Sync Verification Codes
Connect Authenticator with Password Manager to sync your TOTP codes. Once activated, the Bitwarden apps stay synchronized with any codes you add or edit (except local codes). This helps you find and use TOTPs quickly from either app:
You can sync codes from all your Password Manager accounts or choose specific ones. Local codes stored in Authenticator can remain separate or move them to Password Manager for access from both apps.
note
If you prefer to save your verification codes in only one Bitwarden app, do not sync your accounts. Instead, there are two options:
Only access codes from your Bitwarden vault: Save the TOTPs with the Password Manger's integrated authenticator and do not turn on your Bitwarden account's Allow authenticator syncing app setting. This means that none of the codes saved within that specific Bitwarden account will be visible in Authenticator.
Only access codes from the Authenticator app: When first adding the code to Authenticator, select Save here to add it as a local code. These codes are not connected to your Bitwarden account, so they cannot be found anywhere in your Bitwarden vault.
Codes already saved in your Bitwarden vault as a login item can be synced with Authenticator. If you have local codes, meaning TOTPs that are only saved on your device and accessed via Authenticator, you need to copy those codes to your Password Manager vault. Once the codes are located in your vault, they will sync like the other TOTPs.
To sync TOTPs between both Bitwarden apps:
Ensure that Bitwarden Authenticator and Bitwarden Password Manager are installed on your device.
In Password Manager, log in to the account you want to sync with Authenticator.
Tap the Settings icon.
Tap Account security.
Toggle on Allow authenticator syncing.
(Optional) To sync additional Password Manager accounts, repeat steps 2-5 for each one. The setting must be toggled on separately in every Password Manager account. You can sync with as many accounts as you want.
Authenticator organizes codes into two groups: local codes and synced codes from Password Manager. Verify that your Password Manager TOTP codes appear under your account email heading in Authenticator:
SCREENSHOT
You can manually copy a local code to your Bitwarden vault for access from both apps. To copy and move a local code to Password Manager:
In Bitwarden Authenticator, long press the code.
Tap Copy to Bitwarden vault.
This will open Password Manager and search for a matching login item.
If a matching login item is found, tap the login item. Edit or enter any additional details and tap the Check icon when done.
If no matching login item is found, tap New item. Edit or enter any additional details and tap the Check icon when done.
note
Manually copying a code is a one-way transfer that does not depend on the Allow authenticator syncing setting in Password Manager. This sync setting only controls if TOTPs saved in your vault are made visible in Authenticator. If you only want to move local codes from Authenticator to your Bitwarden vault, do not turn on the setting.
Though the core key exchange workflows are the same from platform-to-platform, the secure storage and communication methods that facilitate sync between Password Manager and Authenticator are specific to Android and iOS:
When Allow authenticator sync is activated in Password Manager:
A global symmetric key is generated by the Password Manager client and shared with Authenticator through the Android Interface Definition Language (AIDL).
note
The AIDL is an interprocess communication (IPC) abstraction that allows Authenticator and Password Manager to securely exchange data without granting access to any other component of your device.
Your preexisting account encryption key is locally persisted.
When you open Authenticator and Allow authenticator sync is activated:
A request is made to Password Manager through AIDL.
Responding to the request, Password Manager temporarily decrypts your item data with the persisted account encryption key and re-encrypts that data with the global symmetric key.
Using AIDL, Password Manager sends re-encrypted authenticator keys, display names, and usernames to Authenticator. No sensitive data is passed unencrypted through AIDL.
Authenticator receives your re-encrypted authenticator keys, display names, and usernames and decrypts that data with the shared global symmetric key.