[GH-ISSUE #1105] "Token number length" is incorrect on login page #781

New issue

Closed

opened 2026-03-03 02:03:09 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 02:03:09 +03:00

Owner

Originally created by @klausmcm on GitHub (Aug 17, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1105

Subject of the issue

When signing into a vault that has two 2FA enabled using email, the token length shown by the page does not match the length set in the admin settings page

Admin settings

Your environment

Bitwarden_rs version: 1.16.1

Install method: Docker
Clients used: Firefox
Reverse proxy and version: nginx
Version of mysql/postgresql: MariaDB 10.4
Other relevant information:

Steps to reproduce

See above for screenshots.

Expected behaviour

In my case, I set the length to 8. The login page should say that a token of length 8 has been emailed.

Actual behaviour

The login page says that a token of length 6 has been emailed.

Relevant logs

Originally created by @klausmcm on GitHub (Aug 17, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1105  ### Subject of the issue When signing into a vault that has two 2FA enabled using email, the token length shown by the page does not match the length set in the admin settings page Login page ![image](https://user-images.githubusercontent.com/14914359/90421371-27fae580-e06e-11ea-9993-87e855fa107a.png) Admin settings ![image](https://user-images.githubusercontent.com/14914359/90421432-3ba64c00-e06e-11ea-90e4-051ceb1f0b24.png) ### Your environment  * Bitwarden_rs version: 1.16.1  * Install method: Docker * Clients used: Firefox * Reverse proxy and version: nginx * Version of mysql/postgresql: MariaDB 10.4 * Other relevant information: ### Steps to reproduce See above for screenshots. ### Expected behaviour In my case, I set the length to 8. The login page should say that a token of length 8 has been emailed. ### Actual behaviour The login page says that a token of length 6 has been emailed. ### Relevant logs

kerem closed this issue

2026-03-03 02:03:10 +03:00

kerem commented

2026-03-03 02:03:10 +03:00

Author

Owner

@jjlin commented on GitHub (Aug 17, 2020):

The Enter the 6 digit verification code... message is hardcoded into the clients, so there's nothing that can be done on the bitwarden_rs side. You could potentially rebuild the web vault with a different message, but the mobile clients will still be an issue.

I doubt upstream Bitwarden would be receptive to fixing this, unless they can first be convinced to add a customizable length for verification codes. If that's important to you, you could try making a feature request at https://community.bitwarden.com/c/feature-requests/5/.

@jjlin commented on GitHub (Aug 17, 2020): The `Enter the 6 digit verification code...` message is hardcoded into the clients, so there's nothing that can be done on the bitwarden_rs side. You could potentially rebuild the web vault with a different message, but the mobile clients will still be an issue. I doubt upstream Bitwarden would be receptive to fixing this, unless they can first be convinced to add a customizable length for verification codes. If that's important to you, you could try making a feature request at https://community.bitwarden.com/c/feature-requests/5/.

kerem commented

2026-03-03 02:03:11 +03:00

Author

Owner

@klausmcm commented on GitHub (Aug 17, 2020):

That's unfortunate. Maybe that should not be an option to change as an admin at this point then? If the message says that I should expect a 6 digit code then I'd be very surprised to receive a code that's any other length.

@klausmcm commented on GitHub (Aug 17, 2020): That's unfortunate. Maybe that should not be an option to change as an admin at this point then? If the message says that I should expect a 6 digit code then I'd be very surprised to receive a code that's any other length.