Playing with The KeePassXC TOTP Engine

KeepassXC has some built in two-factor TOTP (Google Auth app style) support. This can be handy when you’re pretty much only going to login to a page from a specific laptop.

I spent some time messing around with it this morning. The non-intuitive part is extracting the key. Most sites don’t volunteer this and may offer a manual setup which will provide the key. Alternatively, the key can be acquired using a QR code scanning app.

Depending on how you do this, moving to KeepassXC may result in things being less secure. Two factor is generally regarded to be “something you have and something you know”. But if you use a password manager (and KeePassXC is a password manager) and you store both the secret and the TOTP key in the same database, this can result in having both factors if your database gets popped.

The guidance is to use 2 databases. Of course, this makes it “something you have, and something else you have” which isn’t exactly the same thing… but for anyone using a password manager, that’s been the case for a while now hasn’t it?

An Apple Alternative

If your iCloud Universal Clipboard is in working order, you could just copy it on your phone and paste it on your computer.