Cómo proteger Bitwarden con YubiKey
Guides and Tutorials

How to protect Bitwarden with a YubiKey

Bitwarden stores all your passwords. If someone gets into your vault, they get access to everything — email, banking, social media, cryptocurrencies.

A master password alone is not enough. If it is leaked, guessed, or you get phished... the vault is exposed. The Security Key adds a second factor that cannot be stolen over the internet: without the physical object in your hand, there is no access.

What you need before you start

To enable a Security Key in Bitwarden with FIDO2 WebAuthn, you do not need a paid plan — it is available to all users for free. You can add up to five keys to your account.

⚠️ Write down your recovery code before continuing

If you lose the key and do not have that code, you will be permanently locked out of your vault.

How to set up the Security Key in Bitwarden

The recommended method is FIDO2 WebAuthn. It is the most secure, it is free, and it works with any Yubico Security Key.

1
Go to Settings → Security → Two-step Login

Open your Bitwarden web vault and access the security settings.

2
Select FIDO2 WebAuthn and click Manage

Enter your master password to continue.

3
Give the key a name and click Read Key

For example, “Primary Security Key.” Plug the key into the USB port and touch the button when the browser asks you to.

4
Click Save

A green message will confirm that it is enabled. Sign out on all your devices so that 2FA takes effect.

How access works with the key enabled

Once it is set up, every time you sign in to Bitwarden the process works like this:

1
You enter your email and master password

Just like always.

2
Bitwarden asks for the second factor

Plug the Security Key into USB and touch the button — or tap it on your phone if it supports NFC.

3
You access the vault

If you check “Remember this device,” Bitwarden will not ask for the key again for 30 days on that device.

💡 For NFC on mobile

You only need to tap the key against the back of the device. There is no need to remove it from the case or wallet if you use the card-format tray.

Set up a second key as backup

Losing the only registered key means losing access to the vault. The solution is to register a second key as a backup.

You repeat the same process with the second key and give it a different name — “Backup Security Key,” for example. Keep the second one at home. Carry the primary one with you.

⚠️ The 2-slot tray

It is the most practical way to carry your primary key and backup in your wallet without taking up extra space.

Which Security Key you need

To protect Bitwarden with FIDO2 WebAuthn, any Yubico Security Key is enough. The only difference between models is the type of connector.

Security Key NFC

Security Key NFC

The option for laptops and computers with a USB-A port.

Connection: USB-A
NFC: yes — works on phone and tablet
Protocol: FIDO2 · WebAuthn
View on Amazon →
Security Key C NFC

Security Key C NFC

The option for laptops and phones with a USB-C port.

Connection: USB-C
NFC: yes — works on phone and tablet
Protocol: FIDO2 · WebAuthn
View on Amazon →
💡 Which one do I need?
  • 💻 USB-A port on your computer → Security Key NFC
  • 💻 USB-C port on your computer or phone → Security Key C NFC

How to carry the key with you

Having the Security Key set up in Bitwarden is not very useful if you do not have it with you. The usual problem: the key ends up at the bottom of your bag, scratched against your house keys, or simply forgotten at home.

The most practical solution is to carry it in your wallet. The Holdtag card-format tray has exactly the same dimensions as a credit card — 85.6 × 54 mm — and takes up the thickness of three stacked cards.

YubiKey tray 1 slot ⭐ If you carry a single key

YubiKey tray — 1 slot

Credit card format. Fits in any wallet without adding bulk.

Dimensions: 85.6 × 54 mm
Compatible with: Security Key NFC · Security Key C NFC · YubiKey 5 NFC · YubiKey 5C NFC
NFC: works without removing the key
Material: PLA+ · Made in Spain
View on Amazon →
YubiKey tray 2 slots ⭐ If you have key + backup

YubiKey tray — 2 slots

Primary key and backup in the same space. The most complete option.

Dimensions: 85.6 × 54 mm
Compatible with: Security Key NFC · Security Key C NFC · YubiKey 5 NFC · YubiKey 5C NFC
NFC: works without removing the key
Material: PLA+ · Made in Spain
View on Amazon →
Conclusion

The simplest way to protect your password manager

Bitwarden with a Security Key is the strongest combination for protecting a password manager. FIDO2 WebAuthn is free, setup takes less than five minutes, and any Yubico Security Key is enough.

Always register a second key as a backup. And carry the primary one in your wallet — not on your keychain.

Frequently asked questions

Do I need a Bitwarden Premium plan to use a Security Key?

No. The FIDO2 WebAuthn method is free for all users. With a Security Key NFC or C NFC, you have everything you need without paying anything extra.

Does the Security Key work in the Bitwarden mobile app?

Yes. NFC Security Keys work in the mobile app by tapping the key against the back of the device. There is no need to remove it from the case or wallet.

What happens if I lose the Security Key?

If you have a second key registered, you can access your vault with it without any problem. If you only had one, you need the recovery code that Bitwarden generates when enabling 2FA. Without that code, access is permanently blocked.

Can I use the same key in Bitwarden and in other accounts?

Yes. One Security Key can be registered across multiple services at the same time — Gmail, GitHub, Coinbase, Bitwarden, and any other service compatible with FIDO2. There is no conflict between them.

Is the Holdtag tray compatible with the Security Key?

Yes. The tray is compatible with Security Key NFC and Security Key C NFC. The key fits securely, and NFC works directly from the tray without needing to remove it.

Back to blog

Related Articles

Protection for your YubiKey

1 4