Bitwarden Lost 2fa

Bitwarden Lost 2fa

Howto install Bitwarden in a LXC container (e.g. Proxmox)January 13, 2019
As many of you know me, I'm quite serious about security and therefore a believer in the theory that a service which is not reachable (e.g. from the Internet) cannot be attacked as easily as one that it. Looking at password managers this makes choosing not that easy. Sure there is Keepass and the descendants, but they have the problem that the security is based solely on the master password and the end device security. Knowing friends that use Google Drive for syncing the password file between their devices, I looked at that option, but it was not right for me (e.g. Browser integration, 2FA, …).
Password managers like Lastpass or 1Password are also not the right solution for me. Yes, I believe that their crypto is good, and they never see the passwords of their users, but the 2FA is only as good as the lost password/2FA reset feature is. I've read and seen to many attacks on that to rely on it.
When you setup 2FA, Bitwarden would have given you a recovery code to save. It is a 32 char string. If you have that, it will allow you to disable 2FA, login and then re-enable 2FA. Side note - I am sure you would have read/found, it is better to use a 2FA app like Authy or backup the QR code that is seen during 2FA.
All of this leads to Bitwarden, it provides the same level of functionality as Lastpass or 1Password but is OpenSource and can be hosted on my own server. Not opening it up to Internet and using it from remote only via VPN (which I have anyway) make for a real small attack surface. This blog post shows how I installed it within a Proxmox LXC container, which I did to isolated it from other stuff and therefore there are no dependencies, if I need to upgrade something. I don't like to install anything on the Proxmox host itself. As this is my first try, and I run into a problem with an unprivileged container and docker within it, this setup works currently only with a privileged container. I know this is not that good, but in this case it is a risk I can accept. If you find a solution to get it running in an unprivileged container please send me an email or write a comment.
Locate 2FA When logged into your Bitwarden account, click on the 'Down' arrow to the right of your account icon (or the generic image if you haven't added an image yet.). Then click 'My Account.' In the next window, in the left-side navigation, click 'Two-step Login.'.
For example, your phone may have been lost, require a factory reset, or you may be upgrading your device. As this code can only be accessed on devices you trust, you will want to remove the 2FA from your account prior to device changes if possible. Disable 2FA on your Bittrex Account using these step by step instructions.
LXC container
After creating the LXC container (2Gb RAM, >5GB HD) with Debian 9, don't start the container at once. You need to add following to /etc/modules-load.d/modules.conf
aufs
overlay
And if you don't want to boot load the modules with
modprobe aufs
modprobe overlay
If you don't do this your installation will get gigantic (over 30gb). Now we just need to add following to /etc/pve/lxc/.conf
#insert docker part below
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
Now you can start the container and enter it, we'll check later if all was correct, but we need docker for this.
How to convert HTML markup into the Markdown, or CommonMark, text format. This article provides a few options on converting HTML to Markdown. Online conversion of Markdown syntax to HTML code, this tool is completely free. Useful, free online tool that converts HTML to Markdown plain text. No ads, nonsense or garbage, just a HTML converter. Press button, get result. Html to markdown online converter. Online conversion of HTML code to Markdown syntax, this tool is completely free. Markdown Editor is Markdown text editor online which helps user to test and view Markdown online. HTML to Markdown.
Bitwarden Lost 2fa FreeDocker and Docker Composer
Some requirements for docker
apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
and now we can add the repository for docker
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository 'deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable'
and now we can install it with
apt-get update apt-get install docker-ce
The Docker Composer which is shipped with Debian is too old to work with this docker, so we need following:
curl -L 'https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)' -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
and add /usr/local/bin/ to the path variable by adding
PATH=/usr/local/bin:$PATH
to .bashrc and calling it directly in the bash to get it set without starting a new bash instance. I know that a package would be better, couldn't find one, so this is a temporary solution. If someone finds a better one, leave it in the comments below.
Now we need to check if the overlay stuff is working by calling docker info and hopefully you get also overlay2 as storage driver:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Bitwarden
Now we just need following:
curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh
chmod +x bitwarden.sh
./bitwarden.sh install
./bitwarden.sh start
./bitwarden.sh updatedb

