-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A wiki / documentation / tutorial for TOTP in KeePass2Android + some reports #1248
Comments
Thanks a lot for this suggestion of documentation! Very helpful! |
KeePass2Android will generate TOTP if the entry contains a field named otp. Some pages display the secret as groups of 4 characters separated by spaces for improved readability. In the meantime, you can manually remove them. |
Thanks a lot for these clarifications @Rookiestyle ! |
Thank you very much for this, I found this doc very useful - it allowed me to solve my problem (otp value was not in uri format, - for I don't know what reason since it was just one of my entries wasn't, had me stumped for ages until I found this!) |
Hello there, simple question = how to install the KeePass OTC plugin in keepass2android ?
so for now I can't make it work in my keepass2android. Thank you in advance for any hint / help. |
KeePassOTP is a plugin for KeePass, not a plugin for KeePass2Android. If you use it within KeePass and decided to go for the OTP storage within the respective entry approach as described in KeePassOTP's wiki, KeePass2Android will generate otp codes as well and no further action is required. |
Hello @Rookiestyle , thanks, this is clear then. So to set up (T)OTP for a given entry card in a DB managed by keepass2android, we have to:
@Phelo972 , you might want to add that in your description at the top ? Thank you to both, aaFn. |
You can also edit the entry in KeePass2Android and do "Configure TOTP" |
Sorry if I missed it in the thread above, but will this all work if I maintain a separate database within KeePassOTP? (My goal is to maintain 2FA.) |
No, this won't work. |
Does someone knopw if there any plan to have OTP management which is built-in in native Keepass for Windows (so dont require any plugin) supported in keepass2android? |
What about OTP storage in a separate database? |
Hey @PhilippC can you please get ahold of me (jenssey@gmail.com) - my spouse uses one of your apps and he recently passed away. |
I have added https://github.com/PhilippC/keepass2android/blob/master/docs/Generating-TOTPs.md based on the documentation created here. I added some more details and updated some parts. For the feature requests mentioned above, there are already open tickets, so I am closing this issue. |
Hello,
First of all thanks for this great work resulting in KeePass2Android!
I'm new on things like GitHub so sorry if there is a better way to submit what I'm requesting.
Anyway it would be very useful to write some doc / tutorial for TOTP and its application in KeePass2Android, as I've struggled a lot to find all the infos to use properly TOTP in KeePass2Android.
Here I put (meanwhile) a kind of draft documentation for those who, like me, didn't know anything about all of these before starting with KeePass + some reports for TOTP in KeePass2Android.
Changelog:
March 13th, 2021: Added reference to aaFn comment
May 13th, 2020: Added informations from Rookiestyle and reference to Rookiestyle comment
May 6th, 2020: Initial version
TOTP in brief
TOTP stands for Time-based One-Time Password algorithm which is one of the most common way proposed by websites to do a two-factor authentication (2FA).
On these websites, this option will often be mentioned in the 2FA configuration menu as things like "use code generated by an application", "use [Google] Authenticator app".
You're prompted to scan a QR code with the app, which essentially contains a code called "seed", usually with a form like "AZER TYUI OPQS DFGH JKLM", used to generate TOTPs. The seed can be also directly copied if there is no scanning option on the app.
Most common apps:
TOTP in KeePass and benefits
In KeePass (by Dominik Reichl) there are currently 3 plugins wich enables this Authenticator app ability:
The greatest benefits are:
For what I know (I use KeePassOTP), in the configuration which works with KeePass2Android (i.e. not in a separate database), the plugin generates 2 (now 1 in the last update) custom fields in a classic KeePass entry (if a TOTP is set).
These fields enable the plugin to generate TOTPs for the entry.
TOTP in KeePass2Android (+ the reports)
(I'm French so I translate from how it's displayed on the French version of the app)
* : Make sure that the URI doesn't contain spaces, otherwise KeePass2Android will fail to generate TOTPs as a space is an invalid character. If your URIs have spaces, check this comment.
[1st report: the original TrayTotp plugin doesn't even exist anymore, so naming the section like this is not very clear for newbies, maybe change the name of this section with something more relevant like "2 factor auth. - TOTP"]
[2nd report: Bad French translation of "field name", should be "Nom du champ" not "Nom de domaine" (it misled me), also "seed" shouldn't be translated (potentially put "Nom du champ du "seed code" TOTP")] EDIT: I did the job on Crowdin
This field will be also available in the special KeePass2Android one-line keyboard at the end.
[3rd report: Would be great if TOTP button could appear just after the password button !]
[4th report: in case of field in Key Uri Format, KeePass2Android fails to generate the TOTP if there are spaces in the seed inside the Uri, i.e.
otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDM VJECJJW SRB3HWI ZR4IFUG FTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
instead of
otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
][5th report: I use the KeePass2Android AutoFill plugin, and when I have a TOTP to submit, I have to reopen KeePass2Android to search for the entry and activate the one-line keyboard. So that ruins the AutoFill plugin time gain. Isn't it possible to trigger a "xxx entry is available" notification just after the Autofill plugin action in order to quickly access to the TOTP ?"]
The text was updated successfully, but these errors were encountered: