19
2FA with Keepass (lemmy.world)
submitted 1 year ago by echo0618@lemmy.world to c/support@lemmy.world
6 comments fedilink hide all child comments

To integrate 2FA with keepass perform the following steps

  1. Enable 2FA in settings, save it . If 2FA installation link button is not visible, refresh page to see it.

  2. Copy the link and extract the secret key from it. Example: otpauth://totp/Lemmy.world:echo0618secret=XXXXXXXXXXXXXXXXXXXXXXX&algorithm=SHA256&issuer=Lemmy.world Here secret key = XXXXXXXXXXXXXXXXXXXXXXX

  3. Go to keepass and setup your TOTP with the secret key and use custom setting to generate the key, with Algorithm = SHA-256, keeping the other settings unchanged

https://lemmy.world/pictrs/image/ace6eb80-daf0-4dcb-9a45-919ae9e74e4e.png

  1. Save the TOTP changes. Go incognito mode and login.
top 6 comments
sorted by: hot top controversial new old
[-] narwhal@lemmy.ml 7 points 1 year ago

While it's possible, I believe it's still best to seperate your passwords and 2FA.

Saving both in one place kinda defeats the purpose of 2FA.

[-] s08nlql9@lemm.ee 2 points 1 year ago

yep this is the way

[-] ArrogantAnalyst@feddit.de 2 points 1 year ago* (last edited 1 year ago)

True. PSA: if you want the convenience of something like Authy, but with an open source e2e approach: there’s Ente Auth. I’m using it since about a month.

https://github.com/ente-io/auth

EDIT: I also successfully used this (very hacky) approach to extract all my TOTP secrets from Authy (which they normally don’t allow), brought them into the correct format with a small powershell script and imported them successfully into Ente Auth. But beware: it’s really really hacky.

[-] marmarama@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Agreed, don't do this. If your system is compromised, then the moment you unlock your Keepass database, even just once, the attacker now has both your passwords and your TOTP keys and can impersonate you anywhere.

Where I work we are phasing out TOTP in favour of FIDO2 keys, and the ability for users to store TOTP keys in a password database alongside their passwords is one of the key reasons.

[-] JakenVeina@lemm.ee 2 points 1 year ago

Been using KeePass for over a decade now and didn't realize it could do this. Thanks for the tip.

[-] TurnItOff_OnAgain@lemmy.world 2 points 1 year ago

Just a note that 2fa wouldn't have helped with the most recent vulnerability. The attackers were grabbing your already authenticated session and re-using that.

this post was submitted on 10 Jul 2023
19 points (100.0% liked)

Lemmy.world Support

3227 readers
2 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge

You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

founded 1 year ago
MODERATORS
ruud@lemmy.world
MrKaplan@lemmy.world
jelloeater85@lemmy.world
lwadmin@lemmy.world
Serinus@lemmy.world