YubiKey 2FA Failing on Desktop PC – Works Fine on Other Devices

YubiKey Login does not work on Desktop PC

Hi, my Bitwarden account is secured using two YubiKeys (version 5 with NFC), and this setup has worked perfectly for over a year. I use Bitwarden on my desktop PC, phone, iPad, and laptop. However, for the past two days, I have been unable to log in to Bitwarden on my desktop PC using 2FA (this applies to all Bitwarden clients: Desktop App, Website, and Browser Extension). I consistently receive the error message: “Two-step token is invalid. Try again.” This happens with both of my YubiKeys (I’ve outlined the steps I’ve tried so far below).

What’s particularly strange is that sometimes, after restarting my PC, I’m able to log in once using my YubiKey, but after that initial login, no further logins are possible at all. On all my other devices (laptop, phone, iPad), 2FA works without any issues.

I’ve read online that this could be related to system time issues (I’ve already tried adjusting that), but other than that, I’m unsure what could be causing the problem. Do you have any suggestions or steps I could try to resolve this?

Steps that I’ve tried

  • Restarted my PC multiple times.
  • Resynced time with the Windows time server (several times).
  • Thought that removing and re-adding my 2FA methods to Bitwarden might help:
    • Removed all 2FA methods from my Bitwarden account using my recovery code.

    • Re-added both YubiKeys and saved the recovery code (I did this on my laptop and phone, as these devices didn’t have any issues — the YubiKeys were not set up on my “problematic” desktop PC).

    • Retried all the steps mentioned above.

My Setup

  • 2FA Keys:
    • YubiKey 5C NFC
    • YubiKey 5 NFC
  • PC (where the problem occurs) (self-build)
    • Operation System: Windows 11 Pro (all up to date) (Version 23H2)
    • Processor: AMD Ryzen 9 5950X
    • RAM: 32 GB
  • Phone (where 2FA still works): Pixel 8
  • Linux Zorino Laptop where 2FA still works
  • iPad Air where 2FA still works

I’m not sure the cause of your issue, but what I would do immediately if I were you is to save an unencrypted copy of your vault on a secure device - hardware encrypted USB stick if you have one, or use VeraCrypt to software encrypt a USB stick. That way you have a good backup just in case something goes haywire as you work through this issue.

1 Like

Hi, thank you for mentioning backups - its pretty nice that everyone thinks of that, especially when people here are worried about there account!
I did exactly as you suggested and also saved my recovery code in different ways (digital and offline). Besides that I also backup regularly using Vera Crypt. So I am not really worried about loosing access/my vault data. Its just this “technical” issue that I currently cannot use Bitwarden on my main Desktop device …

1 Like

Update

I believe the issue may not be related to Bitwarden, but rather to my YubiKey and device configuration. Since I don’t use these YubiKeys with any other services, I can’t directly test my theory. However, I’ve noticed the following: On the official Yubico site (Yubico demo website), you can test your YubiKeys and validate their OTPs. Unfortunately, this does not work on my PC, although it has functioned on all the other devices I’ve tested.

@leon3 I don’t know if it deliberate on your side to use “Yubico OTP” as 2FA for Bitwarden, but usually the recommendation would be, to use FIDO2 with your YubiKeys for the Bitwarden account. (see here: Two-step Login via FIDO2 WebAuthn | Bitwarden Help Center) Yubico OTP is a bit outdated and FIDO2 is the “superior method”.

@Nail1684, thanks for your response! I wasn’t aware of that, but I’ve just added FIDO2 WebAuthn as a 2FA method to my account. I haven’t removed the Yubico OTP yet, as I want to keep this sign-in method secure for now.

Interestingly, I’m now encountering a different error, when I use FIDO2 WebAuthn:
“NotAllowedError: The operation either timed out or was not allowed. See: Web Authentication: An API for accessing Public Key Credentials - Level 2

As I mentioned earlier, I believe this is a general YubiKey issue with my device, but I would really appreciate any suggestions you might have to help resolve this!

I’m not sure if I have an immediate idea here… but you could set up the FIDO2 credential on the YubiKey succesfully, right? That means, Windows Hello/Windows Security popped up, you chose “security key”, you had to “verify” that with the FIDO2-PIN of the YubiKey - and there was no error message? Only when you try to log in now, you get the error message, right?

And we are still talking about the Bitwarden desktop app? (BTW, which version?)

I successfully set up the credentials, and they work on my phone, Linux laptop, and iPad; however, I’m having trouble accessing them on my desktop PC.

I’ve attempted to log into Bitwarden using the desktop app, the web vault (across different browsers), and the browser extension, but without success.

Here are the details of my desktop app version:

  • Version: 2024.9.0
  • Shell: 32.0.1
  • Renderer: 128-0-6613-36
  • Node: 20.16.0
  • Architecture: x64

Thank you for your help!