diff --git a/OTP.md b/OTP.md index 16988e2..4200b60 100644 --- a/OTP.md +++ b/OTP.md @@ -1,23 +1,24 @@ -**One-Time Password (OTP)** field can be created in your entry, but this feature is only available with databases in version 2. +A **one-time password (OTP)** field can be created in your entry, +but this feature is only available with databases in version 2. KeePassDX is compatible with the algorithms: - * **HMAC-based One-time Password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - Standard [RFC 4226](https://tools.ietf.org/html/rfc4226) - * **Time-based One-time Password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and Steam + * **HMAC-based one-time password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - standard [RFC 4226](https://tools.ietf.org/html/rfc4226) + * **Time-based one-time password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and steam. # 2FA Token Generator -Thanks to the TOTP generation function, **it is possible to use KeePassDX app as a token generator for external services using Two-factor authentication (2FA)**. +Thanks to the TOTP generation function, **it is possible to use theKeePassDX app as a token generator for external services using two-factor authentication (2FA)**. [[images/OTP/entry_TOTP.jpg]] This example indicates a generated TOTP token (present in the TOTP field) that can be used to log into your Google account. _**Please note**: Authentication with several factors does not necessarily mean TOTP. -Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a key file, the database uses two authentication factors. -Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc ...)_ +Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a keyfile, the database uses two authentication factors. +Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc.)_ # Configuration -The secret key is an important element! This is a sensitive data that allows you to unlock the associated service using a generated token. -**It is not recommended to store these secret key and the password of a same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_ +The secret key is an important element! This is sensitive data that allows you to unlock the associated service using a generated token. +**It is not recommended to store this secret key and the password of the same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_ For example, if you have a two-factor Google authentication, it is recommended to have two KeePass databases. In the first, your Google password, and in the second, the secret key that generates the TOTP token. @@ -30,10 +31,10 @@ For example, if you have a two-factor Google authentication, it is recommended t [[images/OTP/TOTP_RFC6238_form.jpg]] ## TOTP Steam -Steam unfortunately does not use the standardized TOTP algorithms but a specific one. +Steam unfortunately does not use the standardized TOTP algorithms, but instead a custom one. **This special algorithm has been implemented in KeePassDX and is configurable in the Pro version!** [[images/OTP/TOTP_Steam_form.jpg]] ## QR Code -KeePassDX does not yet use the QR codes provided by TOTP services. But you just have to extract parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it in the fields provided. If some parameters are not indicated, simply leave those of the default form. +KeePassDX does not yet use the QR codes provided by TOTP services. You can however extract the parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it into the fields provided. If some parameters are not indicated, simply leave those of the default form.