Is there a priority default for two step login in Bitwarden?
If I enable both Authy, yubikey WebAuthn and email how can I tell which one will be requested?
Is there any way to lockdown requesting degrading to a lover level 2FA to specific clients/IP addresses or other?
Can the priority for 2FA logins be modified by the administrator on self hosted setups?
Yes, there is. You can see the order of priority here:
https://bitwarden.com/help/article/setup-two-step-login/#using-multiple-methods
Thank you for your reply David.
I have a premium Personal account.
In two step login I have both enabled:
- authenticator app (which is in position 1 of 5)
- webauthn (which is in position 4 of 5)
When I login I am prompted to authenticate with webauthn (which of course I prefer over authenticator app). Why is this happening?
Is there any way to change priority? I think many users would like to set a personal priority order. Please let me know if I should open a feature request.
I don’t think you can change the priority - it appears to be in order of most secure to least secure, at least roughly. And what I see on that page is that webauthn is in priority position #2 (after Duo) and authenticator app is in position 5, so webauthn should always be presented by default over the authenticator app.
Out of curiosity, where did you see you priority order, given that it is different from what I see?
EDIT: Wait - I see it now. Is this what you are looking at from the Web Vault settings for 2FA?
Ok, my fault was looking at my hosted vault order…
Thanks
I can see how that is confusing. I might put in a feature request to have that changed - seems simple enough.
Yes, thank you. Would be great!