"Find duplicate passwords" triggers on "{TIMEOTP}"
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
This is the expected behavior (not a bug). You are probably seeing something like the attached screenshot where all the entries containing the {TIMETOTP} placeholder are grouped together. This occurs because the {TIMETOTP} placeholder is special, it is not dereferenced until it is used (needed). To avoid this issue don't place this placeholder in an entry's password field. If you have a use case that requires that you add this placeholder to an entry's Password field please describe it.
Generally, it is unnecessary to add the {TIMETOP} placeholder to an entry's password field. KeePass provides several ways to use the TOTP generated by an entry containing a TOTP secret.
Copy-Time based OTPoption (Ctrl+T) in the 'Other Data►' sub-menu of the entry's context menu (or from the main Entry menu) .Tools>Options…>Interface (1) [tab]>Main Window [section]. Then use the {TIMETOP} item in the newly surfaced Perform Auto-Type sub-menu. This sub-menu can be accessed either from the entry's context menu or the main KeePass 'Entry' menu.Last edit: wellread1 2026-01-15
By running the duplicate check the user has asked whether the values in the Password field are duplicates. However KeePass can't easily make that determination for the particular case where the password field contains the
{TIMEOTP}placeholder. By returning these entries as a single group, the user is alerted to a group of entries that may contain duplicates. The user can choose to disregard the result or investigate further, based on their personal knowledge of circumstances.When searching for duplicate/similar passwords, KeePass should replace non-active placeholders (e.g. to allow finding duplicates caused by field references). This is intended, not a bug. Active placeholders (the ones that change some state, show some UI, etc.) should of course not be replaced; KeePass should compare the placeholders in this case.
However, I've now changed the classification of the
{TIMEOTP}placeholder: it's now treated as a non-active placeholder instead of an active one (this is possible as{TIMEOTP}does not change any state, does not show any UI, etc.). This causes the placeholder to be replaced when searching for duplicate/similar passwords, allowing to find entries using{TIMEOTP}in the password field with the same OTP generation settings. There is a small chance that different OTP generation settings cause the same OTP to be generated; users need to check these entries manually (this is less work than checking all entries with{TIMEOTP}in the password field).{HMACOTP}continues to be an active placeholder (because generating an OTP increments the counter).Related to this, I've additionally improved the time stability of placeholders during searches for duplicate/similar passwords and password quality reviews; the same time is now used for all entries.
Here's the latest development snapshot for testing:
https://keepass.info/filepool/KeePass_260118.zip
Moving to closed feature requests.
Thanks and best regards,
Dominik
Ticket moved from /p/keepass/bugs/2412/
The solution you describe is very nice.
I just identified the problem with my test. I misspelled the TOTP placeholder!!!
The development snapshot works as expected. It is very nice.
However, I obtained unexpected behavior when I tested Dev Snapshot 260118. I have attached my test database with passwordtest, and screenshots of the behavior I observed running 'Find>Duplicate Passwords…' onKeePass 2.60 - Dev 260118 (x64)without plugins or triggers.I expected that entry "TOTP 2" would be excluded from the the duplicates list just as observed for the entry "D" that contains a unique password.Last edit: wellread1 2026-01-26