I have a big problem on my PC. On every Browser (Edge, Chrome, Firefox or PC APP) the 2fa Code what i get not work. On my Smartphone is working fine but on my PC. I have update my PC App to the latest Bitwarden-Portable-1.31.3 an on my Browser the latest is 1.55.0. I dont know why is not work on my PC. My Windows 11 is very new, make it yesterday fresg with clean install.
Check the system time and date on your PC to see if it is out of sync. That is a very common cause.
3 Likes
Hi,
i have the same issue. I am using Win 10 and Chrome and I do not get any 2FA codes anymore. Have to turn to my app to get them. System time is correct.
It did work until a few days maybe a week ago.
Best
Martin
Just a guess, but this might be the issue:
I logged out and in again and it seems to work for now.
I have the exact same issue - I even went so far to disable the 2FA on an account only to get the completely wrong code from the App which wasn’t accepted by the website which is when I found this issue.
I disabled and reenable the date/time-check on Windows to trigger a re-sync (even though the time was identical with the time on my phone which had the correct 2FA-Code) and I logged out of Bitwarden and logged in again.
Could the issue be related to the fact that my PC was running for more than 24 hours (4 days to be precise) since I’m currently doing backups of all my stuff?
Thankfully I still have WinAuth as a backup for 2FA on my PC without having to use my Phone (which is a strong indicator that it’s actually a bug with the Bitwarden-Client and not with my PC-Time)
Edit: Just as I was writing this the 2FA-Codes from Bitwarden and Winauth synced up again and both are working again even though I didn’t try anything new in the last 30 minutes
I have similar problem and even after sync the codes that are generated are different on the phone and on the browser and after setting ottp from the phone it work but not from the chrome browser, I checked ottp links and the are identical look like so, and done sync like twice just to make sure that I have not missed it the first time , when clicking edit link looks like that: otpauth://totp/somesite%20-%20Sign-in%20(user)?secret=thisnumberissame&issuer=somesite.com&algorithm=SHA1&digits=6&period=30
why numbers that are generated are different on each of the device?
You need to ensure that all of your devices have recently been synced to a time server (e.g., time.nist.gov).
Is there any reason for such behaviour? Is it result of new encryption feature that got rolled out that demands sync with specific time server? Or is it that timeservers misaligned? What could have caused it because until recently all my devices worked with 2fa and i did not have to sync to any specific tine servers?
The meaning of “TOTP” is Time-based One-Time Password. It works by taking the system time, and mathematically combining this information with a shared secret (the TOTP authentication key, which should be known only to you and to the service you are logging in to) in such a way that a specific 6-digit code is derived. The value of the 6-digit code is therefore dependent both on the authentication key and on the current system time. On order for the authentication to be successful (i.e., for the 6-digit code that you type in to match the 6-digit code that is expected by the server you are trying to log in to), not only does your authentication key need to match the authentication key stored on the server, but your device’s system clock needs to match the clock on the server.
Therefore, it is essential that your device clock is accurate. The best way to ensure its accuracy is to use a time server. The TOTP does allow for a small amount of lee-way in the clock accuracy (which is why a new code is generated only once every 30 seconds), so it is possible that your device clock was always inaccurate, but never sufficiently inaccurate to result in an incorrect TOTP code. It is normal for the clock accuracy to drift over time if you make no effort to synchronize the device clock to a time server, so evidently, your device clock has recently drifted sufficiently far away from the true time that it is generating incorrect TOTP codes.
Same here in Australia on two different computers, both synced up to ensure time is correct. I think Bitwarden has a problem.
I can still access the vault via my iPhone and fingerprint, but not via Yubikey.
Looks like this might be the issue:
" In preparation for the 2023.5.0 release, Bitwarden will be undergoing server and web maintenance →[date-range from=2023-05-30T21:00:00 to=2023-05-30T23:00:00 timezone=“America/Toronto”]Updates will be posted on the Bitwarden Status page. Windows 8.1 and Windows Server 2012 users, please read this post."
The fact the URL they refer us to is broken is rather annoying…!
“Same” meaning that the 6-digit TOTP codes generated by your two computers differ from each other? What time servers are you using on the two computers, and when was each computer last synched to the time server? This type of issue (inconsistent TOTP codes) has nothing to do with Bitwarden, because the codes are generated locally, on your device.
Â
Bitwarden is currently doing scheduled maintenance on their servers, so you may have some problems logging in to a Bitwarden client that is fully logged out (while still being able to unlock any Bitwarden clients that were previously logged in ). This has nothing to do with your TOTP codes being inconsistent between different devices, though, as explained above.
It is probably a reference to the information published in the “Warning” box in the release notes for Version 2023.4.0. A similar notice was posted on Reddit, so I’m not sure why the corresponding post in the Community Forum was removed. Are you using Windows 8.1 or Windows Server 2012?
Same (outcome) in that I couldn’t login with 2FA. I didn’t imply anything about the TOTP codes being the same. The fact that the identity service is down now explains the behaviour on both computers.
It would have been really helpful if BW had sent an email advising of this maintenance outage. It may be late night in the US but its prime business hours in the rest of the world. Putting up a notice on the website only is unhelpful if you don’t routinely visit the website. I say this as someone who’s been involved in IT service delivery for many years… It comes back to communication, communication, communication.
Ian
They are deffinately done something half of my 2fa work half of them don’t. Something is terrible wrong.
Have you synced the system clock of your devices to an Internet time server (e.g., time.windows.com, 'time.apple.comortime.nist.gov`)?