Some way to skip two step verification?

So I have the Microsoft Authenticator App that I use for bitwarden two step login on my phone and that phone is broken and won’t turn on.

I tried to login from a new phone but it ask me the two step login code as you I know I can’t access my older phone and I also forgot to write down the recovery code.

How can I login to bitwarden from my new phone??

I still have access to bitwarden on my tablet but when I try to find the recovery code it sends me to the website and ask me the two step code lmao

How can I login to my new phone?

I’m not sure if it’s possible but try disabling MFA

How-to MasterPassword Problems & Best Practices

That is why you should also have at least a 2nd completely different method of 2FA like a YubiKey or DUO.

However, from my understanding is the Microsoft Authenticator connected to your Microsoft account. So I would install the Microsoft Authenticator on my “new” phone and log in using the same Microsoft account I used on my old phone. And then I would expect to see all my 2FA-data I had on my old phone.

Finally: Once you will have solved this issue, go to, log in, click onto your profile picture → Account settings → Security → Two-step login → View Recovery code → Re-enter your Master Password and then write down the Recovery code and store it in a secure location which is NOT inside your Bitwarden account.

1 Like

I tried installing Ms Authenticator app and sadly the app doesn’t backup bickwarden and all accoounts with two step login.

I’m confused as to why bitwarden doesn’t have email verification as one of the two step login methods

According to Microsoft it should have:

It does have eMail as one of their 2FA-methods:

The thing is: You have to activate it.


The settings changed but I found the recovery button and I still can’t see my bitwarden account listed. I tried Google Authenticator but it asked me to scan a QR code on my old phone.

I only have 2 options here, authenticator app and recovery code.

Perhaps you used a different Microsoft account when you set it up ?

How does the Google Authenticator fit in here ?

The reason probably is that you are on the free plan whereas I am on the premium plan.

maybe I used Google Authenticator instead of Ms Authenticator, I really don’t remember

so umm, no help for free user then?? or should I contact bitwarden team instead?

Actually, email-based two-step logins are available to free accounts. What you are seeing, @Giantoss, is the specific methods that are available on your account currently, meaning you have not setup email 2FA yet. Had you set it up, it would appear in that list as a login option, also.

I’m not prepared for that as I believe any other website have email as their 2FA by default.

So is that mean I’m locked now?

I was merely pointing out that the 2FA-email feature was always available to you, but you are choosing not to use it. You said you were confused why Bitwarden doesn’t offer it to free users, but it does.

And yes, if you also chose to ignore Bitwarden’s warning when you setup two-step login to save the recovery codes, then you may be locked out of your account on an un-trusted device. You may also eventually get locked out of your tablet when its ‘trust’ expires and you are required to re-login on the tablet with 2FA.

So, what you should immediately do is go onto your tablet and export a backup of your BW account. If you are currently logged in on the tablet, then all you will require is your master password for the export. Once you have the export in hand (you need an unencrypted JSON format), create a new Bitwarden account and import the file with your vault info, and you can start again from scratch. Once you have confirmed that the new account has your info, then you will need to delete the old account.

Here is a link to a guide on how to best backup your data and your two-step login method:

Please let us know how you make out! Cheers.

No I was confused why the 2FA-email is not available by default as every website (google, yahoo, microsoft etc) have 2FA-email by default and I don’t have to turn it on on that websites.

I contacted bitwarden team and they gave me the same answer. thank you.

1 Like

You almost always have to enable 2FA - not many companies force you to use it. Google have recently started defaulting to having it enabled, but I remember having to manually go through the process of switching it on. Same with the other 70 or so sites I use 2FA on.

This may be a case of YMMV — in my own experience, there are websites (some banks come to mind, Github as well) that do enable email 2FA by default, although I wouldn’t say it is a universal or even common practice.

Another reason for Bitwarden not to enable email 2FA by default is that this has the potential to weaken security for those who add more secure forms of 2FA and may not realize that they would have to also disable the email 2FA in order to realize the security benefits of, say, a Yubikey.

1 Like