When I imported from CSV to bitwarden, I didn’t specify any TOTPs for anything.
But it is showing the same bogus TOTP, specifically for Google for Nonprofits logins.
In the summary (Android and iOS), it shows:
TOTP(1) Verification codes: 8
Tapping on “Verification codes” shows the 8 logins, all with the same 6 digit number counting down.
Tapping on one of the users shows the Authenticator key to bring up their details also shows the 6 digit number counting down, but when I hit the edit pencil, it does not show any authenticator key, and gives me the option to create one.
Since there is no code in edit, there’s no way to make the bogus code go away that I can see.
I have synced, and this shows in both users that I have so far. These logins are in our Community vault, not our individual ones.
I have the family plan.
I didn’t find anything like this in search. Is this a known issue? Is there a fix?
I made a login for the Have I Been Pwned feedback forums. Just now, I noticed that Bitwarden is generating TOTP codes for it, despite the fact that I have no TOTP seed entered into this account. What’s the deal here?
@Damariobros I’ve just moved your post to a corresponding thread. As you can see, there is an open bug report concerning this issue in the Android repository so far.
Unknown TOTP entries are being generated with new logins on my iOS Bitwarden app, and I can’t remove them.
This has happened three times so far when I created a new login item on my desktop web extension (currently on Windows), and then on my iOS app it will have a new entry under the “TOTP” section’s “Verification codes”. For example, this happened as I signed up for community.bitwarden.com, it never asked me to setup any 2FA or Passkey, and I can verify that the login item has no “Authenticator key” set. Yet, on my iOS app it’s showing me genuine(?) codes being generated for this site every 30 seconds. If I click on it on the mobile, it brings me to the login item, but there’s no Authenicator key set there either. It also doesn’t allow me to delete the TOTP entries from the “Verification codes” list.
Suspiciously, all three entries this recently happened with have the same TOTP, so they’re either all linked somewhere, or they’re being generated with the same seed (or both?).
All three entries do not have any 2FA, passkeys, or Authenticator key set. Why does this happen, and how can I get rid of these seemingly defunct TOTP entries? Long press or swipe do nothing either.
With the community. bitwarden. com example shown. All entries ending in “98” are generating the same codes.
Anything I can do to prevent these from being generated with every new login entry? I just created a completely irrelevant entry with just a test name, email, pass, and set the URI to google . com, and it generated another verification code entry that I can’t remove
(Sorry it won’t let me upload screenshots because I’m a new user!)
I have moved your post into this thread, which is about the same type of problem. Although the bug report linked above is posted in the Android repository, two users have commented in the discussion thread that the same problem occurs on iOS. It seems like a fix was merged on March 31, so it will hopefully be available in an upcoming release.
