The “recovery codes” refer to the codes website gave you after you enable 2FA.
Right now I’m using Secure Notes to store the recovery code but there are multiple downside of doing that:
- There are no association between the Secure Note and the Login, you’ll have to search for the Secure Note when you need it.
- Due to #1, you’ll have to distinguish recovery codes between accounts if you have multiple logins of the same website.
- There’s no way to check off a used recovery code, you’ll have to edit the note as a whole.
- There’s no way to enforce that if you have TOTP enabled, you must have the corresponding recovery codes.
It would be great if recovery codes can be treated as the first class citizen in Bitwarden.
For 1 and 2, you can use the “notes” field for a login to store / relate recovery codes to a login.
For 3 and 4, you’re correct, those aren’t available today. Keep the ideas rolling!
Ah I didn’t notice the notes field of a Login.
While this does solve 1 and 2, my current way of storing recovery codes in Secure Note does have an advantage of avoiding sync conflict. Considering the workflow to add 2FA to an existing Login:
- Use your phone to scan the QR code
- The website gave recovery code, use browser extension to store them in “note” field of the Login.
My past experience suggest editing the same Login from multiple devices will risk loosing one of the edits (see also https://github.com/dani-garcia/bitwarden_rs/issues/780, but I don’t know if the same issue would happen with the official server).
If the concern above is not valid, then yes 1/2 can be solved, and 3/4 is something nice to have and not a must have.