WebauthN using android phone, possible?

Hey guys! Recent migration from Lastpass, glad to be here. Bitwarden seems to make things faster!

One thing I have set up is webauthn using a yubikey. When I log into bitwarden browser extension, it works as intended. However, I noticed that when logging in this way, it gives me the choice to use my android phone. Probably because it’s set up with google chrome as a second factor to identify myself. In fact, if I go to log in to the bitwarden vault using webauthn, and I choose my phone, I get a google chrome prompt that wants to identify me. My fingerprint comes up, then when I press it, it cannot log in.

I surmise that this is because I don’t have my phone registered in the bitwarden vault as a valid webauthn login, so it makes sense. But it seems like you could use this functionality, but I do not know what to put in the vault to make this work, or if it’s even possible. Any ideas?

If you are trying to use WebauthN for unlocking your vault, unfortunately that is not supported by Bitwarden, at least not yet. There is an active feature request for this, however, if you are interested to support it:

You can use Webauthn for two-factor authentication, of course (not sure if that was your intention - sorry). But I don’t know if Android phones can be used as a second-factor device or not - I haven’t seen support for this, but the Bitwarden folks have been adding a lot of new features lately.

1 Like

Hey thanks for responding. Yes, trying to use the phone as a second factor. It looks close, but no way of getting the hardware key from. The phone as far as I can tell.

The pixel 6 series acts as a hardware 2FA itself for Google products and sites, so I can’t imagine it’s be impossible to have it act as unique 2FA for other sites etc.

Check this out guys!

​Welcome to Bitwarden and thank you very much for supporting us! :blush:

Yes, depending on the model of your phone, you may be able to enrol it as a FIDO2 WebAuthn Security Key into your Bitwarden account. To do this, please log into your Bitwarden account using the mobile browser on your phone via the Web Vault (Bitwarden Web Vault) and then follow this guide: Two-step Login via FIDO2 WebAuthn | Bitwarden Help & Support to enrol your phone as the FIDO2 WebAuthn Security Key. Once you do that, you’d be prompted to unlock your phone using the screen lock, and that act as your FIDO2 2FA.

I hope you find this clear and helpful, and I thank you in advance for your understanding. Please keep me posted on your progress, and let me know if you have any further questions.

Kind regards,

Bitwarden

Hey, that’s great - thanks for sharing. I was able to get my Galaxy S20 set up first try! Very cool.