PersonalBusinessDownloadPricingHelpBlogContact
Get Started
Log In
PersonalBusinessDownloadPricingHelpBlogContactBusiness SalesGet StartedLog In

Bitwarden Authenticator (TOTP)

The Bitwarden authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use two-step login. The Bitwarden authenticator generates six-digit time-based one-time passwords (TOTPs) using SHA-1 and rotates them every 30 seconds.

note

Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires premium or membership to a paid organization (families, teams, or enterprise).

If you are new to using TOTPs for two-step login, refer to the field guide to two-step login for more information.

Generate TOTP codes

Each website that supports TOTPs or two-factor authentication (2FA) with an authenticator handles configuration differently. Start the setup from each individual website or service that you are accessing (for example, google.com and github.com).

In Bitwarden, you can generate TOTPs using two methods:

Scan a QR code

Complete the following steps to set up the Bitwarden authenticator from the iOS or Android app:

  1. Edit the vault item for which you want to generate TOTPs.

  2. Tap the Set up TOTP button.

  3. Scan the QR code and tap Save to begin generating TOTPs.

Once set up, Bitwarden authenticator will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can edit the TOTP seed at any time using the icon on the Edit Item screen.

Manually enter a secret

Complete the following steps to manually enter a secret key from the iOS or Android app:

  1. Edit the vault item for which you want to generate TOTPs.

  2. Tap the Set up TOTP button.

  3. Tap the Enter Code Manually link at the bottom of the screen.

  4. Paste the secret key into the Authenticator Key field and tap Add TOTP.

Once set up, Bitwarden authenticator will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can edit the TOTP seed at any time using the icon on the Edit Item screen.

Use generated codes

tip

TOTPs rely on time-based code generation. If your device has an incorrect time compared to the server, it will generate codes that don't work. If you are having trouble with your TOTP codes, set your device's time and time zone to Automatic.

Bitwarden mobile applications and browser extensions will automatically copy the TOTP code to your device's clipboard after auto-fill, unless the Auto-fill on Page Load option is active. Paste from your clipboard immediately after successful auto-fill to use your TOTP or, if you are using a browser extension, use the context menu:

Browser Extension Context Menu
Browser Extension Context Menu
tip

Automatic TOTP copying can be turned off using SettingsOptionsCopy TOTP automatically, which will be on by default. Additionally, use the nearby Clear clipboard option to set an interval with which to clear copied values.

Viewing TOTP codes

All Bitwarden apps display your rotating TOTP code inside the vault item, which can be copied and pasted just like a username or password:

Copy a TOTP code
Copy a TOTP code

Mobile apps also have a dedicated Verification Codes screen that lists active TOTPs for quick copying:

Mobile Verification Code screen
Mobile Verification Code screen

Support for more parameters

By default, Bitwarden will generate six-digit TOTPs using SHA-1 and rotate them every 30 seconds, however some websites or services will expect different parameters. Parameters can be customized in Bitwarden by manually editing the otpauth://totp/ URI for your vault item.

Parameter Description Values Sample Query
Algorithm Cryptographic algorithm used to generate TOTPs. -sha1
-sha256
-sha512
algorithm=sha256
Digits Number of digits in the generated TOTP. 1-10 digits=8
Period Number of seconds with which to rotate the TOTP. Must be > 0 period=60

For example:

otpauth://totp/Test:me?secret=JBSWY3DPEHPK3PXP&algorithm=sha256&digits=8&period=60

Learn more about using otpauth:// URIs here.

Steam Guard TOTPs

The Bitwarden Authenticator (TOTP) can be used as an alternative means of TOTP generation for Steam using a steam:// prefix followed by your secret key:

Steam TOTP generation
Steam TOTP generation

Generated steam:// TOTPs are by default alphanumeric and five digits, as opposed to traditional six-digit numeric TOTPs.

warning

To use this functionality, you will need to manually extract your Steam account's secret using a third-party tool. There are tools such as SteamTimeIdler and Steam Desktop Authenticator that can help you accomplish this, however such extraction tools are not officially supported by Bitwarden or Steam. Use these tools at your own risk.


Language

Products

Resources

  • Resource Center
  • Community Forums
  • Security Compliance
  • Success Stories
  • User Reviews
  • Newsfeed
  • Subscribe to Updates
©2022 Bitwarden, Inc.
Terms Privacy Sitemap