[SOLVED] TOTP no longer works after new update on IOS

The entire Bit-warden app has Literally forgotten how to generate TOTP codes. The authenticator keys are correct and it’s able to generate correct keys on the computer but not in IOS anymore, this has been really annoying having to open Bitwarden, copy the TOTP key and then adding it into Authy every time I try to login to a website on my phone now…

Not sure how to fix this :thinking::sob:

Is the iOS app not generating the TOTP codes, or is it generating incorrect TOTP codes?

Are date, time and time zone correct on the device that shows the issue ?


It’s not generating TOTP codes at all, the keys are entered correctly but it’s not generating anything. On all my other devices they generate correctly.

Reboot. If the issue still occurs: Uninstall Bitwarden, reboot, re-install Bitwarden.

Also, I don’t suppose your Premium licence has expired, has it?


Have you just updated to the iOS 15 beta by any chance? I’ve heard some rumours of authenticator apps not working on it, so presumably some issue with the timekeeping.


Ah! I’m on IOS 15 so I’m assuming your correct!

That’d be it! Interesting to hear of an example of this bug in the real world! (Be sure to report it to Apple, I can’t find many references to the issue online at all)

I believe that all time-based authenticator apps are broken, including Google, Microsoft and even some banking apps that rely on TOTP generation (such as HSBC).

I know Authy is working, I haven’t checked the others you listed.

Interesting… I wonder why some TOTP generators are able to function and others not? :thinking:

As a matter of fact it was… after investigation it seems as though my premium expired, so I renewed it and now it’s working perfectly :innocent:


Always worth ruling out the obvious, as it’s often the solution! :grinning_face_with_smiling_eyes:

Glad you got it sorted :+1:t2:

iOS API is constantly changing, most of the time for the better but from time time this happens.

The algorithm to generate TOTP is based on UNIX Epoch, depending on how you get the time is weather or not the application can get an error. If you rely on the hardware clock and the time is not correct you will get erroneous codes, that’s why some developers opt to get the time from other places.

I wrote an implementation that on application start gets the time from the headers of a simple web call to the evil lords at Google, and then each calculation just offsets that. For example in Windows you can type this in a terminal and see how time can retrieved from an internet source:

curl -ILs www.google.com | findstr Date:

On *nix platforms:

curl -ILs www.google.com | grep -i Date:
1 Like