Why TimeOtp-Secret-Base32 is shown in clear in the details pane of keepass?
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
KeePass doesn't have a TOTP wizard so it's not surprising the field is not automatically hidden.
How was the entry created?
cheers, Paul
Via the TOTP wizard... :)
Sorry, you are correct. I had forgotten where it was hiding. It's also hiding in the Help pages.
I'd call it an oversight, not a bug. :)
cheers, Paul
Rather a serious security concern with all those M$ crappy screen-scrapers AI bloatware and office shouldersurfing!
Only if they manage to get your user/pass as well. If they have you have more to worry about than one TOTP secret.
cheers, Paul
Agree... however, the point is:
Not sure if the Dev team is one man band Dominik who's supposed to make the call.
Thanks for the feedback, Paul.
I tested it on my reasonably standard test copy and the secret field value was automatically hidden.
Will do some more testing tomorrow.
cheers, Paul
The 'OTP Generator Settings' dialog does activate the protection of the 'TimeOtp-Secret-Base32' field, and such fields are hidden in the details view by default.
My guess is that you have configured KeePass to display a 'TimeOtp-Secret-Base32' column in the main entry list without asterisks (this causes 'TimeOtp-Secret-Base32' values to be displayed in the details view without asterisks, too). You can check it in 'View' → 'Configure Columns'.
Best regards,
Dominik
This is probably the reason...
I need to know which entries in the list have TOTP/2FA.
The column is there for this reason and width reduced to a bare minimum (obviously): few initial characters.
If I set that column to display with asterisks, then all entries, even the ones with no TOTP/2FA show asterisks and I lose that kind of visibility.
I'd suggest:
With this, you can see which entries have a 'TimeOtp-Secret-Base32' value, and the values are hidden by asterisks.
Best regards,
Dominik
You the man, brother!