Invalid TOTP codes

[vbtrek]

Bitwarden sems to be generating invalid TOTP codes. My data was imported from 1password. The codes from 1password work correctly, I have also added the same codes to Authy and when I put Authy / 1password and bitwarden side by side Authy and 1passwords TOTP codes match and bitwarden is wrong.

Any ideas why?

[kspearrin]

That's weird. Are you comparing on the same device?

[vbtrek]

Authy is on my iPhone, bitwarden Vault in opera on my laptop, and 1password desktop also on my laptop. Example of the same login in 1password in the foreground and the same login in bitwarden in the background.

It's exactly the same otpauth url in both bitwarden and 1password.

[kspearrin]

If you are comparing on different devices it could be a time sync issue. Ensure your system time is correct on each. Else it could be that the keys are being parsed differently. For example, does your key have any spaces in it? Are you sure the keys are exactly the same in both systems?

[vbtrek]

I thought that, but both Authy and 1password on the iphone and 1password on the windows laptop all show the same TOTP at the same time, however bitwarden doesn't. bitwarden on the iphone matches the bitwarden web vault on my windows laptop. I can't see any time sync issues. I'll try rescanning the QR code using bitwarden and see if that give me a valid TOTP.

[kspearrin]

Well, if you are re-scanning QR codes you most likely will get a different TOTP key. If the keys are different you will get different codes. You need to compare the keys in both programs and see what is different.

[vbtrek]

The keys are currently identical, they were imported. I have also tried cutting and pasting from 1password into bitwarden and saving, but still the TOTP code is different.

[kspearrin]

Do the keys have spaces? Are all characters valid base 32 characters?

[vbtrek]

No spaces here's an example: "otpauth://totp/Microsoft:email@server.com?secret=1234567890ABCDEF&issuer=Microsoft" (i've changed the email address and secret!). I've got TOTP setup for a number of services: Microsoft / Google / email / Facebook and they are all wrong in bitwarden.

[kspearrin]

That's not a valid TOTP key. They key in this case would just be "1234567890ABCDEF"

[vbtrek]

Right, that's what was imported from 1password. Let me change it and try again.

[vbtrek]

Awesome, that's done it, i'll go through an update them all. Maybe something to note for the 1password importer. Thanks for all your help.

[kspearrin]

How are the values actually stored in 1Password? Are they 1234567890ABCDEF or otpauth://totp/Microsoft:email@server.com?secret=1234567890ABCDEF&issuer=Microsoft?

[vbtrek]

The full URL, example in screenshot from 1password editor:

[kspearrin]

In my experiencing that's not how most people have them stored in there. If you were to make it just 1234567890ABCDEF in 1Password does it work the same?

[vbtrek]

Yes it does work, so both the otpauth url and just the 123456789ABCDEF work the same and produce the same TOTP code. Interestingly the 1password one time password generator (the grey circle icon at the end of the texbox) generates an otpauth url for you. Also, all the TOTP's I have stored were captured using the iphone and the QR code scanner which must also store the full otpauth URL.

[kspearrin]

Hmm. When I tested the importer for 1Password I don't recall seeing otpauth URLS for them. Is this 1Password 4 or 6?

[vbtrek]

1password 4.

[kspearrin]

Ok, that must be different than 1Password 6, which is what I used to test. Thanks.

[vbtrek]

Thank you too.

[917huB]

Ive just imported into 1.25.1 from a 1Password 6.8.8 export and found the OTP code was as reported above, i.e "otpauth://totp/Coinbase:coinbase@xyz.uk?secret=xxxxyyyyyzzzz1111&issuer=Coinbase" and not just the xxxyyyzzz1111 bit. Correcting the OTP code to just the secret resolves any issues.