Solution for website only allowing 2FA via email?

Hi, most websites I am using now force 2FA and 2FA can is only done by sending TOTP verification code by email. There is no possibility to use an authenticator app (like Bitwarden Premium, Google Authenticator, Authy etc…) for 2FA. There is also no possibility to disable 2FA all together.

The result is catastrophic:

1/ My inbox is a mess because it is stuffed with useless email providing a verification code, that you need to open once and most often I get more than one so it even more time consuming to remove them.
As you can see 5 emails here out of 7 are for verifications code currently in my inbox:
image
Of course I could delete them, but most of the time you do not have time, as it is a 2nd step to do and it is even more awkward to do when you are login in from on a mobile platform like Android as it requires app switching.

2/ When you using Android phone (and certainly iPhone/iPad), as verification code is asked after entering your login/password credentials:
step A


step B

you have to switch to your email app to get the verification code, but once you come back to the app asking you for the verification code, it automatically reverts you back to step A! (not even because of a time out, this app does it because you have switch to a different app!). For info it is not the only app, doing this and this app is important app in France and it is going to be used by millions of people during the Olympic Games as it is the main public transportation app in france (https://play.google.com/store/apps/details?id=com.applidium.vianavigo). As a result you have to login again, then… you have to switching again to your email app to get your 2FA code and once again you are back to step A!

What is your best solutions to deal with 2FA that are only sent via email? (no possibilities given to use an authentication app)
Is there a tool I could add on my home server (or any other solution) to check my own email for TOTP verification codes and send them me to Bitwarden ? I am using Bitwarden Premium for info.

How are you switching apps? On the iPhone, I can switch apps by swiping left or right at the bottom the screen. This tends to preserve the state of the app. Alternatively, I can go back to the home screen and click the app’s icon, but that tends to cause some apps to start over instead of continuing from where they were.

To switch app, I am using the built-in switch app button from Android navigation bar:
image

That looks to be similar to how I do it on iPhone. Guess we will need to wait for an android user to weigh in.

Also not an Android user, but I wanted to offer some generic advice:

First, you can check this box (or similar options on other apps) to by-pass the 2FA requirement:

image

This is considered safe if you are logging in from your own phone, and do not allow others to use your phone.

Second, to keep your email inbox organized, most email apps allow you to set up rules that automatically process incoming email You should be able to define a rule that sends your 2FA codes into a separate folder.

You may even be able to set up a rule that sends you a copy of the 2FA email by text, although this may not solve your problem.

This issue is certainly due to this app (https://play.google.com/store/apps/details?id=com.applidium.vianavigo), the way I switch is standard, so it should not the reason. I gave this concrete example to show some issues we get with email as 2FA and I would like to know if any of you have managed to scan your own email (with python or any other thing) to extract your verification codes and even better bring them in clipboard like Bitwarden Premium is doing. Even better would be to be able to integrate them in Bitwarden as TOTP so that no matter how 2FA is done you can fill out the 2FA form.

Interesting, I have to look at rules. Once I get the verification code from the email I have received, is there a possibility to send a command to Bitwarden to pass it in the clipboard the same way Bitwarden Premium present us the TOTP code from its integrated authenticator app?

No, Bitwarden cannot do this.

Can you do a split screen?

I have tested the split screen, but it does not work: the change of the display size of the app is causing it to reload the screen which in turn cause the app to move back to the login/password prompt. Splitting the screen before entering the login/password does not work either because it requires the keyboard and then the screen is too small to access to the input field even by attempting to scroll.

1 Like