Keepassxc: [Wishlist] TAN-Wizard for creating TANs (also known from keepass2)

Created on 24 Mar 2018 · 13Comments · Source: keepassxreboot/keepassxc

Hey Guys :)

I dont know if i posted it correctly - but I have something new for the wishlist:

Is it possible also to implement a TAN Wizard ?

Its much easier then add 100 entries manuel for every TAN.
Keepass2 from keepass.info has these feature: If you start the TAN Wizard - it will open a new Window with a bigger form in it.

Each line represent one TAN.

Under this form you have only two options:

Acitvate or disable TAN Numbering with an value field on which number keepass should begin to count.
A smaller form where you can put digits or letters in it to tell keepass that your TANs consisting of digits or letters (Only these charackters set here will be accepted as TANs - all other will be used as delimiter).

Would be nice to see this feature in keepassxc and great work to the devs ;)

Have a nice day

Source

MisterT87

👍14 😕1

Most helpful comment

btw: thanks @droidmonkey for the idea with the CSV import! :+1:
it works like a charm and saves me from fiddling around with mono or a VM just for adding TANs.

DJCrashdummy on 14 Apr 2020

🎉2

All 13 comments

In Europe this makes no sense anymore. I am not sure about the concrete month but some in this year a new law/rule take effect. Usual TAN-lists (also iTAN) are not allowed anymore. All banks will use 2-factor-auth (e.g. mTAN or silly Smartphone apps).

Codeberg-AsGithubAlternative-buhtz on 4 Feb 2019

Yep now I can agree with that. most banks in germany already dropped iTAN support.

I dont know whats about it outside Europe - but in my opinion this issue can be closed :)
EDIT: Thanks for remind me - lost focus of this issue ;)

MisterT87 on 4 Feb 2019

TANs are not used in the USA. Good thing we didn't spend time on this 😁

droidmonkey on 4 Feb 2019

Paper TAN lists are one of the easiest and most secure forms of 2FA. I have absolutely no conception of why TAN Apps or SMS TAN would be considered more secure. The only thing that beats it is a dedicated self-contained 2FA token.

phoerious on 4 Feb 2019

👍1

@phoerious You are correct - they are not more secure. When money got lost or stolen the insurance of the bank will pay that back when you used paper TAN. But when you use mTAN or any other (more proofen unsecure) procedure you have to proof that it wasn't your fault (what is inpossible).

Practicly: Changing to mTAN save insurance money for the bank.

Codeberg-AsGithubAlternative-buhtz on 4 Feb 2019

I used this feature several times for 2FA Backup Codes...
I could have sworn it was in KeepassXC but I guess I remember it from the original Keepass.

Anyways I would like to have this feature back.

Robotic-Brain on 18 May 2019

👍2

All services I have used provide you 2FA backup codes. Just copy/paste them into the entry notes.

droidmonkey on 18 May 2019

Yes, those are the ones I mean... (I've never seen a service where you generate them yourself)
Here on Github for example they use a set of 16 backup codes. Copy/pasting them in individual entries is quite tedious. So the TAN wizard was very useful for that.

Entry notes are not protected and extended attributes are also not ideal.

Ultimately it boils down to a more useful import feature...
Currently importing a CSV file tries to generate a completely new database instead of creating a new group.

There might be a workaround: 1. Import; 2. Merge From Database
I have not tried that yet.

Robotic-Brain on 27 May 2019

Everything in your database is protected at rest. Nothing is protected when the database is unlocked. We restrict access to memory from other processes, but don't be fooled into thinking passwords of entries are more protected then notes of entries. It is all literally stored and accessed the same exact way.

droidmonkey on 28 May 2019

In Europe this makes no sense anymore.

unfortunately i must disagree (read on below)... and this is also just kind of true for the EU & EEA, not europe as a whole, not the SEPA, not the Euro-area.

I am not sure about the concrete month but some in this year a new law/rule take effect. Usual TAN-lists (also iTAN) are not allowed anymore. All banks will use 2-factor-auth (e.g. mTAN or silly Smartphone apps).

it was in September 2019 via the so called "Payment Service Directive 2"... BUT that only takes effect for wire transfer! there are no regulations of this kind for other services like security orders etc.
e.g. i have to work with a freakin investment bank (located in a country within the EU & SEPA which is also a Euro-country since the beginning), which still uses iTANs for confirmations.

i'm not necessarily asking for a full blown TAN-wizzard (although it would be awesome to not have to enter them one by one - well, i can still switch to keepass every once in a while for adding TANs), but at least handling TANs nice and properly (like copying with immediate expiration #862) would really make sense.
anything else for handling TANs in a meaningful way (grouping; a special (pre)view is IMHO not necessary) is already existing.

DJCrashdummy on 14 Apr 2020

At this point we are not going to add anything specifically for TANs. There are existing ways to deal with this (maybe even a CSV import for bulk adds).

droidmonkey on 14 Apr 2020

as i wrote: "i'm not asking for a full blown TAN-wizzard..."

bottom line: the only thing which is needed for a nice TAN handling is a check if the title of an entry is <TAN>, and if so, expire the entry immediately after the "password" is copied.

DJCrashdummy on 14 Apr 2020

👍2

btw: thanks @droidmonkey for the idea with the CSV import! :+1:
it works like a charm and saves me from fiddling around with mono or a VM just for adding TANs.

DJCrashdummy on 14 Apr 2020

🎉2

Was this page helpful?

0 / 5 - 0 ratings