I advise a few different organizations on their IT platforms and security processes.
I use a different BitWarden account for each of these – some are paid subscriptions, and some are Free accounts.
However, I now notice that I can use TOTP Authentication for website logins within all of these accounts. Is it now possible to have TOTP codes generated within Free accounts?
The real reason for this question is that for one organization with a large all-volunteer user base, we would like to recommend BitWarden as a comprehensive personal password management solution. But with the increasing requirement of MFA/2FA for many platforms, we need to be able to recommend a tool that can be used to generate MFA codes, but where we are not requiring these volunteers to sign-up to a paid subscription. (Many will certainly move over to paid plans, but we can’t require this.)
Is this now possible with BitWarden?
(If not, is there another explanation as to why some of my free accounts now seem to be allowing me to use TOTP codes? I am quite sure that they didn’t use to do this.)
Bitwarden has slightly revised the logic around how TOTP codes generate.
Previously, TOTP codes generated if they were owned by a user with Premium, or by an organization that grants TOTP generation (Enterprise, Teams, Families).
It’s not been updated to simply TOTP generates for users who have Premium.
Thanks for the update note to (part of) my question.
– I hope that does not, however, imply that TOTP is, in the future, only going to work for the accounts where I have a paid Premium/Team account. That would obviously create a lock-out for the services where I am using TOTP!
To my other – Primary – question, how about simply enabling TOTP for the Free version, so that we can recommend it as a comprehensive and effective MFA solution for all of our Volunteers? That would certainly increase user uptake for the service.
As long as you have an individual Premium plan (or a Premium plan provided by virtue of being a member of a paid Organization plan), then you will be able to generate TOTP codes for any items that you have access to (items in your individual vault, as well as shared items in organization vaults).
There is a feature request here:
However, I’m not sure that I understand your use-case. You mention an “organization”, but if it has a “large…user base”, then you must be talking about the volunteers using Bitwarden for their own individual logins, not for shared logins belonging to the organization. In that case, could the volunteers not just use the stand-alone Bitwarden Authenticator App?
The “organization” that I was referencing is a real people organization with nearly 1000 volunteers who may have access to some of our on-line resources. We are moving to enforce MFA for these logins.
At the listed costs, there is no way that we could fund the license fees for these users.
It would be ideal if we could point them to BitWarden as an all-in-one Password and Authenticator solution. Many would certainly see the larger scale value in having their own personal subscription.
There is some ongoing development work to make the stand-alone Authenticator App synchronize with the Password Manager App (per the Roadmap), but that is probably the closest you will get to an “all-in-one” solution.
Your other alternative is to support the feature request that I mentioned above.
The amount of functionality that Bitwarden already makes available for free accounts is unparalleled in the industry, and in my opinion, the “all-in-one” aspect is a convenience/luxury, not a necessity. If some of your volunteers place high value on the “all-in-one” aspect, perhaps they would be willing to part with 20 cents a week for this convenience.