Using 2FA with VaultWarden (BYOPM)

SOLO keys

If you happen to read the previous post, this one is an extension to the BYOPM device for enabling 2FA on the VaultWarden instance using a Solokey. Two Factor Authentication (2FA) is implemented to better protect both a user’s credentials and the resources the user can access.

If you followed along and you have deployed a BYOPM device or you have a self host instance of VaultWarden, with the following steps you can use a Solo key to enable 2FA using FIDO2 Authentication.

Preparation

  1. At first navigate to BYOPM admin’s panel (https://byopm.local/admin), or the admin panel of your self hosted instance. Log in using your Admin Token and make sure that at the General settings tab, the Domain URL represents your Vaultwarden’s url.
    Vaultwarden Admin General Settings

  2. Next, navigate to https://byopm.local or your self hosted instance and login.

  3. Select user’s icon at the top right side of the screen and click on Account Settings

Vaultwarden -Home

  1. From the menu at the left select Security and after that, click on the Two-step Login tab at the top of the page. Next, click the Manage Button of the FIDO2 WebAuthn.

Vaultwarden Security Settings

  1. Enter your master password in the popup window and click Continue
    Vaultwarden Authenticate

  2. Here, you must type a descriptive name for your SOLO Key and then click the Read Key button.

Vaultwarden - Two-step login

  1. After that, a popup window will appear with the request to setup the security key. Press OK and plug your security key to a USB port of your computer.

Windows Security Key Setup

  1. Next, you must touch the button on your SOLO key and the popup will be dismissed.

Touch your security key

  1. If everything went well, the following message will appear next to the Read key button. Click the Save button to store your configuration.

Save key

  1. Verify that the Enabled signal appears at the top of the window and that your key is listed on the top of the list.

Vaultwarden - 2FA enabled

  1. You have successfully enabled 2FA. It’s recommended to register at least two keys two avoid any unwanted situations in case of destruction/lost etc.
  2. Click close, and your done.
  3. The next time you will try to login, after entering your password you will be prompted to plug your SOLO key. ONLY AFTER PLUGGING YOUR KEY AND TOUCHING THE RESPECTIVE BUTTON you will be able to login to your account.

Vaultwarden-2FA

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments