My Account(s):
I’ve had Bitwarden for a year or so and Im happy so fat. Yesterday I activated 2FA on both of my logins (Organisation).
My Problem:
Account 1: Authenticator works
Account 2: The scan QR code was saved, apperently wrong. First time this happend. No problem, I downloaded the 8 recovery-codes. Shock!: they don’t work. Tested the recovery codes of Acc 1. even though the Authenticator worked: recovery-codes don’t work on that account either.
Facts:
Account is paid with 1 invoice
Both are in an organization
I instantly disabled 2FA via Authenticator and recovery-codes for Acc 1.
But for Acc 2. I have no solution
I have the Master Key
Any solution for this bug? I stored so many important passwords with 2FA on that account, I’m desperate.
What does this mean? Where exactly did you find these 8 codes to download?
Bitwarden’s Two-Step Login recovery Code (obtained from the Web Vault’s Security section) consists of a single code. The code consists of 32 alphanumeric characters, which are presented in 8 groups of four (e.g., KHN6 PW6T FK2E YWT4 596Z E55X 9FV4 GYAB). When using the recovery code to disable 2FA (by submitting this form), you can enter the recovery code either with or without spaces (e.g., KHN6PW6TFK2EYWT4596ZE55X9FV4GYAB).
I’m hoping that you do have the correct 2FA recovery code, but that you mistook the 32-character code for a set of eight 4-character codes. Try entering all eight 4-character groupings (in the original sequence), and see what happens.
Oh thats how it works. All my life I’ve only encountered systems where you got a list of recovery-codes that you could use instead of the password. Ive never seen one long code seperated into 8 rows, naturally I didn’t even think about it. Thanks for clearing things up.
I randomly picked two to showcase what I ment. This is from Google:
You can get a new set of 10 backup codes whenever you want. When you create a new set of codes, the old set automatically becomes inactive.
Protonmail:
When you first set up 2FA for your Proton Account, we provide several one-time use recovery codes. Please save these codes in a secure place and do not lose them.
Yes, I’m familiar, which is why I guessed that’s how you may have interpreted the Bitwarden recovery code. Usually, the code is presented with the 4-character blocks arranged horizontally (as shown in the screenshot below), but it sounds like you might have viewed the code on a mobile device that split this up into multiple rows.
English is my 4th language. I usually need more words to get the point across and its overall nowhere near perfect, excuse me.
It did seperate. They should make it a link to a white site with minimum layout, starting at the edge and make it horizontally scrollable, example:
Site 1: Same site as now. If it calculates that the screen is too narrow for the whole string displayed in one line, replace the string with a link to a new site without the restricting width:
“Click here for your one-time code”
Site 2 that opens in a new tab:
“Your one-time recovery code”:
[recovery_code_in_one_row].
This comes of course speaking from real life experience by a IT guy . Im certainly not the 1st, or last. I’ve never even seen only one code. Wondering how many people got desperate and unnecessarily deleted their account; that was my step, if I didnt get you two fast responses. I was trying for maybe 5 hours. Also to login with the organization.
I needed to take a breath and sleep it off. I did have a backup, but ~7-8 months old. I’ll try today and respond.
I know how annoying threads with an open-ending are.
PS: have been testing out the extend pf the functions by editing. This is visually and functionally a cool forum!
Remember that your recovery codes are one-time use only, so make sure that you obtain (and safely store) the new recovery code(s) for your account(s). The recovery code, master password, and backup file password should all be recorded on an Emergency Sheet.
Also, I would recommend that you make vault backups (exports) more frequently than 7-8 months. You can now easily make a password-protected .JSON export from any non-mobile Bitwarden app or browser extension. Make this even easier by keeping a copy of your backup file password inside your vault (in addition to recording the password outside your vault, on the aforementioned Emergency Sheet), so that you don’t have to type it each time.
. Im certainly not the 1st, or last. I’ve never even seen only one code. Wondering how many people got desperate and unnecessarily deleted their account; that was my step, if I didnt get you two fast responses. I was trying for maybe 5 hours. Also to login with the organization.