From 085555caff8d42e16faff4c3ac22cb1826dc6ff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20JAMET?= Date: Fri, 31 Jan 2020 21:39:22 +0100 Subject: [PATCH] Updated OTP (markdown) --- OTP.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/OTP.md b/OTP.md index 3f9d0a9..aa8dcb4 100644 --- a/OTP.md +++ b/OTP.md @@ -1,12 +1,10 @@ -# OTP - **One-Time Password (OTP)** field can be created in your entry, but this functionality is only available with databases in version 2. KeePassDX is compatible with the algorithms: * **HMAC-based One-time Password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - Standard [RFC 4226](https://tools.ietf.org/html/rfc4226) * **Time-based One-time Password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and Steam -## 2FA Token Generator +# 2FA Token Generator Thanks to the TOTP generation function, **it is possible to use KeePassDX app as a token generator for external services using Two-factor authentication (2FA)**. [[images/OTP/entry_TOTP.jpg]] @@ -16,26 +14,26 @@ _**Please note**: Authentication with several factors does not necessarily mean Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a key file, the database uses two authentication factors. Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc ...)_ -## Configuration +# Configuration The secret key is an important element! This is a sensitive data that allows you to unlock the associated service using a generated token. **It is not recommended to store these secret key and the password of a same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_ For example, if you have a two-factor Google authentication, it is recommended to have two KeePass databases. In the first, your Google password, and in the second, the secret key that generates the TOTP token. -### HOTP +## HOTP [[images/OTP/HOTP_form.jpg]] -### TOTP +## TOTP [[images/OTP/TOTP_RFC6238_form.jpg]] -### TOTP Steam +## TOTP Steam Steam unfortunately does not use the standardized TOTP algorithms but a specific one. **This special algorithm has been implemented in KeePassDX and is configurable in the Pro version!** [[images/OTP/TOTP_Steam_form.jpg]] -### QR Code +## QR Code KeePassDX does not yet use the QR codes provided by TOTP services. But you just have to extract parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it in the fields provided. If some parameters are not indicated, simply leave those of the default form.