Keepassxc: Close TOTP Security Hole: Allow User To Separate TOTP Database From User/Pass Database
Current functionality:
TOTP secret is included with the entry with username and password.
Security hole:
If database is compromised, attacker has everything (including 2F codes) in one database.
More secure solution:
Allow user to place TOTP secrets in a separate database.
What this enables:
TOTP database could be stored on a thumb-drive. User/pass database stored on the computer. But both aren't in the same location for an attacker to get access to.
It also enables sand-boxing TOTP secrets with additional protections, such as Yubikey and/or key file.
TOTP & user/pass database can both be set to auto open at the same time. Using an auto open entry. Friction wouldn't be increased. But the security would be much stronger.
Workaround (Jenky, but works):
1) Make a full complete database with user/pass and TOTP secrets.
2) Duplicate it.
3) In 1 database, remove all the TOTP secrets.
4) In the other database, remove all the usernames/passwords.
That is the only way I've found to maintain the TOTP auto fill functionality.
Problem with this workaround:
If the database is updated, the link between the 2 databases gets broken.
Desired behavior
Allow TOTP secrets to be stored in a separate database, yet still auto-fill user/pass and 2F codes.
Possible Solution
Allow TOTP auto-fill to be tied to user/pass using fuzzy logic.
If user/pass database is open, fill in the user/pass. If 2F field is required, look for an associated TOTP with the same or similar URL in any open database.
If multiples are found, allow user to select from drop-down of the TOTP entry titles.
Emily7777
All 2 comments
I'm not sure what the problem is that needs solving. Nothing stops you from having two databases right now and you just make totp entries in the second one. Having auto-open from the first database totally null and voids your additional security. Auto-open requires the password/key file to be put in the first database. If that is compromised then I can get your TOTP database as well.
droidmonkey
on 26 Mar 2020
Yes, you can have two databases. Ideally have TOTP on a separate device like your phone or something.
But I would like to add a suggestion on though, maybe offer a way to merge two databases, for example if you have your passwords database, then make a TOTP database, and have them both on the same device, offer the ability to merge the two, so you can just stay in your main passwords database, and anytime you want to grab something from TOTP you type in the password for the TOTP database.
Now of course this would not be as secure as having TOTP completely seperated on a different device, but would be an improvement for users who already keep them on the same device (like on mobile).
grravity
on 6 Jun 2020
Related issues
shaneknysh
路
3Comments
amvasilyev
路
3Comments
813gan
路
3Comments
rugk
路
3Comments
nfnty
路
3Comments
Most helpful comment
I'm not sure what the problem is that needs solving. Nothing stops you from having two databases right now and you just make totp entries in the second one. Having auto-open from the first database totally null and voids your additional security. Auto-open requires the password/key file to be put in the first database. If that is compromised then I can get your TOTP database as well.