Bitwarden finally brings 2FA logins to free users

Bitwarden's illustration showing how the 2FA process works, starting with a user on the left, usinga primary device to login to an application which sends a request back for a token, and the token being entered on the primary device to complete login.

Previously, you had to pay for Bitwarden’s premium plan to add 2FA for your stored logins. Bitwarden is claiming they are the only password manager to now include 2FA logins for free.

As a paying customer, I’ve long been using Bitwarden’s 2FA for logins, and it is pretty seamless. Bitwarden places the 2FA number ready in the device’s clipboard, to just paste in straight after completing the login screen process.

Today, 2FA is absolutely essential for any login security, until passkeys are the norm. It sounds like Bitwarden’s own passkey management for logins, will go live during October, and their own passkey access to Bitwarden, a while after that. It is not clear to me yet whether free tier users now also have 2FA login into Bitwarden itself. I’m using a Yubikey device for my 2FA when logging into Bitwarden, and that may still be for the paid service only.

I also noted when last renewing my Bitwarden subscription that they forced us to up our vault encryption iterations to 600,000. This was also a lesson learnt after the LastPass hack, where it was found the encryption iterations were way too low.

I’m eagerly awaiting to see how Bitwarden implements passkeys in October, as I’m dead set against using passkeys that tie me to any particular device or operating system. I have too many passwords to just lose or have to change.

See https://www.androidpolice.com/bitwarden-2fa-free-passkey/