I created a new entry for a bank and spotted a Verification code field so I entered my card reader’s PIN and ripped up my PIN advice note.
Today when I wanted to login, I found my new entry in BW but now it says that this field requires a Premium subscription!
I had issues with my login anyway so it looks like I’m hosed!
Why does BW allow you to enter data into a field with no warning at all that it will subsequently then lock it away behind a premium subscription?
Hey @MrB, you should be able to copy the secret into any number of free TOTP generator apps. Even without premium, you can keep a copy of the seed in Bitwarden as a backup.
First click onto Edit or the pen-symbol then you will see the “Authenticator Key” which as @dwbit explained can be added to any free TOTP generator app. My choice is Authy.
Oh how bizarre, surely it’s not meant to be like that i.e. the copy icon is missing? And why plaster a premium sub req’d notice all over the field?
Phew, at least I’ve got my PIN back.
Just to clarify as you keep referencing a PIN.
The verification code field in Bitwarden uses TOTP for 2FA codes, generally given by a website you wish to enable MFA for in the form of a QR code and a manual entry “code” in place of the QR code for the TOTP secret.
Generating the TOTP 2FA code is a premium feature as others have mentioned, though there are additional free authenticator apps out there that will allow you to scan the QR code and get the TOTP 2FA code as well.
If this is just a miscellaneous bit of information for your banking account you created in the Bitwarden login, i.e a login PIN, card PIN, etc. I would suggest the use of custom fields in your Bitwarden entry as this is free and will allow you to easily reference this back when needed if this is your use case.
I tend to use the hidden type of custom field for more sensitive data such as account numbers, PINs, etc.
OK - all those acronyms make my head spin! And I’m afraid I don’t get the difference between PIN and codes. To me they are both numbers that certain sites now require to be plugged into something else e.g. card reader.
But tx for the recommendation to use a hidden custom field as that fits the bill!
Not an issue an all, happy to help!
There certainly are tons of acronyms for things online and in IT, heck some acronyms are the same but can mean completely different things!
The main difference here would be that a card PIN is something you know, while the card itself is something you have. Banks have been using MFA for years without many of us noticing.
A PIN however is a static code that does not change, every time you need to authenticate with your bank you may need to insert your card into the computer card reader, then verify your PIN and your card chip reader will create a one time password that authentics with the bank on the backend.
I had to do a bit of reading as I was unfamiliar with computer card readers other than at Point-of-Sale terminals, as they are not common in America for online banking.
The TOTP code is a time based code, the main difference is that this type of code is not static but dynamic. Meaning that the code generated is only valid for a certain amount of time (typically 30 seconds) before expiring and presenting you with another different new code.
Glad you got it working though and the options presented helped.