I wish to enable 2 phase authentication and ideally I wish to select either a phone or email to send the verification code to whenever I login to bitwarden. Is that possible? If that is not possible, can I chose between 2 different phone numbers?
I ask because my first choice is a phone text but when we are abroad and don’t necessarily have access to our phones would want an email.
Welcome to the forum!
BW doesn’t directly provide a phone 2FA, although I don’t know whether or not you can get that indirectly through Duo. With Duo 2FA from another institution, I can use multiple phone numbers for 2FA. See Two-step Login via Duo | Bitwarden Help Center
For security, I personally would suggest the following 2FA choices to anybody, in this order:
- WebAuthn (like Yubikey) - unphishable and reliable
- TOTP app (like 2FAS) - hard to phish (need to be real-time phishing) and reliable
- Email (that is 2FA enabled and have good recovery email/phone number) - usually encrypted in transit, maybe less reliable than the above 2)
- I would only recommend phone 2FA if you have no other choices above. (subjected to SIM swapping, subjected to intercepts because of no encryption in transit, maybe less reliable than even email).
Just remember that for BW, you have 2FA recovery code, which you can print by itself and stick it in your wallet (which by itself isn’t very useful). If somehow your choice 2FA isn’t available, then you can at least temporarily disable 2FA with the recovery code.
@ahartunian Sending a code to a phone is only possible if you sign up for and install DUO. The more common 2FA approach using a phone is using an authenticator app to produce TOTP codes.
So you could enable 2FA using an authenticator app, and enable 2FA using email. When you get to the 2FA screen in the Bitwarden login process, there will be a link titled “Use another two-step login method”. If you click that link, you can select from among all of the 2FA methods that you have enabled for your account.