Can I Create QR from TOTP?

arrow_to_knee · October 21, 2020, 6:11am

Thank you for your post!

Please search for an existing topic before posting a new one
Please review the feature request rules before posting as well

Feature name

Create QR from TOTP

Feature function

It would be a nice to have feature if Bitwarded would be able to create a QR code out of an existing TOTP code.
So if you enable MFA/2FA at a website you 1st of all copy the new TOTP code to your Bitwarden.
After that you generate the QR code and scan it with another device (e.g. mobile phone).

So you would have a backup of your TOTP in a different location/app.

Peter_H · October 21, 2020, 4:51pm

So if you enable MFA/2FA at a website you 1st of all copy the new TOTP code to your Bitwarden.

Why don’t you do it simultaneously? Add the TOTP to both Bitwarden and your backup-app in the same moment. Then compare the verification codes on both devices with eachother and if they show the same finalize the process.

danmullen · October 21, 2020, 6:40pm

That’s what I do - Bitwarden and Authy at the time of setting up 2FA.

arrow_to_knee · October 21, 2020, 7:07pm

In general yes.
But what would you do if e.g. you break your phone and do not have any backup of your TOTP app.
I’d like to bypass all TOTP apps that have a background synchronisation to a central server.

From my point of view it would be a good possiblity to have a QR generator within Bitwarden, so you would be able to scan all your TOTP entries.

Peter_H · October 21, 2020, 10:01pm

That is why I use Authy and have it installed on both my phone and my PC.

arrow_to_knee · October 22, 2020, 4:56am

Yeah that might be a possibility but Authy is not open source and when it comes to security I rather do not trust any companies which stores such things.

MetBril · October 22, 2020, 5:44am

Why have a second application in addition to Bitwarden? BW is multi device so no need for another app at all. If you lock yourself out of BW you have some serious other issue.

I would only use an app like a Authy to store the TOTP token for Bitwarden itself and store the rest in BW.

There are of course reasons to NOT store TOTP in BW:

you need Premium and you’re cheap
you like to separate your tokens from your passwords and trade in convenience for additional security

arrow_to_knee · October 22, 2020, 6:11am

I agree - I just have a 2nd application as a backup.
To be honest I did not used BW QR scanner (as I was not aware that there is one ).

I had several issues with breaking my phone and was not able to recover any TOTP and had to use recovery codes to regenerate any TOTP I had in use.

That’s why I thought that it might be useful to just scan BW with your mobile phone and have all TOTPs again.

Peter_H · October 22, 2020, 8:16am

Here is another idea for you:
Start a text-document. Everytime you implement 2FA make a screenshot of the QR-code, then add it to that document. So in case you loose access to your 2FA-tool you can re-add those QR-codes very fast just by going from one picture to the next. This way you would not even have to go through every single entry inside Bitwarden to find the TOTP-codes. For already existing TOTP-codes you can re-create your QR-code from a page like this one:

arrow_to_knee · October 22, 2020, 8:39am

Thanks for all the input!

So as this is clear for me now, is there a possiblity to close/delete this feature request?

MetBril · October 23, 2020, 5:25am

You could just leave it as is or ask a forum admin to move the discussion to the support category