I am currently trying to test using the TOTP option on the application.
I have been using Google 2FA for 4 years now to generate my codes on many sites where 2FA is implemented.
For security reasons, all the items in my 2FA account are transferred to my wife’s mobile.
So far nothing special.I get my wife’s mobile, and I try to set up the 2FA on a single account in my BTW safe. When I click on the camera in the BTW item, my camera opens the QR code of this account is present on the other phone (via the export of Google Authentificator), I open the camera of the mobile, and I scan the QR code generated by Gooogle 2FA with my mobile, but there BTW returns me the following message: impossible to read the authentication key.
So on the account in question in my safe I can’t use the “TOTP authentication key” area. What is my mistake? Thank you in advance for your answer.
The reason is this: Google Authenticator does not have a push notification feature ? Thanks for your answer.
I don’t think Google Authenticator has the ability to export a QR code for individual items. Instead, I believe that QR code you are generating is a proprietary QR code to allow you to transfer your entire Google Authenticator database to another GA app on a new phone.
I did a quick Google search but could not find a way to export the secret keys for each item in your Google Authenticator database so that they can be used in another authenticator app. It would not surprise me if Google did not make this possible, but maybe someone else here knows a way?
Thank you for your help
All the more reason to switch all 2FA accounts to authy
After using Bitwarden for 2FA, I’ll never go back to a stand-alone app again except where forced to.
Bitwarden is just so slick and convenient, and arguably it could be the most secure way to store and share 2FA keys among a variety of devices.
I assume that you either do not use TOTP for your Bitwarden account (but instead something else like Yubikeys and or Duo) or you stored that single TOTP indeed outside of Bitwarden.
Having your TOTP in the same application as your regular passwords, isn’t that putting your first and second factor behind the same door? I’m inclined to have my TOTP independent from my password vault.
That’s true, if Bitwarden is just your password manager. But depending on how you set it up, it can be the next best thing to SSO and an identity provider. It can even be those things for pretty cheap. Looked at the other way, aren’t you increasing your attack surface for something that may not be as secure as Bitwarden?
Don’t think there’s a wrong answer here, as long as you think it through fully.
Like consider this. Bitwarden supports account switching now. You could always use one vault for passwords and another for TOTP codes, but now it’s even easier than before.
Everyone has their own comfort level. I am fine with it, and because BW makes it so convenient, I use 2FA on every possible site that I can, whereas when I ran an authenticator app, I couldn’t be bothered half the time. So there is a benefit of convenience.
And I always think that if I am happy to trust BW with my passwords and sensitive information, it is secure enough to also generate my TOTP codes.
Well… I guess that if you’re putting your Authy password in BW again… it kind of defeats the 2 doors again… I could just as well use BW completely then. I also like your argument of making it really easy to do so causing you to use it more often.
Hello, obviously the only account in 2FA that does not use BITWARDEN is my BITWARDEN account. It is obvious. For that 2 choices set up a key FIDO and the application AUTHY, knowing that the application authy can be carried on 2 PC and 2 cell phones for more security. So I am sure to always have at hand my BITWARDEN access with a backup on 5 different media (A key FIDO, 2 PC (s) and 2 cell phones).