Write-only TOTP storage

Hello,

I have a feature request, and I believe that Bitwarden is the best company to do it!

TL;DR: Option to securely store TOTP seeds on Bitwarden’s servers, never make them accessible to me again, and only send me the TOTP codes. I’d pay double for this service.

Here’s what I’m looking for
I want to give you (Bitwarden) my TOTP seeds, have you store them securely on your servers with backups, and then only provide me with access to the TOTP codes thereafter; never allow me, or anyone, to access the TOTP seeds. Similar to a YubiKey, I’d never have access to the TOTP seeds again; you’d essentially be a cloud-based YubiKey, but a lot more convenient and resilient.

Here’s why
If either system is compromised, yours (Bitwarden.com) or one of mine, then my online accounts are all still safe because the attacker would need to compromise more than one system (e.g., both my system and yours) in order for the attacker to succeed. If there is infiltration, I can easily reset the necessary passwords or TOTP seeds, and the attacker never gains access to my online accounts.

I should still have access to the codes at your service even if your systems are compromised. Then, for each of my online accounts, I can use the old code to access the online account, reset the seed on my online account, delete the TOTP from Bitwarden, and add the new seed to Bitwarden.

Implementation
In edit mode, there could simply be a button next to the TOTP to “Remove my access to TOTP seed forever” or similar.

Use case
The way this security measure would be most effective is if you have two different Bitwarden accounts: AccountPW for your passwords and secrets. AccountTOTP solely for your write-only TOTP storage. AccountPW is on your primary computer for logging into websites and such. AccountTOTP is on another device, such as your phone or laptop.

Two paid accounts is more revenue for Bitwarden.

I would happily pay an additional monthly fee for this service to increase my security and convenience of having access to my TOTP codes (not seeds) on any of my internet-connected devices without needing to worry about being fully compromised if one system is compromised. Anything else that is cloud-based is basically 1FA. My idea creates true 2FA. The additional service fee paid to Bitwarden would be for the storage, your security efforts, and access to the codes.

Please consider!

We have discussed TOTP several times in the past. Even though BW can easily store TOTP codes I find it is fundamentally ill advised to have the password-username AND the TOTP code in the same place. I know you suggested maybe two BW accounts. That is not how its designed. A far more advised practice would be to use Authy to store the TOTPs and BW to store the other credentials. In my case I use my laptop for the BW component and use Authy on my Android (two devices required too). Best of all is to employ multiple devices for TOTP security. By far the best of all is U2F and I suggest you use it whenever you can. Also, it only takes a few seconds to save all the TOTP codes so that even if you lose your phone you are good to go with the replacement device. Authy is designed for what you need. BW and two accounts could accommodate you but it would be clumsy.

Thanks for responding!

Unfortunately, Authy does not provide what I’m looking for, nor does Bitwarden currently. I do not know of any online service that offers it. Let me explain more about why my request is important and useful.

The distinction between what’s offered by Authy, Bitwarden, and other online services vs. what I’m requesting is that the existing online services provide me with access to the TOTP seeds. That is not ideal as I’ll explain. I need the seeds to reside solely on the services’ servers and never be accessible to me (or anyone) again. I don’t need the seeds ever again; I only need the codes. That’s why it’s called write-only TOTP storage because I cannot read the seeds after I write them. I just need to be able to safely store the seeds with a service so that the service can send me the codes on any device that I login to. (Tangent idea: Bonus if that service can also offer me a second login option that will send me a session ID after I login and only provide me access to those codes, so that my login information is not stored in my device’s memory (only the session ID is), which helps to secure my login details for the purpose of TOTP codes.)

Write-only TOTP storage is important (and very useful) because if my device with the TOTP codes is compromised, then I would not need to reset all of my TOTP seeds because the seeds aren’t accessible and the codes are only valid for 1 minute (versus the seeds that are valid forever). If my idea existed, then all I would need to do is recover my Bitwarden account (change the password if necessary so it’s inaccessible to the attacker), and then I don’t need to do anything else because the attacker had no way of accessing the TOTP seeds (since they’re stored solely and securely on Bitwarden’s servers).

Currently, if my device is compromised, I have to login to every service I use and reset every TOTP seed. Eventually, even casual internet users will have hundreds of these TOTP seeds. We’re talking about the difference of a few minutes to fix (reset Bitwarden password) vs. days or weeks to fix (reset every TOTP seed on every site you use), especially within a compromised organization where everyone is using Bitwarded.

For anyone who uses technology long enough (just about everyone), it’s inevitably going to be breached at some point, perhaps by a 0-day vulnerability that was unavoidable. I’m trying to mitigate the damage and time necessary to recovery from inevitable attacks/breaches.

The idea I’ve described helps significantly with that. I’d pay for it, and many others would, too. In the beginning, the more technical users who understand this would pay for it, and eventually, just about everyone will understand its need and benefits.

A service should exist for it. I suspect Bitwarden is best positioned to offer it without too much additional effort.

I know my posts are long so I’ve used formatting to emphasize the important parts.

I’m unable to edit the title of this thread, but perhaps a moderator could edit it to improve its clarity:

Better 2FA: Write-only TOTP storage (cannot read the seeds after written)

I understand BUT let me clarify something you may be overlooking. We in the crypto community do something very similar to what you are requesting. I/we employ hardware crypto wallets where the SEED once entered can never again be seen within the hardware. The resultant output, which we use to generate the needed outcomes to successfully move coins, is based upon our entries but handled via “algo’s” based upon the SEED in the device. OK so I’ll stick with my metaphor comparing this to your needs. The individual TOTP base32 codes cannot be viewed but the resultant output, which gives you the needed six digit code based upon server time, will provide you with what is needed to log into your sites. NOW what happens if my crypto hardware device fails to function, or your BW server disappears, or any hardware device needed has a catastrophic failure? Simple, all access is lost unless somewhere and somehow the user is able to re-generate those needed items OR have things completely reset. In the crypto world there is NO reset, period. If you lose access you have forever frozen coins. In Authy (continuing with my metaphor) you cannot re-generate the needed codes either, but if you retain secure backups of the codes used to create the originals you can place what is needed into a new device. YOU are responsible to secure the backups off device and be ready in case. Sorry to ramble I just wanted to make sure everyone acknowledges that NO hardware, service, device, etc… is beyond failure. Never rely upon any one service to provide the only means to gain access.

Another thing that will help you out with some concerns is to migrate AWAY from TOTP and convert to U2F on any site that offers it. Its safer, faster, and beyond compromise by any known means at this time.