Two-factor authenticator

Ask the Community Password Manager
,
1

I have a question about best practices for Two-factor authentication of my Bitwarden account.
I have the Duo app installed on my phone but I’m not an admin (provided by my school) … so don’t have access to an “admin panel” as explained in the Bitwarden instructions to set it up.
I did add a bunch of third party accounts to my Duo without issues, but it seems Bitwarden works differently? Is there any way to add Bitwarden to my existing Duo?

As an alternative, I downloaded the Bitwarden Authenticator app.
My question here is, if I lose my device, is there a way to back it up?
For my Duo account I have set up a recovery password for my Third Party accounts. But I don’t see that option with the Bitwarden Authenticator app.

I’d love to find a robust solution for 2FA without too many individual apps and would love to hear from people’s experiences.

2

I have duo for an institutional account, but I have not played with Duo restore, so I don’t know for sure how well it backs up the settings. But from the look of it, by having the Duo restore on (with your google account), the information in the app would be restored automatically once you authenticate with Google on the app.

I don’t use duo as a 2FA TOTP generator either, but it looks like Duo can do this. When you set up 2FA for Bitwarden, just pick “Authentication app” instead of Duo, and use Duo QR code scanner to scan.

You will want to write down BW 2FA recovery code and keep it so that you have a safe/reliable access.

Duo doesn’t allow export of all the secrets it keeps, so you will depend on Duo restore to work properly, and your 2FA recovery codes to be usable/accessible. This is viewed as a NoNo for some technical people. The 2FA authenticators usually recommended for Android are 2FAS or Aegis. Bitwarden authenticator app still lacks some security/functionality compared with those 2 apps. I would suggest you start using these right away to prevent heartaches in the long run. I personally use 2FAS.

3

Wonderful, thanks much for this – yes, choosing “Authenticator app” and scanning he QR code works perfectly.
I was just confused by the Duo Security option – I thought that would give me a QR code. But if it works with any authenticator app then obviously it should work with Duo.
And thanks for the caveats too – yes, I have saved the BW 2FA recovery code in a secure place just in case Duo abandons me in one way or the other.

1 Like