Bitwarden is a highly used password manager that uses published open source code that is used to secure and managing sensitive online data such as passwords, passkeys, and credit cards.

By default access to your Bitwarden vault is protected by you master password, but access to your account can be further protected by using your SafeID programmable hardware token (the token produces OTP codes that can be used as a second factor whilst logging in to your Bitwarden account), and once activated an additional authentication step is added after you supply your password (example below);

Using a SafeID Programmable Token as a second factor during Bitwarden Logon

Once programmed, your SafeID programmable token will produce OTP that can be used during authentication after you have supplied your username and master password (i.e. as a second factor during logon).

The following procedure guides you through the process of adding 2-step authentication using a programmable hardware token;

• Setting up 2-step login with Bitwarden

  Two-step authentication using your Fido key is enabled by logging in to your Bitwarden vault account (with admin access), then use the password manager to navigate to "Settings | Security";

  

  Select the tab "Two-step login", then next to the icon for "Authenticator App", click on the button;

  

  
  

  For security reasons you will now be asked to provide your Master Password.

  Enter your password then click ;

  

  
  

  A new windows titled "Two-step login Authenticator app" will now open (example below);

  

  Although the generated QR code is intended to be added to an authentication app, the QR code is suitable for burning onto a programmable token.

  The instructions for burning a programmable token using this type of QR code can be found in the following procedure;

  • Burning a programmable token using a QR code

    To program a SafeID/Diamond or SafeID/Pro token with a QR code, launch the SafeID/Diamond programming tool.  

    

    
    

    Click the Scan QR Code button 

    Click here for instructions on Scanning QR Codes ...

    Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

    You can scan the screen for a QR code, or load from a file.

    

    If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

    If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

    

    
    

    Select Scan Screen.

    If succeeded, the Seed box should be filled with the token's seed data.

    

    
    

    Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

    

    
    

    Press the Connect button

    

    
    

    Now, switch on a SafeID token and place it on the reader. 

    The tool will read out the token's serial number and time, and display them:

    

    
    

    If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

    Press the Burn button

    

    
    

    The token is successfully programmed.

    Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

    

    Related Articles

    • Programmable Tokens and keys
    • Hardware Tokens
    • NFC Card Reader
    • Checking and resolving time drift on a windows computer
    • How to generate QR codes for authenticator apps or programmable tokens
    • How to extract seed data from a QR code using a PC

    
    

  
  

  After burning the token with the seed data we now produce an OTP code using the token, enter the code at the prompt "Verification code", then click ;

  

  
  

  Two-step authentication using the programmable token can now be used when logging in to Bitwarden. 

  
  

• Two-Step Logon User Experience

  After navigating to "https://bitwarden.com/" and click on the "Log in" option, at the email address prompt enter your email address then click ;

  

  
  

  Enter your master password then click "Log in with master password";

  

  
  

  You will now be asked to provide a Verification code;

  

  Enter an OTP code from your programmable hardware token then click , and you will be logged in to your Bitwarden account.

  
  

Related Articles

• OTP Tokens
• Programmable Tokens and keys
• NFC Smart Card Reader