Should the 2FA token be working more than once?

Note: Your question may already be answered in the Bitwarden Help Center.

When I log into two Bitwarden browser sessions immediately, the same TOTP 2FA token can be used within the 30 seconds period.

I know that some websites prevent the second session if the TOTP token is used: they require the user to wait for the 30 seconds period to cool down, thus allowing the new token to be used.

What should the correct behavior be?

I am not seeing that information just yet:

https://bitwarden.com/help/article/setup-two-step-login-authenticator/

That is working as intended, the code is time-based only, so as long as the code is currently valid (there is some margin to account for small time offsets on devices, etc, too) - the code will be accepted.

2 Likes