Deleted Bitwarden's TOTP, no recovery code, passkey not working, Bitwarden clients still logged in, can't log into the web app, what can I do?

Ask the Community Password Manager
, ,
1

Hi,

I’m thinking I have a unique problem.

I accidentally deleted my Bitwarden code from Google Authenticator.

I have Bitward open in both my Chrome browser on my laptop and on my Android phone.

However, I now can’t re-install the code as I cannot log into the Bitwarden Wedapp.

I cannot find my recovery oce and when I select Login with Passkey with my Android Bitwarden app open it doesn’t work.

I’ve exported my vault just in case but surely I’m missing something and I don’t need to create a new account?

Many thanks, Scott.

2

Hello and welcome to the community :waving_hand:

  1. Where is the passkey used to log in to Bitwarden stored — in the Bitwarden vault?
  2. Do you have ANY browsers on ANY devices where you might have logged into the web app and clicked “Remember this device for 30 days”?
3

Thanks for the prompt reply. I wouldn’t have accessed the webapp for months and months, had no reason too as I was well setup.

The passkey I’m getting confused, it opens a Bitwarden pop-up and asks for my fingerprint to open the Bitwarden vault but then nothing happens.

4

@ScottD Welcome to the forum!

Regarding the export: make sure it’s either a JSON or ZIP export (the latter is unencrypted, but also would contain attachments if you had any). And make sure, it’s not the account-restricted encrypted JSON export you chose!

Regarding your vault, and I hope I don’t forget anything, but: if you don’t have any of these, your vault is effectively lost now:

  • your TOTP seed code you deleted (e.g. stored somewhere else, written down on your emergency sheet etc.)?
  • your 2FA recovery code (stored on your emergency sheet – or somewhere in your vault ?)
  • did you ever set up another one of the 2FA options besides TOTP (email, “passkey”, Yubico OTP, DUO)? (–> you would see the option “Select another method” when you try to log in to any of the BW clients)
  • a working login-passkey (–> works without 2FA, and you could login to the web vault and change your 2FA options)
  • did you ever set up emergency access?

Are you sure your “passkey” is a BW login-passkey – or could it be a BW 2FA-“passkey”?

Do you remember where (which device) and/or in which condition you could use it the last time?

Hmm. Losing the second factor might not be that unique…

5

Yes, the passkey part is tricky because you must set it up explicitly; if you didn’t, it would still appear as an option that “doesn’t work.” You need to remember whether you set it up, and where you stored the passkey. As in @Nail1684’s linked pages, the setup screens would look like this:

Setting up passkey and “Passkey login”:

Setting up passkey as “Passkey 2FA”:

Bitwarden Passkey 2FA screen Screenshot_2025-12-31_at1.52.00â_PM
Bitwarden Passkey 2FA screen Screenshot_2025-12-31_at1.52.00â_PM1259×1017 60 KB

6

Thanks for the screenshots, but this is inside the Webapp which I can’t log into without authenticator.

I have the BW app open on 3 devices, why can’t I use one of these devices as 2FA login?

It seems silly that I might have to create a new email address to create a new BW account when I’m still logged in, just can’t get into the Webapp???

7

I was showing the screens to jog your memory to see if you created a passkey in the past that would let you log in without another 2FA — it seems you didn’t.

Without another 2FA or a recovery code, your best option may be to create a new account, import the data, verify the data, then delete the old account. This time, set up multiple 2FAs and keep the recovery code safe. For 2FAs, continue using a TOTP authenticator, and if you use a Windows machine, use Windows Hello as the passkey authenticator.

For TOTP authenticators, consider using one that lets you export data periodically so you don’t repeat this problem. Ente is usually recommended as it’s cross‑platform. I personally use 2FAS (app).

8

Because that is not one of the 2FA options available. (we only have “Log in with device” which doesn’t replace 2FA)

Well, your problem is not only that you can’t log in to the web vault. At the moment you cannot log in to any new instance of any BW app/client. You essentially lost the ability to perform a new log in entirely, that’s why I wrote earlier that you already lost your account. (only exception: current instances where you might have checked “remember me (2FA) for 30 days” for a login)

And isn’t that exactly the kind of protection that 2FA is for? It’s exactly doing what it’s supposed to do: blocking any login attempt where the second factor can’t be provided.

And there is no magical backdoor BTW – 2FA can’t be circumvented here.

9

Plus addressing can be your friend here. If your email is scottd@gmail.com, you can also use scottd+Bitwarden@gmail.com and any messages will arrive in your scottd mailbox.

If you do decide to start over, I recommend doing so with a new (or plussed) email address, and leaving at least one device logged in on the old account until you are sure that the new account is working perfectly.

Once done, you can delete the old account and optionally rename the new one to the original name (using the web vault).

10

Thank you all for the responses, I totally understand the 2FA process.