Bitwarden Authenticator (TOTP)

Category: Features
On this page:

    The Bitwarden Authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use Two-step Login. The Bitwarden Authenticator generates 6-digit Time-based One-time Passwords (TOTPs) using SHA-1 and rotates them every 30 seconds.

    Note

    Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires Premium or membership to a Paid Organization (Families, Teams, or Enterprise).

    If you’re new to using TOTPs for Two-step Login, refer to the Field Guide to Two-step Login for more information.

    Generate TOTP Codes

    Each website that supports TOTPs or Two-factor Authentication (2FA) with an authenticator handles configuration differently. Start the setup from each individual website or service that you are accessing (e.g. google.com, github.com).

    In Bitwarden, you can generate TOTPs using two methods:

    Scan a QR Code

    Complete the following steps to setup the Bitwarden Authenticator from the iOS or Android app:

    1. Edit the Vault item for which you want to generate TOTPs.
    2. Tap the camera icon in the Authenticator Key (TOTP) field.
    3. Scan the QR code and tap Save to begin generating TOTPs.

    Once setup, Bitwarden Authenticator will continuously generate 6-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for Two-step Login to connected websites or apps.

    Manually Enter a Secret

    Setup the Bitwarden Authenticator from any Bitwarden app by copying the secret key (typically available as an alternative to a QR Code) from the website or app and pasting it into the Authenticator Key (TOTP) field for the corresponding Vault item.

    Once setup, Bitwarden Authenticator will continuously generate 6-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for Two-step Login to connected websites or apps.

    Use Generated Codes

    Bitwarden Mobile applications and Browser Extensions will automatically copy the TOTP code to your device’s clipboard after Auto-fill, unless the Enable Auto-fill on Page Load option is active. Paste from your clipboard immediately after successful Auto-fill to use your TOTP.

    Tip

    This feature can be toggled off under SettingsOptionsDisable Automatic TOTP Copy.

    All Bitwarden applications display your rotating TOTP code inside the Vault item, which can be copied and pasted just like a Username or Password.

    Copy a TOTP code
    Copy a TOTP code

    Support for More Parameters

    By default, Bitwarden will generate 6-digit TOTPs using SHA-1 and rotate them every 30 seconds, however some websites or services will expect different parameters. Parameters can be customized in Bitwarden by manually editing the otpauth://totp/ URI for your Vault item.

    Parameter Description Values Sample Query
    Algorithm Cryptographic algorithm used to generate TOTPs. -sha1
    -sha256
    -sha512
    algorithm=sha256
    Digits Number of digits in the generated TOTP. 1-10 digits=8
    Period Number of seconds with which to rotate the TOTP. Must be > 0 period=60

    For example:

    otpauth://totp/Test:me?secret=JBSWY3DPEHPK3PXP&algorithm=sha256&digits=8&period=60

    Learn more about using otpauth:// URIs here.

    Was this helpful?

    Rate this article:

    Email Us

    Want to talk to a human?

    Send Us An Email