rixxc/KeePassDX
1
0
Fork 0
mirror of https://github.com/Kunzisoft/KeePassDX.git synced 2025-12-04 15:49:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated OTP (markdown)

Jérémy JAMET
2020-01-31 21:39:22 +01:00
parent 355f4b9afb
commit 085555caff
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
OTP.md

@@ -1,12 +1,10 @@
# OTP
**One-Time Password (OTP)** field can be created in your entry, but this functionality is only available with databases in version 2.
KeePassDX is compatible with the algorithms:
* **HMAC-based One-time Password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - Standard [RFC 4226](https://tools.ietf.org/html/rfc4226)
* **Time-based One-time Password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and Steam
## 2FA Token Generator
# 2FA Token Generator
Thanks to the TOTP generation function, **it is possible to use KeePassDX app as a token generator for external services using Two-factor authentication (2FA)**.
[[images/OTP/entry_TOTP.jpg]]
@@ -16,26 +14,26 @@ _**Please note**: Authentication with several factors does not necessarily mean
Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a key file, the database uses two authentication factors.
Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc ...)_
## Configuration
# Configuration
The secret key is an important element! This is a sensitive data that allows you to unlock the associated service using a generated token.
**It is not recommended to store these secret key and the password of a same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_
For example, if you have a two-factor Google authentication, it is recommended to have two KeePass databases. In the first, your Google password, and in the second, the secret key that generates the TOTP token.
### HOTP
## HOTP
[[images/OTP/HOTP_form.jpg]]
### TOTP
## TOTP
[[images/OTP/TOTP_RFC6238_form.jpg]]
### TOTP Steam
## TOTP Steam
Steam unfortunately does not use the standardized TOTP algorithms but a specific one.
**This special algorithm has been implemented in KeePassDX and is configurable in the Pro version!**
[[images/OTP/TOTP_Steam_form.jpg]]
### QR Code
## QR Code
KeePassDX does not yet use the QR codes provided by TOTP services. But you just have to extract parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it in the fields provided. If some parameters are not indicated, simply leave those of the default form.