On Friday, I was trying to install some gpu drivers and unfortunately I had to reinstall windows. I’m now on a fresh windows install and bitwarden won’t accept my verification code from 2fas. My laptop has the bitwarden extension as well but it isn’t working there either. I’m still able to access my passwords through my pass thankfully. Do I have to wait it out or could resetting my PC have bricked the login process?
Hello Kami and welcome to the community!
Usually, when there is a TOTP error problem, it’s often related to the time. Make sure your mobile device where 2FAS is set up is time-synced. On Android, it’s usually “Set time automatically,” and make sure your device is in the right time zone.
On Windows 11, just in case you need to check this, it’s also “Set time automatically,” and make sure that the time zone is correct. You can force a sync here as well.
1 Like
Hi and thank you for your response. I verified that my phone was in the correct time zone and I did the same on my PC which has windows 10. Neither worked unfortunately. How do I force a sync exactly?
This is not sufficient. Try one of these methods:
If all of them fail, manually adjust your clock (to the correct hours, minutes, and seconds) using the time displayed here:
To see how far off your device clock is from the correct time, refer to the information in the black box (“Your Device’s Clock”) in the lower right corner of this webpage.
I tried all of these but I’m still encountering the issue. I even tried to login on the bitwarden app to rule out the de-sync issues but the problem persisted. Would it be best to delete my vault and start over as I don’t have my recovery code but I do have the ability to export my passwords.
Did you do it on both the PC and on the phone? If you are getting the TOTP codes from your phone, then ensuring that the clock on your phone is accurate would be the most important factor in getting this to work.
Also, did you ever retrieve and save the Two-Step Login Recovery Code from your Bitwarden Web Vault? If you have the code, it should be easy to recover from this situation. [Edit: I see now that you have already answered this question, in the negative, unfortunately.]
-
Not having the 2FA recovery code is unfortunate. (next time, write it down on your emergency sheets)
-
Yes, I would recommend to make an export, as you are “in danger” to lose access to your vault right now. – You should also try to stay logged in at least in one of the apps. (I hope you didn’t log out on your phone for the log-in-test)
– choose JSON export - and be aware, that it doesn’t contain any attachments, Sends and items in the trash
To re-phrase it a bit: on your phone, did you sync the time manually already?
And here some more - maybe far fetched - ideas:
-
are you sure, you are using the right code from 2FAS? (maybe you administrate other Bitwarden accounts, e.g. for family members)
-
did you change anything with 2FAS? Or put in other words: are you sure, that same TOTP entry worked - let’s say last week/month - perfectly fine?
-
did you change your TOTP code some time ago and could it be, you put it somewhere else? (another authenticator app?)
-
did you ever set up other 2FA options for Bitwarden? (but maybe you already tested “Use another option” in the login process - and it only shows the 2FA recovery code?!)
another thought… copy the TOTP secret out of 2FAS (it is about 32 random characters long). Then, paste it into a different TOTP generator on a different device. The two should generate the same code. If not, that strongly points to a clock issue.
You might also try the TOTP code from the other device if the two differ.
I would like to reiterate what @Nail1684 said. You are at risk of losing your vault. To prevent data loss, you really do need to create a JSON or ZIP export of your vault. It can be unencrypted or password protected, whatever makes you most comfortable. Don’t pick “account restricted”, though. Those are impossible to reimport if you need to start over.
1 Like
@grb I did set the timezone automatically on my phone and even manually after Nail1684’s recommendation. But it still doesn’t work even though other devices in my home have the same time.
In response to Nail’s questions:
- This is my only bitwarden account at the moment.
- I rarely log into my vault but to my knowledge it was working perfectly fine before I reset my pc. I did fail to mention that I also reset my phone. I’m not sure if that would cause issues as well as I was able to log into 2fas with my email.
- I never changed my code or used any other authenticator app besides 2fas.
- Unfortunately I didn’t setup any other 2fa options for bitwarden. The only option being present besides the verification code is the recovery code.
@DenBesten I did transfer my secret to google authenticator and it provided me with the same verification code but it still didn’t work unfortunately.
Thankfully I’m still logged in on one device and I have exported a backup of my passwords. If there are no potential options I should be able to remove my account and start over.
Just for clarification: I meant to manually sync the time/date - not the timezone (though that should also be done!) and not to set the time manually, but only to sync manually.
(though, I just checked on my Android 14 device, there is only the option to set the time automatically - I could have sworn there was, maybe a hundred years ago, an option, to “sync manually”… I’m not sure how it is on iOS…)
Well, the confusing thing is - and I alluded to that and @DenBesten brought my thought further down the line - if your seed code was in 2FAS, and was part of the 2FAS sync (I’m not even sure, if you could have entries in 2FAS, that are not part of the sync ?!), and you didn’t change anything with the seed code… then it should still be the right and working seed code. 
A critical thing here would be, to try it not only on a different authenticator app, but on a different device. TOTP codes are time-dependent (TOTP = Time-based One-Time-Passwords) and every authenticator app on your device computes the 30-second-TOTP codes based on the current (!) time/date of your device, so every authenticator app produces the same code on a given device (for a given seed code).
And again, if your seed code would be still the right seed code, then in a way only the wrong time/date can result in a wrong 30-seconds-TOTP code - and that can only be “tested”/corrected with either setting the time correctly and/or using a different device (that hopefully has the exact time/date).
(that’s why we focused on syncing the time/date: the usual reason for a valid TOTP code stopping to work is that the time of the device, where the TOTP code get’s computed, get’s out of time sync…)
… But, if it still doesn’t work - for whatever reason - and you neither have another 2FA option nor the 2FA recovery code, then yeah, your only remaining option is to start over with a new account. – Here the links for account deletion without logging in:
- US/.com server region: https://vault.bitwarden.com/#/recover-delete
- EU/.eu server region: https://vault.bitwarden.eu/#/recover-delete
I would probably first set up a new account and wait a few days before deleting the old one…
PS: And if on the other hand the seed code got changed, corrupted or in whatever way invalid somehow, it would be good to “investigate” for you how that could have happened - and prevent it from happening again…
I just tried the manual sync again but as you mentioned there isn’t exactly an option for it. I just turned the “set time automatically” option on and off. It sets the correct date but still no dice. I tried google authenticator again but this time on a family member’s device but it still didn’t work even though they showed the same code.There was a small delay between the two but still the same code. In regards to the potential reasons for this issue.In regards to what might have caused it, I do have a hunch that I’d like to rule out. Prior to this issue I reset my phone due to a belief that it was compromised, some sketchy stuff happened I believe it may have been a rat of some kind. Is it possible that someone might have taken my secret key and used it on their device and that’s causing these issues.
Someone taking your seed and using it on their authenticator would generate the same code, not taking away the ability to use your code/authenticator.
Someone breaching your vault, disabling the old seed, and provisioning a new one would disallow using the old seed, the only one you have. You should check:
- Have you received a new device login (type, IP) that you do not recognize? This is from “[email protected]” with the subject beginning with “New Device Logged In.”
- Have your other important accounts had unauthorized access?
1 Like