Inactive two-step login Report Incorrect

The Inactive two-step login report is useful, but apparently just guesses (?) at which logins have 2fa set up. Some of the accounts with active 2fa still show up in this list.

  1. How does it determine this?
  2. How can I tell it that an account does indeed have 2fa set up?

Bitwarden uses the crowdsourced 2FA Directory database to determine which sites offer TOTP as a 2FA method. It then check each URI that is stored in your vault against the database. If a URI includes a domain found in the database, then Bitwarden checks if the corresponding login item in your vault contains a non-empty value in the “TOTP Authentication Key” field. If yes, the report indicates that two-step login is active; if no, the report flags the URI has not having active two-step login, even though the site offers the option to set up 2FA via TOTP.

2 Likes