[BWA-213] QR code can't be scanned, while other authenticator apps can scan it instantly

[pamperer562580892423]

Steps To Reproduce

1. Open https://authenticationtest.com/totpChallenge/ on a desktop browser.
2. In the authenticator app, go to +
3. ... then click on Scan a QR code
4. Try to scan the (TOTP) QR code on https://authenticationtest.com/totpChallenge/

Expected Result

The QR code gets scanned as instantly as it worked on the same phone (!) with Aegis, 2FAS, Microsoft Authenticator and Google Authenticator.

Actual Result

Out of about ten (mostly longer) attempts, only one time I could scan the QR code successfully. The other times, the QR code wasn't scanned at all. (I did not even get an error message -- it just didn't get "scanned successfully")

So, important for reproducing: try it a few times, as it might work sometimes (maybe even with the first try).

Screenshots or Videos

The TOTP code in question:

 

Video of one attempt, where I tried to scan the code from different distances etc.:

bw-authenticator-qr-code-cant-be-scanned.mp4

Additional Context

There is an open thread on the Community Forum where other users also reported the same thing happening: https://community.bitwarden.com/t/unable-to-scan-qr-codes-bw-authenticator-app/84749

Some reports, I think, may also indicate that it could also be dependent on certain devices/phones. (I don't know if the cameras might be different, or how the authenticator app can make use of it - or both... or something entirely different)

As written before, I tried to scan that specific test code also with four other authenticator apps (Aegis, 2FAS, Microsoft Authenticator and Google Authenticator) on the same phone (!) - and could scan that code in an instant with all other four authenticator apps.

 

Update 1:

I now tried to scan that same TOTP code with the BW mobile app (by adding a new login item and directly scanning for adding an "authenticator key" - it's a premium BW account). And here, every scan is successful, as instantly as the other four authenticator apps. So there seems to be at least difference between the BW authenticator app and the BW Android mobile app.

The "Environment Details" of my mobile app:
© Bitwarden Inc. 2015-2025
Version: 2025.12.0 (21003)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: f02b374
💻 build source: bitwarden/android/actions/runs/19830126705/attempts/1
🦀 SDK: 1.0.0-3928-2cca3d46
🌩 Server: 2025.12.0 @ EU

 

Update 2:

I found something interesting now after my "Update 1". Because I decided to scan the same QR code with the authenticator app again, after scanning it with the BW mobile app first (i.e. just scanning it there like described in my Update 1, but changing directly after the successful scan to the authenticator app and trying to scan the code there as well). And guess what: when I do that, suddenly the authenticator app can scan that QR code successfully every time I tried it (I stopped after about five attempts - so, now all those five attempts were successful, where before, almost all attempts failed)

 

Build Version

2025.11.1 (1083)

What server are you connecting to?

EU

Self-host Server Version

No response

Environment Details

• Fairphone 5
• Android 15 (Stock-ROM, latest available update)

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for your report! We've added this to our internal board for review.
ID: BWA-213

[pamperer562580892423]

Haha, already an update: I just got authenticator app 2025.12.0 (1114) on my phone... And now with that new version, my "QR code in question" gets scanned instantly.

I'm aware, that this issue now probably will get closed - as the whole case I brought is gone now - but I would like to point out that in the Community Forum thread there is at least one user who reports that even with authenticator app 2025.12.0 they would have a success rate of scanning QR codes of 0% (!) - besides the other reports in the past.

So I can only suggest that this issue should still be further investigated.

Addition: I also now had the chance to test this QR code in question with two other phones (Motorola, Android 16) and authenticator app version 2025.11.1 again, and at least I could reproduce that those two phones also are not able to scan that QR code successfully. - I hope I have a chance to scan that QR code again, when those two phones get authenticator app 2025.12.0.

[SergeantConfused]

Hello @pamperer562580892423,

Thank you for that detailed report. I tested this on Android 14 with Bitwarden Authenticator 2025.11.1 and I was able to reproduce this somewhat. Upon first launching the Authenticator, it is able to scan the QR code in this GitHub report, but any subsequent attempts to scan it fail regardless if I deleted the saved TOTP seed or not; however, if I open the Task Switcher and dismiss the Authenticator and launch it anew, it is then able to scan the QR again even if it already is saved in (it saved another identical TOTP seed). I have flagged this to the Engineering team.

Please feel free to post additional information, such as screenshots or a screen video recordings, if you wish.

Thank you again,

[pamperer562580892423]

@SergeantConfused Thanks for your thoughtful and thorough testing.

I can already add, that for those two Motorola devices I also tested this with (authenticator app version 2025.11.1), I definitely was not able to scan the QR code at all - so, not even with the first attempt, after first launch of the app. (and as the password manager app is not used on those phones, I also didn't try my workaround from "Update 2" of the original post)

For my own phone (FP5) on authenticator app 2025.11.1 (!), I'm not sure if it was the first or a following attempt, where it worked... (only with my "workaround" / "Update 2", I could consistently scan the code every time then)

In sum, this looks very inconsistent across devices, and whatever other conditions. I think this should be kept in mind for further testing and reproducing.

[pamperer562580892423]

@SergeantConfused Short update.

One of the two Motorola phones got authenticator app 2025.12.0 yesterday. And out of about 8 attempts, I could scan the QR code from the original post zero (!) times now. (Moto G9 play, Android 16 / latest Lineage OS)

The user from the linked community forum thread who said they would have a success (!) rate of 0% (!) also has a Motorola device - those were their details:

Make/Model: Motorola G84 5G (XT2347-2)
Android Version: 15

That's only two instances and could be totally random - but I would also investigate a possible "Motorola incompatibility".

(though, I'm also still wondering what makes some QR codes scannable / unscannable - and if some QR codes have some problematic characteristics... at least for some cameras / devices / "drivers" / "software" or whatever...)

[pamperer562580892423]

@SergeantConfused Another short update: I now could also with the second Motorola phone (also Moto G9 play, Android 16 / latest LineageOS) and authenticator app 2025.12.0 (!) test our QR code here: as expected, it doesn't scan the code. (I only made about five attempts now)

So, summary for "my" two Motorola devices: both mentioned Moto G9 play phones can't scan "our" TOTP QR code at all - both with authenticator app versions 2025.11.1 and 2025.12.0, not one single attempt was successful. (but I also didn't try my "workaround" / "Update 2" from the original post with the Motorola phones!)