For example Kraken.com (Cryptotrading) uses a normal TOTP for login but I can also enable additional TOTP for withdraws/desposits and trade orders. It would be nice to be able to store them in one item.
This is also relevant when using LDAP/AD with 2FA:
I have one login item for my Active Directory account with a URL entry for every app that uses LDAP as auth backend.
Currently it’s only possible to store one TOTP in this password item, although every linked app provides its own 2FA token.
Since the AD credentials are currently used for about 10 apps (wordpress, jitsi, mediawiki, gitlab, netbox and so on), I would rather not create separate login items for every app - updating those would become pretty annoying. Also, the duplicate password finder would report those entries although they are actually the same account.
Creating login items with only TOTP and URL fields filled does not work conveniently - the generated token is not automatically copied to the clipboard since the login credentials were filled from another login item without a TOTP entry.
I think the best way to rework this would be to make it possible to provide multiple TOTP entries item-wide as well as URL-specific.
When a URL-specific TOTP and an item-wide TOTP are found, then the URL-specific should obviously be preferred if the URL is matching.
That way, @Blobby could define a general TOTP for the login item and the second one for the withdraws/desposits URL(s) and still have bitwarden autofill them correctly.
Same goes for my several LDAP backed apps.
I have the same use case as @davidwinterstein. Our company uses AD as much as possible, so I now have almost a dozen sites I can use with AD. But they all require a different TOTP 2FA token. I would love to be able to link a different TOTP to each URL filter attached to a login.
I guess no news in this one right?
Not at the moment, but this could be an interesting community contribution if someone felt so inclined
Hmm… So… I’ll stay with Enpass - it can store more than one OTP in 1 login entry.
Ditto for me too. Multiple 2FA TOTP entries for a single login entry would be very useful!
I would love to see this implemented too, and it doesn’t seem like it would be super cumbersome to add it either.
I think the Idea of @davidwinterstein is great for autofill but requires a lot of changes as it interacts with the URI mapping while for most people (at least myself) it would be no problem to copy the addition code manually when needed. The time saved by not having to search the second item in the vault is a huge improvement already.
Would it be an option to just add TOTP as a type for custom fields? On the backend site they are like a secret field that stores the seed (so almost no changes needed) and the frontend calculates the TOTP value (code already existent).
Scenarios where autofill for the additional tokens is needed can still be modeled with multiple items with different URIs, but the complexity of this aspect would not block this topic in general.
Once this feature is available I can move to bitwarden.
My opinion for devepers:
- Make 1 entry of OTP available for auto-fill
- 2-nd (and others) optional and swithable with main entry in GUI
Same issue here. ActiveDirectory with one password but multiple Login places with different TOTPs. It would be perfectly sufficient if it was a custom field with the primary TOTP being automatically copied to the clipboard.
Second, Third and Fifteenth that request.
Would be useful to me as well. As a workaround, I create multiple Login entries for such services (as probably other people here do too).
It would be nice if it was possible to have multiple authenticator keys for one login.
I work for an organization where we have single sign one. So we have only one login for all services they offer. But there are some services which also require TFA for additional security.
Because of that, I need to add multiple authenticator keys to one login.
What do you think? Would that be possible?
We use LDAP and I hopped on here just to request this feature. I’m still using Authy to store the additional TOTP codes even though I moved all the rest to Bitwarden. Please make this happen! You can have all my 20 votes if that makes a difference!
This is also a requirement for Amazon Web Services when one uses the same email address for one’s Amazon.com account. It uses the same password, but Amazon.com’s 2FA is separate from AWS’s.
For the LDAP and similar use cases, this issue would also be solved by the Feature Request Field References (Ability to set different usernames for different websites using the same password), because that would allow you to set up different login items (each with their own TOTP) but have a common, linked username & password. Thus, some users following this thread may want to consider voting for the Field References feature, as well.
Hey, I am interested in working on this. Where do I start? I haven’t found a ticket related to this in Github
Hey @ekzyis thanks for your interest! Check out this post to get started, including this section. Let me know if you have any questions
They, thanks for your fast reply! Thanks, that was what I was looking for.