Hi, my Bitwarden account is secured using two YubiKeys (version 5 with NFC), and this setup has worked perfectly for over a year. I use Bitwarden on my desktop PC, phone, iPad, and laptop. However, for the past two days, I have been unable to log in to Bitwarden on my desktop PC using 2FA (this applies to all Bitwarden clients: Desktop App, Website, and Browser Extension). I consistently receive the error message: “Two-step token is invalid. Try again.” This happens with both of my YubiKeys (I’ve outlined the steps I’ve tried so far below).
What’s particularly strange is that sometimes, after restarting my PC, I’m able to log in once using my YubiKey, but after that initial login, no further logins are possible at all. On all my other devices (laptop, phone, iPad), 2FA works without any issues.
I’ve read online that this could be related to system time issues (I’ve already tried adjusting that), but other than that, I’m unsure what could be causing the problem. Do you have any suggestions or steps I could try to resolve this?
Steps that I’ve tried
Restarted my PC multiple times.
Resynced time with the Windows time server (several times).
Thought that removing and re-adding my 2FA methods to Bitwarden might help:
Removed all 2FA methods from my Bitwarden account using my recovery code.
Re-added both YubiKeys and saved the recovery code (I did this on my laptop and phone, as these devices didn’t have any issues — the YubiKeys were not set up on my “problematic” desktop PC).
Retried all the steps mentioned above.
My Setup
2FA Keys:
YubiKey 5C NFC
YubiKey 5 NFC
PC (where the problem occurs) (self-build)
Operation System: Windows 11 Pro (all up to date) (Version 23H2)
I’m not sure the cause of your issue, but what I would do immediately if I were you is to save an unencrypted copy of your vault on a secure device - hardware encrypted USB stick if you have one, or use VeraCrypt to software encrypt a USB stick. That way you have a good backup just in case something goes haywire as you work through this issue.
Hi, thank you for mentioning backups - its pretty nice that everyone thinks of that, especially when people here are worried about there account!
I did exactly as you suggested and also saved my recovery code in different ways (digital and offline). Besides that I also backup regularly using Vera Crypt. So I am not really worried about loosing access/my vault data. Its just this “technical” issue that I currently cannot use Bitwarden on my main Desktop device …
I believe the issue may not be related to Bitwarden, but rather to my YubiKey and device configuration. Since I don’t use these YubiKeys with any other services, I can’t directly test my theory. However, I’ve noticed the following: On the official Yubico site (Yubico demo website), you can test your YubiKeys and validate their OTPs. Unfortunately, this does not work on my PC, although it has functioned on all the other devices I’ve tested.
@leon3 I don’t know if it deliberate on your side to use “Yubico OTP” as 2FA for Bitwarden, but usually the recommendation would be, to use FIDO2 with your YubiKeys for the Bitwarden account. (see here: Two-step Login via FIDO2 WebAuthn | Bitwarden Help Center) Yubico OTP is a bit outdated and FIDO2 is the “superior method”.
@Nail1684, thanks for your response! I wasn’t aware of that, but I’ve just added FIDO2 WebAuthn as a 2FA method to my account. I haven’t removed the Yubico OTP yet, as I want to keep this sign-in method secure for now.
As I mentioned earlier, I believe this is a general YubiKey issue with my device, but I would really appreciate any suggestions you might have to help resolve this!
I’m not sure if I have an immediate idea here… but you could set up the FIDO2 credential on the YubiKey succesfully, right? That means, Windows Hello/Windows Security popped up, you chose “security key”, you had to “verify” that with the FIDO2-PIN of the YubiKey - and there was no error message? Only when you try to log in now, you get the error message, right?
And we are still talking about the Bitwarden desktop app? (BTW, which version?)