I use Bitwarden and am required for work to use 2FA for everything. Most all of my 2FA are handled with Google Authenticator. Is it possible to use TOTP inside of Bitwarden to auto populate the 2FA keys for the sites I need and if so how do I go about specifying these? Ultimately, Id like to have both BitWarden and access to Google Auth as a backup for logging into these sites. I had a look at the documentation page and Im confused on where the special key comes from.
You certainly can use Bitwarden for this. You can even use it alongside Google Authenticator if your employer mandates that you must use that particular app.
Your only issue is going to be getting the codes into Bitwarden. Google Authenticator doesn’t show you the key that generates the code, so I think you would need to remove each 2FA account and re-add them one at a time. When you scan the QR code in GA, scan it in Bitwarden too. In the field labeled “Authenticator Key (TOTP)”, select the camera icon to scan the QR code. You should then see identical TOTP codes being generated in both apps.
Please mind that you need Premium to use TOTP
Yes, I should have mentioned that. Premium is $10/year, which I think is fantastic value. As well as TOTP authenticator storage and generation, you also get:
- 1GB encrypted file storage
- Two-step login with YubiKey, U2F and Duo
- Vault health reports
- Priority customer support
That’s a bummer. I don’t have an option to go back and readd auth keys. Many of them are heavily involved on the admin side to reset.
Double check GA in case it’s possible to see the key - I don’t remember the option being there but it’s a while since I’ve used it.
Alternatively, you could ask the admin at work if they have the key. They may have saved copies. If so, you can enter this directly into Bitwarden instead of scanning a QR code.
Perhaps this is of use
When transferring you get a QR code. It might be that this is the list of all your secrets. Try to capture the scanned code and paste it in a text editor.
Unfortunately, GA doesn’t backup your TOTP accounts/keys. That article explains how to set up 2FA on your Google account using GA. It confirms that other accounts will need to be re-added manually:
If you also have other services set up to use the Google Authenticator for code generation, you may also have to turn off the authentication for each individual service before the transfer takes place. After the Google Authenticator app has been shifted over to the new iPhone, re-add the services.
Maybe this helps?
When I was exporting my information from a different password manager and importing it into Bitwarden, to my surprise all my TOTPs had been transferred and worked alright. This was important for me as well, as I am in the same position as you are.