bitwarden
Free Bitwarden takes OTP text code, but it's unclear it doesn't support it.
So I'm trying to set up OTP for GitHub itself. Currently I use Google Authenticator and it works fine, but I was considering switching to Bitwarden.
Setting this up in GitHub by going to Settings > Security > Authenticator App, then click on Set up using an app, when presented with the Recovery Codes clicking Copy and then Next, then scanning the barcode. I can tell Bitwarden scans it correctly, since the text string matches (other than case) the string presented in the "enter this text code" link on that same page.
But GitHub wants a 6-digit code back from the app, and Bitwarden doesn't seem to give me that... See screenshot below:
Does Bitwarden generate this 6-digit code somehow and I'm just missing it/can't find it? Or is it just not generating it? (In which case, is that an upcoming feature?)
Thanks for Bitwarden, it's an awesome product, really happy with it so far!
Cheers, Filipe
You need to save the entry. The 6-digit code is only displayed on the "view" page of the item
@Crocmagnon I just tried this again, I don't see any 6-digit codes on the view page of the item... This is on Android app version 1.21.0 (1631). The authenticator key (TOTP) is alphanumeric 16 characters long... What am I missing?
@filbranden Do you have a premium membership? OTP codes would only be generated with a premium membership. https://blog.bitwarden.com/premium-features-file-attachments-2fa-options-totp-priority-support-d4c12e2d9018
Yes indeed I have the free membership. I'll definitely consider getting premium, so far I'm loving Bitwarden!
I changed the subject of this issue to reflect the actual problem. With the free membership, I'm able to scan a QR image and to store an OTP code, but it doesn't really work after that... I think it should maybe either block me from entering an OTP, or maybe giving me a visible warning that TOTP is only supported on a premium membership. That would definitely have been enough to prevent my confusion that had me open this issue.
Thanks again for an awesome product!
Cheers, Filipe
Yes, at the moment we can't advertise a premium membership since we don't support in-app purchases. The app stores won't let you mention any kind of paid subscriptions if you arn't using the in-app purchase APIs.
Ah I see... So even a warning saying "TOTP does not work in a free membership" might be a breach of those terms. Huh! Oh well, thanks for the clarification, at least now I know how to get this solved. Feel free to close this issue or leave it open to track this issue (and maybe help others find it while searching for the same.) For me, either way is fine. Thanks again!
Same issue with attachments. It lets you pick a file, but it's not clear that the feature is intentionally disabled. I understand that the app stores don't want you to circumvent their huge cut of purchases by directing users to purchase outside the app, but at least something saying "feature not enabled" would help clue in the user. I spend 10 minutes trying to figure out the trick to get my attachment to upload.
Right now, its even stranger, Ive got a family plan and some totp challenge codes are displayed but most dont.
Ive got a family plan and some totp challenge codes are displayed but most dont.
Same here. I think the ones that display properly are the ones that I imported from authy.
BTW, there is also no warning about this in the Chrome extension. Does that have the same kind of restriction as the app stores?
I was having problems with the TOTP codes not showing up after getting premium, but it worked after signing out and in of Bitwarden.
I second this ^^^ I installed the app and created the account via phone, then I searched a way to make 2FA code generation work. I logged in via web valut to import data from previous pass manager and upgraded to premium, but mobile app didn't show anything. After seeing this comment I disconnected and re-connected and now I see the 2FA codes. Seems a sync problem about the type of the account (premium or free)
This is a really bad User Experience. Something needs to be communicated. There is no excuse for the desktop app and browser extension to not communicate "TOTP generation not supported by your account". I think the "in-app purchase" justification is a cop-out. It's time to fix this and stop wasting thousands of hours of human-time trying to find this information.
Great product. Great service. Very reasonable pricing. No complaints there. But, if you accept excuses, you ensure continuation. Every parent knows this.
To reinforce what RichardBronosky said... I just spent an hour trying to work out why my Chrome extension wasn't generating codes and eventually googling found this thread.
Very bad UX!
I also spent quite a while trying to figure out what was wrong On the plus side I learned more about key URI formats here On the downside this frustration could have been avoided if there was any indication at all that there is no user error I love Bitwarden so far and plan to support with a premium membership but if I hadn't found this thread I might have assumed that the product is broken and tried something else
So Bitwarden generates TOTP codes only with a premium membership. Good to know.
I can't complain much cuz I didn't spend too long trying to make it work. Finding this thread saved me a bunch of frustration and time. Thanks :raised_hands:
It took me ~ half an hour to figure this out by finding this thread :( A real shame as the rest of the UX has been great!
I too was confused but thankfully this post cleared up why my free membership will accept the TOTP key but then fails to generate the 6-digit code.
