Password ManagerVault Basics

Bitwarden Authenticator (TOTP)

The Bitwarden authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use two-step login. The Bitwarden authenticator generates six-digit time-based one-time passwords (TOTPs) using SHA-1 and rotates them every 30 seconds.

note

Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires premium or membership to a paid organization (families, teams, or enterprise).

If you are new to using TOTPs for two-step login, refer to the field guide to two-step login for more information.

Generate TOTP codes

Each website that supports TOTPs or two-factor authentication (2FA) with an authenticator handles configuration differently. Start the setup from each individual website or service that you are accessing (for example, google.com and github.com).

In Bitwarden, you can generate TOTPs using two methods:

Scan a QR code

Complete the following steps to set up the Bitwarden authenticator from your app of choice:

  1. Edit the vault item for which you want to generate TOTPs.

  2. Tap the Set up TOTP button.

  3. Scan the QR code and tap Save to begin generating TOTPs.

  1. Edit the vault item for which you want to generate TOTPs.

  2. Select the TOTP button, which will scan the authenticator QR code from the current webpage. The full QR code must be visible on-screen.

    Browser TOTP scan
    Browser TOTP scan

  3. Tap Save once the code has been entered to begin generating TOTPs.

Once set up, Bitwarden authenticator will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can update the TOTP seed at any time using the icon on the Edit Item screen.

Manually enter a secret

Complete the following steps to manually enter a secret key from the iOS or Android app:

  1. Edit the vault item for which you want to generate TOTPs.

  2. Tap the Set up TOTP button.

  3. Tap the Enter Code Manually link at the bottom of the screen.

  4. Paste the secret key into the Authenticator Key field and tap Add TOTP.

Once set up, Bitwarden authenticator will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can edit the TOTP seed at any time using the icon on the Edit Item screen.

Use generated codes

tip

TOTPs rely on time-based code generation. If your device has an incorrect time compared to the server, it will generate codes that don't work. If you are having trouble with your TOTP codes, set your device's time and time zone to Automatic.

Bitwarden browser extensions will auto-fill your TOTP code, unless the Auto-fill on Page Load option is active. In that case, the browser extension also copies the TOTP code to your clipboard for easy pasting into the form. Mobile applications will only automatically copy the TOTP code to your device's clipboard after auto-fill.

On browser extensions, you can also copy the TOTP code from the context menu:

Browser Extension Context Menu
Browser Extension Context Menu
tip

Automatic TOTP copying can be turned off using SettingsOptionsCopy TOTP automatically, which will be on by default. Additionally, use the nearby Clear clipboard option to set an interval with which to clear copied values.

Viewing TOTP codes

All Bitwarden apps display your rotating TOTP code inside the vault item, which can be copied and pasted just like a username or password:

Copy a TOTP code
Copy a TOTP code

Mobile apps also have a dedicated Verification Codes screen that lists active TOTPs for quick copying:

Mobile Verification Code screen
Mobile Verification Code screen

Troubleshooting

TOTP codes are generated based on the system clock of your device. If your generated codes are not working, the most likely reason is that your device clock has become out-of-step from the Bitwarden server. To re-sync the clock on your device:

Navigate to StartSettingsTime & languageDate & time, and turn the Set time automatically option off and back on.

If this doesn't work, use the following PowerShell commands to set your timezone, being sure to replace the timezone name with the right one from this list, and restart your computer:

Bash
Set-TimeZone -Id "Central Standard Time"
Bash
Restart-Computer

Navigate to System SettingsGeneralDate & Time, and turn the Set time and date automatically and Set time zone automatically using your currently location options off and back on.

Navigate to SettingsSystemDate & time, and turn the Set time automatically option off and back on.

Navigate to SettingsGeneralDate & Time, and turn the Set Automatically option off and back on.

Support for more parameters

By default, Bitwarden will generate six-digit TOTPs using SHA-1 and rotate them every 30 seconds, however some websites or services will expect different parameters. Parameters can be customized in Bitwarden by manually editing the otpauth://totp/ URI for your vault item.

Parameter

Description

Values

Sample Query

Algorithm

Cryptographic algorithm used to generate TOTPs.

-sha1
-sha256
-sha512
-otpauth

algorithm=sha256

Digits

Number of digits in the generated TOTP.

1-10

digits=8

Period

Number of seconds with which to rotate the TOTP.

Must be > 0

period=60

For example:

Bash
otpauth://totp/Test:me?secret=JBSWY3DPEHPK3PXP&algorithm=sha256&digits=8&period=60

Learn more about using otpauth:// URIs here.

Bitwarden Authenticator on iOS

iOS users running iOS 16+ can also set Bitwarden as their default application for storing verification codes when scanning codes directly from the camera app. To set this up:

  1. Open the iOS Settings app on your device.

  2. Tap Passwords.

  3. Tap Password Options.

  4. From the Set up verification codes using: list, select Bitwarden.

Once enabled, QR codes in the camera app will have an Open in Bitwarden button. When tapped, you'll be able to choose whether to add the authenticator key to a new or existing vault item. Once the item has been created or edited, be sure to Save before closing.

Add new or existing verification codes
Add new or existing verification codes

When you auto-fill login on iOS, the TOTP code will be automatically copied to your clipboard. Pate your TOTP code into the Authentication code field to finish logging in.

Azure and Office 365

By default, Microsoft Azure and Office 365 accounts expect the use of Microsoft Authenticator for TOTPs. If you want to use Bitwarden Authenticator to generate TOTPs for your Microsoft Azure or Office 365 accounts, you'll need to complete the following steps:

  1. In Microsoft, navigate to your account settings page. Depending on whether yours is a personal or business account, this may be account.microsoft.com or myaccount.microsoft.com.

  2. Depending on whether yours is a personal or business account, open your Security dashboard or select Security info. If you're going through the Security dashboard, you'll need to also select Two-step verification from that screen.

    Turn on 2FA
    Turn on 2FA

  3. Select either the Two-step verification Turn on button or Add sign-in method button and choose Authenticator app from the dropdown.

  4. During the setup procedure, you'll see a dropdown menu for the verification method. Select Authenticator App or An app.

  5. Proceed until you see a blue "different authenticator app" hyperlink. Select the hyperlink when you see it.

  6. Continue until you see a QR code, at which point you can follow the normal instructions here.

Steam Guard TOTPs

The Bitwarden Authenticator (TOTP) can be used as an alternative means of TOTP generation for Steam using a steam:// prefix followed by your secret key:

Steam TOTP generation
Steam TOTP generation

Generated steam:// TOTPs are by default alphanumeric and five digits, as opposed to traditional six-digit numeric TOTPs.

warning

To use this functionality, you will need to manually extract your Steam account's secret using a third-party tool. There are tools such as SteamTimeIdler and Steam Desktop Authenticator that can help you accomplish this, however such extraction tools are not officially supported by Bitwarden or Steam. Use these tools at your own risk.

Make a suggestion to this page

Contact Our Support Team

For technical, billing, and product questions.

Name*
Bitwarden account email*
Verify account email*
Product*
Are you self-hosting?*
Subject*
Message...*

Cloud Status

Check status

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here