Hi,
Hiding the TOTP key in user interface is not sufficient as this key exposure to the client enables duplicating.
For those who wants to avoid credentials duplication, please review [1] feature request.
Regards,
Alon
[1] Restrict Access to TOTP Authenticator Key - #10 by alonbl
when i edit an item the password is hidden, but the totp secret is shown. Can you make it so its hidden by default and make a toggle just like its for passwords?
The totp secret not being hidden is a massive security hole, how could that be?
@aaaaa Welcome to the forum!
Which version of Bitwarden are you using? This has already been fixed in the browser extension, so hopefully it will be updated in the Desktop and Web apps, too, in the near future.
Talking about the web app. Haven’t used the desktop app yet