Install Authy
The best way to manage all your 2FA accounts is to use the Authy app. It enables you to have a single mobile app for all your 2FA accounts and you can sync them across multiple devices, even accessing them on the desktop. Install Authy on your device by searching for it in your device’s app store.
Losing access to your secondary device (s) (e.g. A Mobile device with an installed Authenticator, a Security Key, or a linked Email inbox) has the potential to lock you out of your Bitwarden Vault. What to do when you’ve lost access to your secondary device (s) depends on whether you’ve saved your Two-step Login Recovery Code. For example, your phone may have been lost, require a factory reset, or you may be upgrading your device. As this code can only be accessed on devices you trust, you will want to remove the 2FA from your account prior to device changes if possible. Disable 2FA on your Bittrex Account using these step by step instructions.
Important: If any sites prompt you to use Google Authenticator for two-factor authentication, note that you can always substitute the Authy 2FA app instead. Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, cloud-backups, and easier account recovery should you change or lose your phone or device. Read more information on the features of Authy here.
Locate 2FA
When logged into your Bitwardenaccount, click on the “Down” arrow to the right of your account icon (or the generic image if you haven’t added an image yet.). Then click “My Account.”
In the next window, in the left-side navigation, click “Two-step Login.”
On the next page, take a moment to view and make a note of your Recovery Code. You will need this code if you ever lose the device that you access your authy accounts with. Once you have stored your recovery code in a safe place, scroll down and click “Manage” alongside the section for Authenticator App.
Before continuing, you will be required to re-enter your Bitwarden Master Password. Click “Continue” when finished.
You will now be presented with a QR code which you will need to capture with your Authy app. Keep this window open as you reach for your Authy-enabled device.
Enable 2FA
To capture the QR code, launch Authy on your device. Click ‘Add Account’ at the bottom of the screen. You’ll be prompted to hold your phone up to your computer to ‘Scan QR Code’ and capture the QR code provided by Bitwarden.
Once the QR code is captured, Authy will display your Bitwarden account with the appropriate icon. If you desire you can also change the logo or the nickname you give the account right on the Authy app. When ready, click ‘Save’.
With your Authy app still opened to your Bitwarden 2FA account, return to the Bitwarden screen showing the QR code and enter the 6-digit code. When done, click “Enable.”
Finish Setup
Once you click “Done,” you’ve completed enabling two-factor authentication on your Bitwarden account, which is now secured with Authy 2FA. From now on, you will need to use the Authy app when you login.
Howto install Bitwarden in a LXC container (e.g. Proxmox)
January 13, 2019
As many of you know me, I’m quite serious about security and therefore a believer in the theory that a service which is not reachable (e.g. from the Internet) cannot be attacked as easily as one that it. Looking at password managers this makes choosing not that easy. Sure there is Keepass and the descendants, but they have the problem that the security is based solely on the master password and the end device security. Knowing friends that use Google Drive for syncing the password file between their devices, I looked at that option, but it was not right for me (e.g. Browser integration, 2FA, …).
Password managers like Lastpass or 1Password are also not the right solution for me. Yes, I believe that their crypto is good, and they never see the passwords of their users, but the 2FA is only as good as the lost password/2FA reset feature is. I’ve read and seen to many attacks on that to rely on it.
All of this leads to Bitwarden, it provides the same level of functionality as Lastpass or 1Password but is OpenSource and can be hosted on my own server. Not opening it up to Internet and using it from remote only via VPN (which I have anyway) make for a real small attack surface. This blog post shows how I installed it within a Proxmox LXC container, which I did to isolated it from other stuff and therefore there are no dependencies, if I need to upgrade something. I don’t like to install anything on the Proxmox host itself. As this is my first try, and I run into a problem with an unprivileged container and docker within it, this setup works currently only with a privileged container. I know this is not that good, but in this case it is a risk I can accept. If you find a solution to get it running in an unprivileged container please send me an email or write a comment.
LXC container
After creating the LXC container (2Gb RAM, >5GB HD) with Debian 9, don’t start the container at once. You need to add following to /etc/modules-load.d/modules.conf
aufs
overlay
And if you don’t want to boot load the modules with
Bitwarden Lost 2fa Roblox
modprobe aufs
modprobe overlay
Bitwarden Lost 2fa Account
If you don’t do this your installation will get gigantic (over 30gb). Now we just need to add following to /etc/pve/lxc/<vid>.conf
#insert docker part below
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
Now you can start the container and enter it, we’ll check later if all was correct, but we need docker for this.
Docker and Docker Composer
Some requirements for docker
apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
and now we can add the repository for docker
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository 'deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable'
and now we can install it with
apt-get update apt-get install docker-ce
The Docker Composer which is shipped with Debian is too old to work with this docker, so we need following:
curl -L 'https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)' -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Bitwarden Lost 2fa Free
and add /usr/local/bin/ to the path variable by adding
PATH=/usr/local/bin:$PATH
Bitwarden Lost 2fa Code
to .bashrc and calling it directly in the bash to get it set without starting a new bash instance. I know that a package would be better, couldn’t find one, so this is a temporary solution. If someone finds a better one, leave it in the comments below.
Now we need to check if the overlay stuff is working by calling docker info and hopefully you get also overlay2 as storage driver:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Bitwarden
Now we just need following:
curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh
chmod +x bitwarden.sh
./bitwarden.sh install
./bitwarden.sh start
./bitwarden.sh updatedb
And now you’re done, you’ve your own password manager server which also supports Google Authenticator (Time-based One-time Password Algorithm (TOTP) as second factor. Maybe I’ll write a blogpost how to setup a Yubikey as 2FA (desktop and mobile) later.
Hi,
thank you for this tutorial. Unfortunately I always receive SQL error messages after database migration.
Mike
Comment by MZ — July 6, 2019 #
Thank you for the tutorial. I am extremely new to this and I am not sure how to complete the first step:
“After creating the LXC container (2Gb RAM, >5GB HD) with Debian 9, don’t start the container at once. You need to add following to /etc/modules-load.d/modules.confaufs
overlay”Ive created the LXC container in my proxmox server but I dont know how to access the /etc/modules-load.d/modules.conf w/o starting the container. Im assuming i would have to do it within my proxmox shell but a bunch of esearches have turned up little insight for how to modify LXC files w/o starting the container. Any advice is appreciated, thank you!
Comment by Drew — September 26, 2020 #
sorry that my text is misleading, you just need to add this to the modules.conf of the proxmox system, not the container.
Comment by robert — September 27, 2020 #
Leave a comment