[Feature Request] Allow Scanning of QR codes for OTP and populating misc protected fields

[DrKittens]

I'm always frustrated when I need to input an OTP code as they're tedious to type out and an incorrect input will generate a failed code. Some sites even have time limits on the validation check and if you're too slow it renews with a different identifier.

Describe the solution you'd like The ability to scan a QR code to complete OTP as an entry option.

The ability to scan a QR code and populate an arbitrary field with its data, ex Wifi passwords are starting to become shared as QR codes. Been able to quickly store the data from it in keepass would be very useful over a photo of it.

Describe alternatives you've considered Ignoring the fact that KeepassDX has an OTP feature entirely and using an alternative purpose built app as I'm unsure as to what's more hassle, managing 2 apps for 1 job or dealing with poor UX.

Additional context Apologies if this is a duplicate, I had a quick search though opens for "QR" and nothing obvious jumped out.

[J-Jamet]

Duplicate #556 #743 #1059 #1033 Just use a dedicated application and share the OTP link to KeePassDX. https://github.com/Kunzisoft/KeePassDX/wiki/OTP#qr-code

[kraoli]

On the one hand I understand the idea not wanting to integrate a QR scanner. On the other hand, I really wish Keepass DX had one integrated.

My issue with using a link is security. First, QR scanner are often not build with security in mind. I don't feel super comfortable to share a QR code scanned by a QR app to Keepass DX.

• Human error is possible, thus the code might be shared unwanted by accident. QR scanner often offer various of sharing possibilities.
• It's difficult to check if the QR scanner does cache the results or something similar. For many QR codes it might be helpful, but I never want that to happen to my 2fa activation code.
• I'm not an Android developer, but is this really secure to share important information that way with another app? Thinking about sending a 2fa activation code though these channels.

I also really like the idea to use the camera to store photos directly in Keepass as attachment so that no other app could potentially access them (not sure if this is really possible without saving it unencrypted somewhere, e.g. in a cache or temporary files folder?)

[J-Jamet]

@kraoli The problem here is that you don't trust any application that handles QR codes, but the problem is the same if you don't trust the application that integrates it. The solution would be to create a QR code reader application that you trust (personally I don't think it's necessary because many QR code applications are very well done so it would just be a fork or a copy).

There is no problem passing information between applications, it's a technology inside the system that is made for that. (If you want more information, look at how intent works)