Posted on Leave a comment

KeePassXC, KeePass2Android & OTP

My beloved KeepassX has not seen a release since 2016, but a newer fork entitled KeePassXC has. The latest version looks very much the same when viewed from LMDE3 with a dark theme. The added functionality is quite nice: A TOTP Seed and Code Generator.

OTP / TOTP Seed + Generator

OTP in software (virtual device) is needed, and is the most convenient approach to having some kind of 2FA (two-factor authentication). This means not only a password but some other kind of evidence is needed. Sometimes this key is tied to a device (as in the case of the Google Authenticator). When not virtual, it is a dedicated hardware device (banks like to make you have their particular hardware device), though there can be multiple copies of the hardware device (as in multiple Yubikeys). The problem with a single virtual device is the well-known issue of losing it (such as a phone that the software is kept on). Backups can be made of seed codes (QR Codes and/or the string that is represented).

Authy Apps, Synchronization, and Cloud Backup

Authy is the best (and free) solution, though it does have a third-party involved (namely their cloud backup/sync application). Other than that, it is a reasonable approach and beats out Google Authenticator, and the sheer add once, access across multiple apps is definitely a modern desire. That said, if it were possible to have seeds in a more generic encrypted database with access to generated codes, that would be better (especially if multi-device, cross-platform). Well that is exactly what KeePassXC and KeePass2Android support. This was a revelation for me.

KeePassXC Desktop Application

KeePassXC is a fork of a fork, most recently to spur the development of what was KeePassXC that had very slow development, and is now dormant. The ability to do OTP was originally a plugin for the original KeePass (which supports plugins). Now we have something with a built-in function, and also includes some enhancements from the older (and still serviceable) KeePassX, which unfortunately has 85 open pull requests in github (come on, give someone else ownership of this project, already).

Keepass2Android Mobile Application

The most serviceable Android Keepass2 implementation is the aptly named Keepass2Android, which is actively developed and available through the Google Play store. It too has OTP functionality, eloquently implemented.

Leave a Reply