Voted, i would really like to see this feature
Additional to this feature, I would like to request that within the security options on how you can choose users to hide password access, I would like to choose to just hide access to the TOTP code if a user is given access to a password.
- If there is a malicious party that wants to access a password protected site it would need the TOTP code, if that malicious party were to view the actual code that is pasted into the TOTP field then they would be able to replicate the TOTP code on any authenticator.
- for general security please also add a feature in which the TOTP number generated would only be visible and not the actual code pasted into the field to generate the 6 digit code.
Voted too, I’m in favor of this improvement.
Authenticator key should be treated like a secret by Bitwarden’s UIs — it should be hidden (replaced with
Currently, when I press ‘Edit’, password is hidden, but TOTP secret is visible. Why would I ever want to see it or partially edit it?
In my opinion there shouldn’t be a feature request necessary for this, it’s rather a security flaw to show the SECRET each time when opening the password record.
The reaction shown on Make "Authenticator Key (TOTP)" as sensitive · Issue #842 · bitwarden/web · GitHub isn’t how this should be handled.