And now you're done, you've your own password manager server which also supports Google Authenticator (Time-based One-time Password Algorithm (TOTP) as second factor. Maybe I'll write a blogpost how to setup a Yubikey as 2FA (desktop and mobile) later.
Hi,
thank you for this tutorial. Unfortunately I always receive SQL error messages after database migration. 
Mike
Comment by MZ — July 6, 2019 #
Thank you for the tutorial. I am extremely new to this and I am not sure how to complete the first step:
'After creating the LXC container (2Gb RAM, >5GB HD) with Debian 9, don't start the container at once. You need to add following to /etc/modules-load.d/modules.conf
aufs
overlay'
Ive created the LXC container in my proxmox server but I dont know how to access the /etc/modules-load.d/modules.conf w/o starting the container. Im assuming i would have to do it within my proxmox shell but a bunch of esearches have turned up little insight for how to modify LXC files w/o starting the container. Any advice is appreciated, thank you!
Comment by Drew — September 26, 2020 # Citrix receiver for chrome.
sorry that my text is misleading, you just need to add this to the modules.conf of the proxmox system, not the container.
Comment by robert — September 27, 2020 #
Leave a commentReading Time: 3minutesIntroductionPassword Managers is still a necessity in 2020, and will be for a long time. I've been using Bitwarden with YubiKeys for a while now, so it was about time to share some experience, and how easy it's to get started. 
Bitwarden https://bitwarden.com/ is an Open Source Password Manager that is hosted on GitHub https://github.com/bitwarden. This means that you have full control over source code, and you also could contribute to the project. With Bitwarden you can simply self-host it, or run their Organization Plans that is hosted on Azure https://bitwarden.com/help/article/cloud-server-security/. Bitwarden offers different Organization Plans. To see what fits your demand go to https://bitwarden.com/#organizations. The Enteprises Plan supports Azure AD integration. I will cover this in another blog post. 
Bitwarden Lost 2fa CodeConfigure Bitwarden with your Favorite FIDO keyBitwarden supports a whole range of Providers. When enabling 2FA you will also be prompted to download recover Code. Download these first, before proceeding to the 2FA setup! And Keep the Recovery codes safe, in case things went south! 
To configure your FIDO key with YubiKey. 
Go to: 
1) Settings 
2) Two-step Login 
3) Manage
Just add your YubiKey with the Touch/Tap were it will populate the OTP or U2F, I recommend at least two YubiKeys, in case you lose your primary key. With the second backup key you can access your account if you ever lost your key! Yes, that will eventually happen 🙂 You could also configure Bitwarden with another supported OTP/U2F key if you have another brand in your possession. If you do not have one, Authenticator Apps like Authy, Google, Duo is supported as well. 
The list of supported Yubico keys that will works with Bitwarden https://www.yubico.com/works-with-yubikey/catalog/bitwarden-premium/
If you need to support an NFC compatible key, use the NFC support. I have NFC supported key, so I can access the Bitwarden on go with my Phone. 
Test LoginBitwarden Lost 2fa AccountAfter you have saved the settings, it's time to test the login from your browser of preference. The login site https://vault.bitwarden.com
Let's also test a login with iOS with an NFC compatible YubiKey
SummaryIt's without doubt that configuring 2FA with Bitwarden is straightforward with some simple steps. Just remember! Do not only configure one single YubiKey, that is not good practice.
Bitwarden is feature-packed and should tick all your boxed if you have strong requirements for a password manager. With the wide range of supported OTP/U2F, I think this password manger will make you delighted for a long time. And yes, it's Open Source that is a big bonus! 
Documentation