Two Addresses for Two-Step Verification

Before I set you two-step verification, my partner and I share one BW account. Is it possible to set up the two-step verification so that that code is sent to both of us at the same time (right now, the code would only sent to me, but she may be the person needing the code)?

Thank you.

If you are working with the feee version of Bitwarden, no, it wasn’t designed to be used like this. Sorry.

Thank you very much for replying. I’m using the Premium (paid) version of BW.

If I can’t set up two verification addresses, what I can do is use a business email address that sends a notification to me and to my partner at the same time.

However, my preference would be to get a code via text messages rather than email notification.

You could always configure email TOTP and an authenticator app, you can use either to log in.

If you wanted to have the email go to someone else you could also just use a forwarding rule, our emails are consistently titled Your Two-step Login Verification Code - if that helps, and also noting the no-reply “from” address.

2 Likes

If there’s no direct way to set up two “addresses,” the suggestion about forwarding would work or also using a single address that “splits” emails to it into to other addresses (our business website dues this for customer service inquires.)

Thanx for helping,

Michael

And since you are on a Premium account that supports additional two-step login methods, you could choose methods that are much more secure than email 2FA, such as Duo Push on your devices or register two physical security keys.

I would also suggest using a better 2FA method. You can install an authenticator app on both your and your partner’s phones then when you set up 2FA scan the QR code with both phones and you can both access BW. This method also means you have 2 copies of the code as a backup.

2 Likes

Will that approach also work with Mac Minis (we’re much more likely to be using them than our iPhones or iPads)?

Yes, all of the above will work with Mac Minis or other desktop computers. Duo Push or hardware security keys will be the most convenient, however, because using an authenticator app will mean that you must have your phone/mobile device nearby and you have to obtain a one-time code from it and then enter it when you login in to Bitwarden on your Mac.

I’ll take a look at Duo Push to see if I understand what it does and how it does it. Using an iPhone for getting a verification code is no problem…

Is there another app/process you’d recommend if using an iPhone for the code is not an issue?

Much thanx,

I think the most commonly used options are mentioned above - an authenticator app, like Authy, is very popular, and Duo Push is another version of using an app to authenticate that some prefer for its convenience (but it has some limitations, as well). Hardware keys are great for desktop machines in secure locations (e.g., your home or an office) and they can be removed and taken with you on your key chain, if you like.

Authentication using email or SMS are better than nothing, but they are the least secure because emails and SMS messages can be intercepted or redirected. I would avoid those if you want serious 2FA protection.

All the options are outlined here in the online help if you are interested:
https://bitwarden.com/help/article/bitwarden-field-guide-two-step-login/#securing-bitwarden

If you decide to go with an Authenticator app for the iPhone I would recommend OTPAuth or Raivo OTP both of which have a nice user interface and allow export of the 2FA secrets to another phone (as well as buckups and iCloud sync if you want that). I do not like Authy as I find the user interface poor (tiny icons and small text) and it is not easy to expost the 2FA secrets.

This may be over my pay grade, but I’m certainly up for giving it a try. Thank you so much for all the information…

Michael