More than one TOTP per item

For example Kraken.com (Cryptotrading) uses a normal TOTP for login but I can also enable additional TOTP for withdraws/desposits and trade orders. It would be nice to be able to store them in one item.

This is also relevant when using LDAP/AD with 2FA:
I have one login item for my Active Directory account with a URL entry for every app that uses LDAP as auth backend.
Currently it’s only possible to store one TOTP in this password item, although every linked app provides its own 2FA token.

Since the AD credentials are currently used for about 10 apps (wordpress, jitsi, mediawiki, gitlab, netbox and so on), I would rather not create separate login items for every app - updating those would become pretty annoying. Also, the duplicate password finder would report those entries although they are actually the same account.
Creating login items with only TOTP and URL fields filled does not work conveniently - the generated token is not automatically copied to the clipboard since the login credentials were filled from another login item without a TOTP entry.

I think the best way to rework this would be to make it possible to provide multiple TOTP entries item-wide as well as URL-specific.
When a URL-specific TOTP and an item-wide TOTP are found, then the URL-specific should obviously be preferred if the URL is matching.

That way, @Blobby could define a general TOTP for the login item and the second one for the withdraws/desposits URL(s) and still have bitwarden autofill them correctly.
Same goes for my several LDAP backed apps.

3 Likes

I have the same use case as @davidwinterstein. Our company uses AD as much as possible, so I now have almost a dozen sites I can use with AD. But they all require a different TOTP 2FA token. I would love to be able to link a different TOTP to each URL filter attached to a login.

I guess no news in this one right?

Not at the moment, but this could be an interesting community contribution if someone felt so inclined :slight_smile:

2 Likes

Hmm… So… I’ll stay with Enpass - it can store more than one OTP in 1 login entry.

Ditto for me too. Multiple 2FA TOTP entries for a single login entry would be very useful!

I would love to see this implemented too, and it doesn’t seem like it would be super cumbersome to add it either.

I think the Idea of @davidwinterstein is great for autofill but requires a lot of changes as it interacts with the URI mapping while for most people (at least myself) it would be no problem to copy the addition code manually when needed. The time saved by not having to search the second item in the vault is a huge improvement already.

Would it be an option to just add TOTP as a type for custom fields? On the backend site they are like a secret field that stores the seed (so almost no changes needed) and the frontend calculates the TOTP value (code already existent).

Scenarios where autofill for the additional tokens is needed can still be modeled with multiple items with different URIs, but the complexity of this aspect would not block this topic in general.

1 Like

Once this feature is available I can move to bitwarden.

My opinion for devepers:

  1. Make 1 entry of OTP available for auto-fill
  2. 2-nd (and others) optional and swithable with main entry in GUI

Profit?

Same issue here. ActiveDirectory with one password but multiple Login places with different TOTPs. It would be perfectly sufficient if it was a custom field with the primary TOTP being automatically copied to the clipboard.

Second, Third and Fifteenth that request.