Integrated Authenticator
Password Manager includes an integrated authenticator that generates verification codes for two-step login directly in your vault. Instead of opening a separate app and manually typing codes, it automatically produces the time-based one-time passwords (TOTPs), six-digit codes using SHA-1 that rotate every 30 seconds.
note
Storing keys in Password Manager integrated authenticator is available to all accounts. Generating TOTP codes is available with Premium or membership to a paid organization (Families, Teams, or Enterprise).
Bitwarden offers two authenticators: Password Manager integrated authenticator and the Bitwarden Authenticator app. Learn more about when to use the different authenticators.
Generate TOTP codes
There are three ways to set up TOTP generation in Password Manager for your vault's login items:
Scan a QR code from the Bitwarden mobile app or browser extension.
Manually enter a secret from any Bitwarden app.
Sync codes with the Bitwarden Authenticator app so the TOTPs also appear in Password Manager.
Once set up, integrated authentication will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can update the TOTP seed at any time using the Camera icon on the Edit item screen.
Scan a QR code
To set up integrated authentication for a login item using a QR code:
Edit the vault item for which you want to generate TOTPs.
Tap Set up TOTP:
Set up TOTP on mobile Scan the QR code.
Tap Save to begin generating TOTPs.
Manually add a secret
To manually add a secret key to a login item:
Edit the vault item for which you want to generate TOTPs.
Select the Authenticator key field. (On mobile apps, you can alternatively select the Set up authenticator key → Enter key manually from the Edit view.)
Paste the secret key into the Authenticator Key field.
Save the item.
Use generated codes
After you add a secret key to a login item, there are two ways to retrieve the TOTP: autofilling or copying the code.
note
TOTPs rely on time-based code generation. If your device has an incorrect time compared to the server, it will generate codes that don't work. If you're having trouble with your TOTP codes, set your device's time zone to and time to Automatic.
Autofill TOTP codes
Bitwarden browser extensions and iOS (version 18.0+) will autofill your TOTP code, unless the autofill on page load setting is active. In that case, the browser extension also copies the TOTP code to your clipboard for easy pasting into the form.
On browser extensions, you can also copy the TOTP code from the context menu:
tip
Automatic TOTP copying is on by default when you use autofill in the browser extension. To turn it off, go to Settings → Autofill and uncheck Copy TOTP automatically. You can also use the nearby Clear clipboard dropdown menu to specify when copied values are cleared.
View and copy TOTP codes
All Bitwarden apps display your rotating TOTP code inside the vault item, which can be copied and pasted like a username or password:
When you first open the Bitwarden mobile app, select Verification codes to display all active TOTPs in your vault:
tip
As long as you're logged in to your Bitwarden vault, your generated codes are available—even when your device is offline.
Troubleshooting
TOTP codes are generated based on your device's system clock. If your generated codes are not working or invalid, the most likely reason is that your device clock has become out-of-step from the Bitwarden server. To re-sync the clock on your device:
Navigate to Start → Settings → Time & language → Date & time, and turn the Set time automatically option off and back on.
If this doesn't work, use the following PowerShell commands to set your timezone, being sure to replace the timezone name with the right one from this list, and restart your computer:
Plain TextSet-TimeZone -Id "Central Standard Time"
Plain TextRestart-Computer
Support for more parameters
By default, Bitwarden will generate six-digit TOTPs using SHA-1 and rotate them every 30 seconds, however some websites or services will expect different parameters. Parameters can be customized in Bitwarden by manually editing the otpauth://totp/ URI for your vault item.
Parameter | Description | Values | Sample Query |
|---|---|---|---|
Algorithm | Cryptographic algorithm used to generate TOTPs. | -sha1 |
|
Digits | Number of digits in the generated TOTP. | 1-10 |
|
Period | Number of seconds with which to rotate the TOTP. | Must be > 0 |
|
For example:
Bashotpauth://totp/Test:me?secret=JBSWY3DPEHPK3PXP&algorithm=sha256&digits=8&period=60
Learn more about using otpauth:// URIs.
Set as default on iOS
iOS users running iOS 16+ can set any application as the default for storing verification codes when scanning codes directly from the camera app, including Bitwarden Authenticator and Password Manager integrated authentication. To set this up:
Open the iOS Settings app on your device.
Tap General.
Tap AutoFill & Passwords.
In the Verification Codes section, choose an app from the Set Up Codes In dropdown.
Azure and Office 365
By default, Microsoft Azure and Office 365 accounts expect the use of Microsoft Authenticator for TOTPs. To instead use the integrated authenticator in Bitwarden for your Microsoft Azure or Office 365 account(s):
In Microsoft, navigate to your account settings page. Depending on whether yours is a personal or business account, this may be
account.microsoft.comormyaccount.microsoft.com.Depending on whether yours is a personal or business account, open your Security dashboard or select Security info. If you're going through the Security dashboard, you'll need to also select Two-step verification from that screen.
Turn on 2FA Select either the Two-step verification Turn on button or Add sign-in method button and choose Authenticator app from the dropdown.
During the setup procedure, you'll see a dropdown menu for the verification method. Select Authenticator App or An app.
Proceed until you see a blue "different authenticator app" hyperlink. Select the hyperlink when you see it.
Continue until you see a QR code, at which point you can follow the standard QR code steps.
Steam Guard TOTPs
You can use the Bitwarden integrated authenticator for your Steam account's 2FA. Once you locate the secret key, enter it in the Authenticator key field with this format: steam://your_secret_key_here.
warning
To use this functionality, you will need to manually extract your Steam account's secret using a third-party tool. There are tools such as SteamTimeIdler that can help you accomplish this, however such extraction tools are not officially supported by Bitwarden or Steam. Use these tools at your own risk.
Generated codes for Steam are five digits and alphanumeric, unlike traditional six-digit numeric TOTPs.