergency Sheet, you should get in the habit of creating regular vault exports to back up your data. Choose the Encrypted JSON format, and make sure to always select the “password-protected” export type (never the “account-restricted” export).

With the password-protected vault export, it is recommended to use a file password that is stronger than the vault master password, to compensate for the fact that exports do not benefit from updates to the KDF settings for the Bitwarden account. I would recommend, at a minimum, a 6-word random passphrase; you can save this password in your Bitwarden vault (for convenience in updating your vault backups on a regular basis), but to prevent data loss due to circular dependencies, a copy of this file password should also be kept outside the vault (i.e., written on your Emergency Sheet).

As I explained in my DM, all assistance that I provide here on the forum is free, without any expectation of remuneration; however, a voluntary donation to charities that I support would be much appreciated (see my user profile for more information).