rixxc/KeePassDX
1
0
Fork 0
mirror of https://github.com/Kunzisoft/KeePassDX.git synced 2025-12-04 15:49:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

OTP reworked

Allan Nordhøy
2020-02-27 01:49:40 +01:00
parent e5f01f09f8
commit 80c58047d7
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
OTP.md

@@ -1,23 +1,24 @@
**One-Time Password (OTP)** field can be created in your entry, but this feature is only available with databases in version 2.
A **one-time password (OTP)** field can be created in your entry,
but this feature is only available with databases in version 2.
KeePassDX is compatible with the algorithms:
* **HMAC-based One-time Password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - Standard [RFC 4226](https://tools.ietf.org/html/rfc4226)
* **Time-based One-time Password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and Steam
* **HMAC-based one-time password (HOTP)**. Algorithm that generates a single token from a secret key and a counter. - standard [RFC 4226](https://tools.ietf.org/html/rfc4226)
* **Time-based one-time password (TOTP)**. Algorithm that generates a token every x secondes from a secret key depending on the current time. - Standard [RFC 6238](https://tools.ietf.org/html/rfc6238) and steam.
# 2FA Token Generator
Thanks to the TOTP generation function, **it is possible to use KeePassDX app as a token generator for external services using Two-factor authentication (2FA)**.
Thanks to the TOTP generation function, **it is possible to use theKeePassDX app as a token generator for external services using two-factor authentication (2FA)**.
[[images/OTP/entry_TOTP.jpg]]
This example indicates a generated TOTP token (present in the TOTP field) that can be used to log into your Google account.
_**Please note**: Authentication with several factors does not necessarily mean TOTP.
Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a key file, the database uses two authentication factors.
Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc ...)_
Indeed, 2FA is a concept which is also used for unlocking a KeePass database. If a database is encrypted with a password **and** a keyfile, the database uses two authentication factors.
Not to be confused with the generation of tokens by KeePassDX, used to open external accounts (Google, Amazon, etc.)_
# Configuration
The secret key is an important element! This is a sensitive data that allows you to unlock the associated service using a generated token.
**It is not recommended to store these secret key and the password of a same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_
The secret key is an important element! This is sensitive data that allows you to unlock the associated service using a generated token.
**It is not recommended to store this secret key and the password of the same service in the same KeePass database.** _(It would be like having a door with 2 locks but putting the 2 keys on the same keychain.)_
For example, if you have a two-factor Google authentication, it is recommended to have two KeePass databases. In the first, your Google password, and in the second, the secret key that generates the TOTP token.
@@ -30,10 +31,10 @@ For example, if you have a two-factor Google authentication, it is recommended t
[[images/OTP/TOTP_RFC6238_form.jpg]]
## TOTP Steam
Steam unfortunately does not use the standardized TOTP algorithms but a specific one.
Steam unfortunately does not use the standardized TOTP algorithms, but instead a custom one.
**This special algorithm has been implemented in KeePassDX and is configurable in the Pro version!**
[[images/OTP/TOTP_Steam_form.jpg]]
## QR Code
KeePassDX does not yet use the QR codes provided by TOTP services. But you just have to extract parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it in the fields provided. If some parameters are not indicated, simply leave those of the default form.
KeePassDX does not yet use the QR codes provided by TOTP services. You can however extract the parameters (secret key, algorithm, period, digits) with an external [code reader](https://f-droid.org/en/packages/com.google.zxing.client.android/) and copy it into the fields provided. If some parameters are not indicated, simply leave those of the default form.