search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.73k stars 276 forks source link

Only display TOTP code on click #1929

Open du33169 opened 6 days ago

du33169 commented 6 days ago

Is your feature request related to a problem? Please describe. Currently, KeePassDX displays all TOTP codes after unlocking the database. Describe the solution you'd like Hide them by default and click to show, like most other TOTP apps.

Describe alternatives you've considered

Additional context It might be better to use monospaced font to align TOTP codes for better visual appearance.

J-Jamet commented 6 days ago

It's not an argument that other applications do a feature in a certain way. As far as I'm concerned, there's no argument for hiding TOTP code once the database is open, it just adds another step to access the information. If you don't want to see them as soon as the database is open, you can put them in a group.

And even when you look at other TOTP applications, I don't think that's the majority. I took TOTP application samples and just looked at the screenshots :

https://f-droid.org/en/packages/com.beemdevelopment.aegis/ NO https://f-droid.org/en/packages/com.u2fa.secur/ NO https://f-droid.org/en/packages/org.liberty.android.freeotpplus/ YES https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en NO https://play.google.com/store/apps/details?id=com.totp.authenticator&hl=en NO https://play.google.com/store/apps/details?id=com.authenticator.authservice2&hl=en NO

michaelschattgen commented 6 days ago

https://f-droid.org/en/packages/com.beemdevelopment.aegis/ NO

Just chiming in to say that we do support 'Tap to reveal' / hidden codes in Aegis as shown below.

du33169 commented 6 days ago

It's not an argument that other applications do a feature in a certain way. As far as I'm concerned, there's no argument for hiding TOTP code once the database is open, it just adds another step to access the information. If you don't want to see them as soon as the database is open, you can put them in a group. And even when you look at other TOTP applications, I don't think that's the majority.

I apologize for the arbitrary phrase “like most other apps”, which lacks research. As far as I know, 2FAS, Ente Auth and Aegis support it.

I understand your point. I submit this feature request not simply because some other apps have it, but because I believe some users might find it useful or appealing, and I don't think I'm the only one. It doesn't need to be enabled by default if most users prefer straightforward access, offering as an option would suffice.

The point of Tap to Reveal is to restrict or minimize access, i.e., if I open the app to retrieve the TOTP code for a particular site, it should not expose the codes of others. (Device-level screen blocking is not a silver bullet.) Or, hiding them by default can also provide mental reassurance about security, at least for me.

J-Jamet commented 5 days ago

That makes more sense, I agree, if clicking on the hidden TOTP allows it to be revealed and copied at the same time, and if we set a parameter to hide or not, all the needs will be met. I like that.

cbiere commented 1 day ago

Currently, KeePassDX displays all TOTP codes after unlocking the database.

You can actually disable that already: Screenshot_20241120-224202

If you use the magic keyboard, like you should, it won't be revealed visually at all by KeePassDX - but most likely by the form field you enter it into.