Gerardv514
commented
1 month ago I suffered from spaces in the TOTP key as well; I've submitted my findings to Bitwarden Support via email.
I exported 30+ totp items from Bitwarden Application (the integrated totp's). I then imported these items into Bitwarden Authenticator and since this was a new app I was skeptical about issues, therefore I counted up all items in BW Authenticator app. Sure enough I was missing 4 items without warning!! This is bad since if I would have not counted up and realized some were missing I would have wiped out the TOTP's from my original TOTP app, thus I would have been LOCKED OUT of these 4 accounts. For me (tech savvy guy) I have recovery codes and I double check this stuff, but to someone who does not think about this stuff (the less tech savvy person) will have potentially irreversible harm with this. Upon checking to see what is common among these 4 items, all of them were about 32 characters in length and the TOTP key was dividing into sections of 4 characters.
Upon manually entering these keys into BW Authenticator app I received the above error as well. Therefore, if you import TOTPs into BW Authenticator any item containing a key with spaces will be IGNORED.
Technically I think there's two issues here that need to be addressed:
1) There are sites that provide TOTP keys with spaces, you have to allow that in. The BW app, integrated TOTP allows it.
2) When importing TOTP keys, these items should have errored letting the user know it wasn't imported. At the very least prompt a message stating XX number of items were imported successfully, maybe cross check your list even before destroying the previous TOTP app.
Steps To Reproduce
Expected Result
It would be nice if the key needn't be modified by deleting the spaces manually.
Actual Result
The app reports "Error reading the key".
Screenshots or Videos
No response
Additional Context
No response
Build Version
2023.5.0 (38)
Environment Details
Issue Tracking Info