← Back to Two Factor Authentication Support
As stated in the title. Does the plugin support Bitwarden TOTP key system? I want to be sure before buying it. Thanks for your answer
Hi, currently this plugin does not support the Bitwarden TOTP key system.
I have tried multiple URLS following the
otpauth://totp/ schema, but it wont generate a 6 digit number.
Even with the additional parameters
otpauth://totp/?secret=[SECRET]&digits=6&algorithm=sha1 (which are currently the default settings of the 2FA plugin) it won't generate a 6 digit number unfortunately.
Will have to dive deeper into this. Please send us an email so we keep in touch and give you a follow up on this issue.
Thanks a lot for your fast answer! I will try to search by myself as well to check if we can add another Key type in the Bitwarden TOTP!
Basically the plugin does generate an URL with the
otpauth:// schema. I have to play with the settings of the underlying package which generates the key.
I'm happy to look into it for you, but it will take some time.
To be fully transparent, we are using the
pragmarx/google2fa package for generating the secret. If you are able to generate a working OTPAUTH URL which generates a 6 digit code with this package, that would help us a lot to implement this quicker.
Did some further research on this issue.
Seems that OTP is only supported at a Premium plan. That's why I couldn't get it to work. The Mac Client does not mention anything and just generates a random (not 6 digits) code. Which is not accepted when setting up two factor authentication in October CMS.
I found out by using the web client of Bitwarden that you need a Premium plan for it to work.
So I'm pretty sure it will work with our plugin when I read this:
The Bitwarden Authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use Two-step Login. The Bitwarden Authenticator generates 6-digit Time-based One-time Passwords (TOTPs) using SHA-1 and rotates them every 30 seconds.
Our plugin uses the default algorithm (SHA1) and generates a TOTP.
Please let me know your findings, because I cannot test it properly without having a Premium plan for Bitwarden.
Ok so quick update since you cannot test it without premium I wanted to help you find out and I bought the Plugin. I tested it by putting the secret key that was generated to the TOTP field on my Bitwarden and the answer is yes it works! I get the same generated token across my Google Auth and my Bitwarden EDIT: I just pasted the generated token without adding anything like otpauth://totp/
Great to hear! Thanks for letting us know. Now we can add it to our supported list ;-)
1-7 of 7