2 FA Directory and KPOTP Field

[BrilliantTrees]

I'm getting to grips with this plug in as part of the wider learning curve on KeePass2 for Windows and so far it's great but there is just 1 thing that I may be misunderstanding and I'd like either

a) an explanation of how I can achieve the desired outcome

or

b) this to be added as a feature request if the functionality doesn't exist please.

By reference to the 2FA directory download the plugin has 2 variations of entry in the "KPOTP" field.

1. The TOTP string if 2FA has been enabled (Hidden or visible)
2. A prompt to "Setup 2FA" if a TOTP code has not been defined.

For those sites where a full TOTP solution is possible these 2 possible entries are perfect and clearly highlight whether you have or haven't set up 2FA and the "Setup 2FA" prompt is really useful as its a constant reminder that you ought to set up 2FA.

However some sites in the 2FA directory don't actually offer full TOTP and may offer SMS or custom hardware 2FA solutions, this is captured by your plugin on the "KeePassOTP" tab so your plug can determine where full TOTP isn't available

But.........................

The problem is that on a site where for instance SMS is the 2FA protocol (and full TOTP is NOT available) and I've already set up SMS based authentication I still see the prompt to "Setup 2FA" in the KPOTP field

What would be perfect is a way to amend the KPOTP field to reflect that SMS authentication (or alternative) is active and that I don't therefore need to be prompted to "Setup 2FA".

This would be checked on startup against the 2FA Directory download and if full TOTP is now available could revert to "Setup 2FA" or highlight the KPOTP field "SMS" entry in Red to show that the 2FA protocol could be upgraded

Hope this makes sense and thanks very much for your hardwork on this plugin its making the switch to a more secure password regime that much easier for me

[Rookiestyle]

I do see the use case but I do not plan to a feature that let's you select which other 2FA approach you use.

I will implement something like this
If other 2FA methods are available, you can flag the entry as Other 2FA is active

• If Other 2FA is active and no TOTP is defined, the column will show 2FA defined
• If Other 2FA is active and TOTP is defined, the column will show the TOTP string as today (hidden or visible)
• If neither Other 2FA is active nor TOTP is defined, the column will show "Setup 2FA" as today

[BrilliantTrees]

OK so if I've understood you correctly you are proposing a user selectable 3rd value to sit alongside the TOTP and Setup 2FA values

Your two values are automatic as if

TOTP has been switched on it pulls the TOTP code into KPOTP field
If TOTP is available but not switched on then at present it automatically populates the KPOTP field with the "Setup 2FA" prompt

but as a user if no full TOTP is available but I have for instance set a SMS 2FA protocol then I'll be able to toggle the field to "Other 2FA is active" to prevent the KPOTP field from prompting me.

That would be great. Thanks very much!

What would be even better is if the KPOTP field can be linked to a trigger or message of some sort so that when signing into the database you can receive a prompt to review all your "Setup 2FA" flags once the 2FA directory links have been refreshed - this functionality may exist already but I'm a week into my KeePass learning curve so not familiar with all the clever tricks as yet

[Rookiestyle]

Please test the attached prerelease.
I will finish my tests in the next couple of days and release it afterwards

KeePassOTP.zip

[BrilliantTrees]

Sorry for the silence but been busy for a few days. I reloaded the Plug In with your test version and it appears to function perfectly.

It's easy to toggle on the new setting and it doesn't impact existing TOTP codes where they are already active so on the limited testing I've done so far it does what's intended. Thanks very much!

One small change to satisfy my OCD please before you release the official update .........................Can the "d" in "2FA defined" be capitalised please to read "2FA Defined"

I know you probably don't want to spend significant time recoding but one further development would make this even better and forgive me as not sure how easy this is in coding terms.

Bank A as an example has two 2FA options open to customers at present "sms" & "call" both of which appear in the KeePassOTP options box on the tab within the database record and are updated each time database is opened. There is no option for TOTP with Bank A at present so I opt for sms and toggle the setting to reflect "2FA defined". That's great as it now reflects that I do have a 2FA protocol defined but if 6 months down the line Bank A introduces full TOTP as an option and it pulls through to the database record in the options field it would be fantastic if the KPOTP field could revert to "Setup 2FA" to reflect that the new full TOTP option is open and not yet applied

Thanks again for your really speedy turnaround on my original request