Enabling 2fa on bitwarden.com overwrites vaultwarden 2fa key #1655

New Issue

Closed

opened 2026-02-05 01:26:02 +03:00 by OVERLORD · 4 comments

OVERLORD commented 2026-02-05 01:26:02 +03:00

Owner

Copy Link

Originally created by @freekvh on GitHub (Aug 2, 2023).

Subject of the issue

Enabling 2fa on bitwarden.com overwrites vaultwarden 2fa key in MS authenticator

Deployment environment

• vaultwarden version:

• Install method:

• Clients used:

• Reverse proxy and version:

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

I went to bitwarden.com where I have the same account as in vaultwarden, I enabled 2fa and used MS authenticator to import the key via QR code. There was a warning that it would overwrite or update a key? I didn't think much of it because I may have experimented with bitwarden in the past. But afterwards I found that my vaultwarden key was gone.

Expected behaviour

Making a new TOTP for bitwarden.com leaves my vaultwarden TOTP untouched

Actual behaviour

Bitwarden.com key overwrites vaultwarden TOTP key.

Troubleshooting data

I thought 2fa was at least domain dependent, but apparently some things are exactly the same between vaultwarden and bitwarden.com. Maybe this is obvious to some, but it isn't to me.

Originally created by @freekvh on GitHub (Aug 2, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Enabling 2fa on bitwarden.com overwrites vaultwarden 2fa key in MS authenticator ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Reverse proxy and version: <!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce I went to bitwarden.com where I have the same account as in vaultwarden, I enabled 2fa and used MS authenticator to import the key via QR code. There was a warning that it would overwrite or update a key? I didn't think much of it because I may have experimented with bitwarden in the past. But afterwards I found that my vaultwarden key was gone. ### Expected behaviour Making a new TOTP for bitwarden.com leaves my vaultwarden TOTP untouched ### Actual behaviour Bitwarden.com key overwrites vaultwarden TOTP key. ### Troubleshooting data I thought 2fa was at least domain dependent, but apparently some things are exactly the same between vaultwarden and bitwarden.com. Maybe this is obvious to some, but it isn't to me.

OVERLORD closed this issue 2026-02-05 01:26:03 +03:00

OVERLORD commented 2026-02-05 01:26:07 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Aug 2, 2023):

I'm not sure which version you used to create the key, but if that was before we modified the web-vault to display Vaultwarden instead of Bitwarden, then you are probably right, because that still had the Bitwarden key in there.

So, if you would use the latest version with the modified web-vault it should be fine.

Therefor going to close this is already fixed.

@BlackDex commented on GitHub (Aug 2, 2023): I'm not sure which version you used to create the key, but if that was before we modified the web-vault to display Vaultwarden instead of Bitwarden, then you are probably right, because that still had the Bitwarden key in there. So, if you would use the latest version with the modified web-vault it should be fine. Therefor going to close this is already fixed.

OVERLORD commented 2026-02-05 01:26:12 +03:00

Author

Owner

Copy Link

@freekvh commented on GitHub (Aug 2, 2023):

Ah ok, yeah the key was created a long time a ago, using the new version it should be fine then, I will try to reset 2fa on vaultwarden now then... I good challenge but I bet doable from the cli. Thanx.

@freekvh commented on GitHub (Aug 2, 2023): Ah ok, yeah the key was created a long time a ago, using the new version it should be fine then, I will try to reset 2fa on vaultwarden now then... I good challenge but I bet doable from the cli. Thanx.

OVERLORD commented 2026-02-05 01:26:16 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Aug 2, 2023):

Ah ok, yeah the key was created a long time a ago, using the new version it should be fine then, I will try to reset 2fa on vaultwarden now then... I good challenge but I bet doable from the cli. Thanx.

Via the admin interface you can remove 2fa from your account.

@BlackDex commented on GitHub (Aug 2, 2023): > Ah ok, yeah the key was created a long time a ago, using the new version it should be fine then, I will try to reset 2fa on vaultwarden now then... I good challenge but I bet doable from the cli. Thanx. Via the admin interface you can remove 2fa from your account.

OVERLORD commented 2026-02-05 01:26:19 +03:00

Author

Owner

Copy Link

@freekvh commented on GitHub (Aug 2, 2023):

Yes this worked. Thank you.

@freekvh commented on GitHub (Aug 2, 2023): Yes this worked. Thank you.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1655