Separate TOTP App

A separate TOTP app with cloud sync to a Bitwarden account.

This would allow for a secure and open source TOTP access without limiting the risk of all passwords and TOTP codes being accessible from one single account and could be used instead of a service like Authy for cloud synchronised TOTP.

But you’d be logging in via the same account right? So it still means that if the attacker already have your account details / cut off your finger, both TOTP apps and main apps would be compromised, am I right?

Basically it will become one factor authentication

Its currently one factor as you can store TOTP within the same Bitwarden account. Someone gets access to that one account it has your passwords and TOTP if you choose to store it in there instead of a separate service.

No a completely different email address login.

Which they can detect at account creation that you have a Bitwarden PW account.

Thank you for your post!

Feature name

  • Split TOTP storage and retrieval into a separate extension and database

Feature function

  • What will this feature do differently? I would like TOTP information to be stored in a seperate database and access by a separate extension.
  • What benefits will this feature bring? if someone were to social engineer your login credentials, they would only be able to get your usernames and passwords, and not your TOTP credentials. Ideally, your TOTP login credentials would not match yout Bitwarden credentials. I don’t expect this to be the default behavior, but it would be nice to have a “paranoid mode” as an option.
  • Remember to add a tag for each client application that will be affected

Related topics + references

  • Are there any related topics that may help explain the need and function of this feature? Not that I see
  • Are there any references to this feature or function on other platforms that may be helpful? No that I see