Keeping 2fa codes in bitwarden. I don't get it?

Please could someone help me understand how you can store the 2fa codes when they change all the time, is there a hidden code/password behind those codes that we don’t see? and if that’s true does this secret change with every new code.

Thanks

@Jem Hi!

You are talking about the “integrated authenticator” (Integrated Authenticator | Bitwarden Help Center) in Bitwarden for so-called TOTP-codes.

TOTP = Time-based One-Time-Passwords

Yeah, this “hidden code” is usually called seed code/phrase or secret key.

From there, a the mostly 6-digit-TOTP-code is created, dependent on the current time → that is, why it is a time-based one-time-password (= TOTP).

There are usually two ways to get the TOTP seed code into Bitwarden’s integrated authenticator (or any other TOTP-2FA-app for that matter):

  1. scan the QR-code (the QR code contains the seed code)
  2. or enter the seed code / secret key manually

Here again the link to the help sites, where you get more explanations etc:

PS:

No, the seed code / secret key stays the same. (unless you reset 2FA for the regarding service/account, set TOTP up again etc.)

1 Like

Thanks good to know I was on the right track :+1: is there a good video that explains what I asked?

1 Like

I would suggest, try it for yourself.

  1. Go to the service/account where you want (and can) add TOTP.
  2. Start the process there, to add TOTP-2FA.
  3. Open the Bitwarden browser extension, go to the corresponding vault item and either scan the QR code of the service with the Bitwarden-browser extension or enter the seed code manually.
  4. Save it in Bitwarden and follow the process on the service/account site (usually they want the first generated TOTP code to be entered, to check that the storing of the seed code was successfull.)
  5. That’s it more or less. Now you can use it for the next login.

Two comments to that:

  • make a backup of each seed code so that you never lose access to that account (and adding to that: many sites offer “backup-codes” or “recovery codes” or something like that → store that as well to have a backup)
  • should have mentioned that before (hopefully you know it already): to use Bitwarden’s integrated (TOTP) authenticator, you have to have a premium subscription (because this feature is not included in a free Bitwarden account)
1 Like

If you still want a video - there’s a great short one at How HOTP and TOTP work (youtube.com). Note it also covers HOTP which is not much used for the reasons given at the end of the video.

2 Likes

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.