Losing access to your secondary device(s) (for example, a mobile device with an installed authenticator, a security key, or a linked email inbox) has the potential to lock you out of your Bitwarden vault.
What to do when you have lost access to your secondary device(s) depends on whether you have saved your two-step login recovery code. If you are unsure, remember that recovery codes need to be actively saved (in other words, Bitwarden won't save it anywhere for you) and look something like this:
Have a recovery code?
Excellent! If you have have your recovery code saved somewhere, you can use it to disable all two-step login methods from outside your vault. Learn more here.
note
Recovery codes will not disable Duo for organizations. You can tell that a Duo prompt is organization-wide by the (Organization) header, as in the following screenshot:
If you are locked out of your vault by a Duo (Organization) prompt, reach out to the Duo administrator at your company for help bypassing the prompt.
Don't have a recovery code?
If you don't have your recovery code saved somewhere outside of your vault, there is unfortunately no way for the team to recover the account or data therein. You will need to delete your account and start a new one.
tip
Before proceeding to delete your account, try the following:
Check if you have an alternative two step login method enabled by selecting Use another two-step login method on the log in screen.
Check if you are currently logged in to any Bitwarden client applications (mobile apps, browser extensions, and more). If you are, export your vault data to preserve your data.
Enter the Email Address associated with your account.
In your email inbox, open the email and verify that you want to delete this Bitwarden account.
If any of your client applications were logged in (see the above tip), log out of them. If you delete a Bitwarden account that has a premium subscription associated with it, Contact Us and we'll reapply your existing subscription to the new account. If you were able to successfully export your vault data prior to deletion, you can easily import it into the new account.
Don't have a recovery code? If you don't have your recovery code saved somewhere outside of your vault, there is unfortunately no way for the team to recover the account or data therein. You will need to delete your account and start a new one.
A recovery code provides an alternative method to verify your two-factor authentication if your authenticator app is not available. When you set up recovery codes, you get a list of codes that are unique to your login. Each code can be used once, and the system tracks each code as it is used.
The very best place to store your 2FA recovery codes is on a piece of paper you keep hidden in your home. At the bare minimum, this is what most people should be doing. This hiding spot could be a safe, a book, under the mattress, or wherever you consider a safe spot in your home.
This article explains what to do if you forgot your master password, as Bitwarden has no way to retrieve or reset it. @michalektm Welcome to the forum! There is no way to recover an account if you no longer have the master password (and if the password hint does not help you remember it).
You can restore from an authenticator cloud backup (assuming there was one) but make sure no accounts have been added to the newly install app. Then sign on with recovery account to do the restore.
Losing access to your two-step login device can permanently lock you out of your vault unless you write down and keep your two-step login recovery code in a safe place or have an alternate two-step login method enabled and available.
If you've lost access to your 2FA device, you can recover your account by using backup codes, alternative recovery options like a secondary email or phone number, or by contacting customer support. Be ready to confirm your identity by answering a few security questions or providing proof of ID.
Bitwarden operates with zero-knowledge encryption. This means that Bitwarden has zero knowledge of, way to retrieve, or way to reset your master password. There are, however, a few steps you can take to try to regain access to your account: Check that you have the right server selected when you try to log in.
Bitwarden flaw can let hackers steal passwords using iframes
Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.
The System Administrator Portal for your instance is available at https://your.domain.com/admin . The portal uses a secure means of passwordless authentication. When a user attempts to log in, a secure link is sent to their email address only if that email address is specified in adminSettings__admins= .
When prompted, enter your recovery code in its entirety. On successful authentication of all three, you will be logged in to your vault and all two-step login methods will be disabled. Once used, get a new recovery code, as it will change with each use.
In the Vault screen, tap the Menu icon , and then tap Settings. In the Settings screen, tap Reset Password. Approve using biometric authentication. In the Reset password screen, follow the on-screen instructions and tap Save.
Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
