To integrate 2FA with keepass perform the following steps

  1. Enable 2FA in settings, save it . If 2FA installation link button is not visible, refresh page to see it.

  2. Copy the link and extract the secret key from it. Example: otpauth://totp/Lemmy.world:echo0618secret=XXXXXXXXXXXXXXXXXXXXXXX&algorithm=SHA256&issuer=Lemmy.world Here secret key = XXXXXXXXXXXXXXXXXXXXXXX

  3. Go to keepass and setup your TOTP with the secret key and use custom setting to generate the key, with Algorithm = SHA-256, keeping the other settings unchanged

https://lemmy.world/pictrs/image/ace6eb80-daf0-4dcb-9a45-919ae9e74e4e.png

  1. Save the TOTP changes. Go incognito mode and login.
  • narwhal@lemmy.mlEnglish
    0·
    1 year ago

    While it’s possible, I believe it’s still best to seperate your passwords and 2FA.

    Saving both in one place kinda defeats the purpose of 2FA.

    • ArrogantAnalyst@feddit.deEnglish
      0·
      1 year ago

      True. PSA: if you want the convenience of something like Authy, but with an open source e2e approach: there’s Ente Auth. I’m using it since about a month.

      https://github.com/ente-io/auth

      EDIT: I also successfully used this (very hacky) approach to extract all my TOTP secrets from Authy (which they normally don’t allow), brought them into the correct format with a small powershell script and imported them successfully into Ente Auth. But beware: it’s really really hacky.