Show TOTP: Show the time-based one-time password for authentication.Copy TOTP: Copy the time-based one-time password for authentication.When you right-click the entry once more and select TOTP, you’ll have a few additional options: Paste in the secret key you previously extracted and click OK. Additionally, it will come in handy every time I need to install an authenticator for a new device.Īnyhow, the first step is to add a new entry to the database and then right-click it to select TOTP => Set up TOTP. KeePassXC will give me a fallback option when I don’t have access to my mobile authenticator.
I’ll create a separate KeePassXC database for my 2FA accounts as I don’t want to store them together with the actual account credentials (you could though) for which they provide 2FA. The majority of 2FA capable services nowadays provide you with the secret key during configuration, but in case they don’t, any QR code scanner may be used to retrieve the required information.Ī look at the actual content of a QR code showing the secret key needed for TOTP. The QR code is just a specially crafted URI containing the secret key, issuer, label, and algorithm. Granted, this is usually provided in the shape of a QR code that your authenticator scans and subsequently use to set up the account. When configuring two-factor authentication for a service, you’ll receive a shared secret key to configure your TOTP authenticator. No more returning to work after hours to pick up the cell phone I left behind with my only authenticator. It will function as my primary backup and safe storage while allowing me to configure additional mobile authenticators on the fly. Simply put, I want an open-source cross-platform password manager for the desktop, capable of handling TOTP. An open-source TOTP authenticator with backup capabilities.Īfter exporting 26 2FA accounts in clear-text and painstakingly adding them one-by-one with the TOTP authenticator on the iPad, I concluded that the ability to export and import 2FA accounts wasn’t the be-all and end-all solution I expected it to be. Unsurprisingly, the TOTP application I was using on Android was not available for iOS, and thus my export and import strategy failed at the very first hurdle.įreeOTP+ on Android. The limitations of this strategy became painfully evident when I wanted to use a TOTP authenticator on my iPad.
My old approach relied solely on using time-based one-time password (TOTP) applications capable of exporting and importing 2FA accounts. This has encouraged me to find a more resilient strategy for how I store, manage, and backup my secret keys. The amount of services offering (or even demanding) two-factor authentication (2FA) is ever-increasing.
0 kommentar(er)
