Authenticator codes incorrect when transfering from google

Hi,

I have Bitwarden as my password manager which i pretty much exclusively use on my phone and ipad.

I’ve tried copying the codes from my google authenticator app to Bitwarden and they codes are always wrong.
I’ve tested this using Apples/iOS ‘Passwords’ app and it works absolutely fine.

Tried this on both my iPad and iPhone

The time zones etc are all working fine. Not sure what the issue is, any ideas?

For ref –
Premium member for Bitwarden
Using latest operating software for both pad and phone

@Unknownpanic Welcome to the forum!

It is not sufficient to have the correct Time Zone. You must ensure that the system clock on your device is correctly synchronized — the best way to do this is to use your operating system’s functionality to force the system clock to synchronize to a time server, and the second best option is to manually synchronize the clock using a time server — for example, go to https://timegov.nist.gov/, and check the information in the black box in the lower right corner of the webpage (“Your Device’s Clock”):

image

Checked this - I’m off by +0.001s which i doubt is enough to cause an issue.

The codes also work when transfereing to other authenticator apps, it seems only Bitwarden is having issues.

I’m assuming all the other apps are using the same time i.e. the time set by my phone.

So i’m starting to think the timing isn’t the issue.

If the different authenticators you are comparing are running on the same device, then the system clock is not the issue.

Most likely something went wrong in this copying process, and you gave Bitwarden something that is not a valid authenticator key.

If you edit the Bitwarden vault item and toggle the visibility of the “Authenticator Key (TOTP)” field, you should see something that looks like the following:

otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi

If it looks more like the following, then you have not transferred the code correctly:

otpauth-migration://offline?data=CjYKCjc0YTA3ZTliNTASE0VUSElDQS3EsEhTQU4gQUxUVU4aDWV0aGljYXNpZ29ydGEgASgBMAIQARgBIAA%3D

Can you check this?

Yep looking more like the bottom one…

otpauth-migration://offline?data=CjYKCjc0YTA3ZTliNTASE0VUSElDQS3EsEhTQU4gQUxUVU4aDWV0aGljYXNpZ29ydGEgASgBMAIQARgBIAA%3D

Any ideas on how to fix it?

Used my phones camera to capture a QR code from the iPad screen (google authenticator)

You will need to convert the exported data using a third-party tool. A few such tools (none of which I have vetted) are linked at the bottom of my post. Alternatively, if you were able to successfully import the Google QRs into the iOS Passwords app, is there a way to export the TOTP secret keys from that app?


Edited to Add:
Evidently, Bitwarden’s stand-alone Authenticator app does have the ability to import QR codes that were generated by the Google Authenticator export. Thus, in case you can’t use the iOS Passwords app for purposes of converting the QR codes, you could import the Google QR codes into the Bitwarden Authenticator app, then export the TOTP secrets and import or paste them into your Bitwarden Password Manager vault.


Yes I agree, it doesn’t work. At least the codes I tried for GAuth to BW. :handshake:

Just today I tried to export the TOTP key from Google Authenticator into BW (Paypal). I used 2 phones and only exported the one account. The BW help file states this is viable method.
BW reported success but the code was wrong so the BW importer does not read codes from the GAuth transfer (or maybe some but certainly not all).

The only workaround I found was to remove 2FA from Paypal then add it back and this time I used the hex string which I could add to both GA and BW. :grinning:

@DoctorB Please read my response above. The QR codes exported by Google are not designed to be imported into other authenticator apps. Therefore, they must first be converted into standardized authenticator keys before they can be transferred into Bitwarden’s Password Manager (or other non-Google authenticators — unless it is an authenticator that has implemented an import tool for Google QR codes).

Could you link to the file you are referring to? If this is what you saw, then that applies to the stand-alone Bitwarden Authenticator app only, not to the integrated authenticator in the Bitwarden Password Manager.

FWIW, you should be able to import the Google QR codes into the Bitwarden Authenticator, then export them as standardized TOTP secrets; this will allow you to import (or copy/paste) the secrets into your Bitwarden Password Manager.

This is the text I looked at for advice.

I had not considered 2 distinct apps.
Now I check the app store I do see 2 BW apps, 1) BW Password Manager and 2) BW Authenticator.
So your saying the QR code reader in the BW Authenticator app works differently to the QR code reader in the password manager. Hmm I had not expected that.

Good idea to use the BW Authenticator, I just assumed Google had made it impossible for other vendors to read their export for security reasons.

Not impossible, but they definitely made this more difficult than it had to be, presumably to lock users in to the Google ecosystem.