Authenticator Key (TOTP) toggle visibility option

Feature name

  • Authenticator Key (TOTP) toggle visibility option

Feature function

  • What will this feature do differently?
    Usually Password field has a Visibility Option when you add/edit an item but with TOTP I noticed there is no such option.
  • What benefits will this feature bring?
    There are known Malware that spy on your current desktop by taking screenshots of it and sending them online or people who would spy on you thru various means. It would be a good feature to make TOTP hidden when you are adding/editing just like in the Password field.

Related topics + references

  • Are there any related topics that may help explain the need and function of this feature?
    Not sure if there are any topics.
  • Are there any references to this feature or function on other platforms that may be helpful?
    I have tried numerous password managers, one example is KeePassXC, their client has the TOTP hidden when you are editing the TOTP Entry.


Ref. link Make "Authenticator Key (TOTP)" as sensitive · Issue #842 · bitwarden/web · GitHub

Voted, i would really like to see this feature

Additional to this feature, I would like to request that within the security options on how you can choose users to hide password access, I would like to choose to just hide access to the TOTP code if a user is given access to a password.

  • If there is a malicious party that wants to access a password protected site it would need the TOTP code, if that malicious party were to view the actual code that is pasted into the TOTP field then they would be able to replicate the TOTP code on any authenticator.
  • for general security please also add a feature in which the TOTP number generated would only be visible and not the actual code pasted into the field to generate the 6 digit code.

Voted too, I’m in favor of this improvement.

Authenticator key should be treated like a secret by Bitwarden’s UIs — it should be hidden (replaced with * chars).

Currently, when I press ‘Edit’, password is hidden, but TOTP secret is visible. Why would I ever want to see it or partially edit it?

In my opinion there shouldn’t be a feature request necessary for this, it’s rather a security flaw to show the SECRET each time when opening the password record.
The reaction shown on Make "Authenticator Key (TOTP)" as sensitive · Issue #842 · bitwarden/web · GitHub isn’t how this should be handled.