Two-step Login Methods
Using Two-step Login (also called Two-factor Authentication, or 2FA) to protect your PassageWay Vault prevents a malicious actor from accessing your Vault even if they discover your Master Password by requiring authentication from a secondary device when you log in. If you’re unfamiliar with the basics of 2FA, check out our Field Guide.
There are lots of different methods for Two-step Login, ranging from dedicated Authenticator Apps to Hardware Security Keys. Whatever you choose, PassageWay highly recommends that you secure your Vault using Two-step Login. In fact, we think it’s so important that we’re happy to offer a few methods for free.
Two-step Login
| Method | Setup Instructions |
|---|---|
| via an Authenticator app (for example, Authy or Google Authenticator) | Click here. |
| via Email | Click here. |
| via Duo Security with Duo Push, SMS, phone call, and security keys | Click here. |
| via YubiKey (any 4/5 series device or YubiKey NEO/NFC) | Click here. |
| via FIDO2 WebAuthn (any FIDO2 WebAuthn Certified authenticator) | Click here. |
Two-step Login for Teams and Enterprise
While all of the above methods can be enabled on an individual-by-individual basis, Teams and Enterprise Organizations can enable the following methods Organization-wide from the Organization’s Settings menu.
| Method | Setup Instructions |
|---|---|
| via Duo Security with Duo Push, SMS, phone call, and security keys | Click here. |
Using Multiple Methods
You can choose to enable multiple Two-step Login methods. When you log in to a Vault with multiple enabled methods, PassageWay will first prompt you for the highest-priority method according to the following order of preference:
- Duo (Organizations)
- FIDO2 WebAuthn
- YubiKey
- Duo (Individual)
- Authenticator App
Any option will work, though. Authenticate with a lower-preference method by selecting the Use another two-step login method button:
