[SOLVED] Android 2FA seems to be broken

I’ve been using Bitwarden since 2018, my current mobile phone was purchased in 2019 and I’ve been using 2FA (Google Authenticator) on it to access Bitwarden across browsers and the website without any problems.

Today, I installed the Bitwarden extension on a new Chromium browser, and when I put in my 2FA code, I got this error:

An error has occurred.
Two-step token is invalid. Try Again.

To be clear, I’ve not changed anything with my phone, the GA app, or my Bitwarden account.

I used my recovery code to remove 2FA from my account, then went into my account on a desktop PC browser to re-enable it. Scanned the QR code in Google Authenticator, tapped in the 6 digit code, and I got the same “invalid token” error. OK… Weird.

I then noticed that the recommended 2FA app for Android is Microsoft Authenticator, so I downloaded & installed this, scanned the QR code, and… got the same “invalid token” error. So now I have a ton of sensitive data (passwords, card data, secure notes) unsecured by 2FA. Not too happy about this!

To reiterate, I’ve not changed anything with my phone, authentication app, or Bitwarden. It’s simply stopped working.

Is anyone else having this issue?

It looks like Bitwarden was updated last night. Try rebooting your phone and computer. If that does not help uninstall Bitwarden, reboot and then re-install it again.
And on a side note: Use more than just a single 2FA method. Think of it as a part of a backup plan.

We are also experiencing issues with 2FA. similar issue was on Feb 2 2022
We use Duo and currently its not functioning on all platforms …
On the browser log call to https://api-d7773d22.duosecurity.com … fails

I personally don’t recommend google authenticator (nobody does) and don’t know if Microsoft Authenticator you can make backup of all your QR codes, if not, i recommend to you change the 2FA app, maybe Aegis or andOTP.

Before I replied above I logged into Bitwarden both on my phone (using DUO for 2FA) and in a browser on my desktop (using Authy for 2FA). Both worked fine and without any issue. A few minutes before that I had restarted my computer because of Windows updates; thus the recommendation to reboot the device. I just tried the Microsoft Store version of Bitwarden (using a Yubikey for 2FA). This also worked without any issue.

Thanks all, a phone reboot seems to have done the trick. Must have been a timing thing with the Android clock (I saw something about this on another forum). And thanks for the tips about not using Google Authenticator. I’ll take a look at Aegis, Authy, and andOTP. Microsoft Authenticator does indeed do backups, too, and as I’m a 365 subscriber and a Windows user, that might be the logical choice.