2FA / TOTP - Githubissues

hegocre / NextcloudPasswords

Secure app for viewing passwords for the Nextcloud Passwords app. Supports end-to-end encryption.

GNU General Public License v3.0

55 stars 0 forks source link

2FA / TOTP #117

Open RGBCube opened 6 months ago

RGBCube commented 6 months ago

Checklist

[X] I have checked and there are no existing issues - open or closed - which request the same feature.
[X] I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise.
[X] This issue contains only one feature request.

Feature description

As the title says, having a way to manage 2FA codes would be a great feature. It would also sync with nextcloud, of course.

Why do you want this feature?

I'd like to unify my password manager and 2FA application. My 2FA data is already stored on Nextcloud so it would be neat to have it in a single app.

Additional information

No response

JOduMonT commented 2 months ago

That would be a LastPass and BitWarden killer feature :)

@hegocre might be part of a paid version like BitWarden do.

Can't wait to ditch my BitWarden and centralize all my data under Nextcloud

hegocre commented 1 month ago

Hello,

Firstly, sorry for the long delay. It would be great to know how are the codes stored in your nextcloud server. Do you create a custom field with the keys/algorithms/etc, or do you have a separate app for this?

I think if the app has to store the codes into the password object, it should have a predefined name/format, which would probably not be compatible with the multiple ways people might be storing them as of now.

Thank you for your feedback!

dalianzhu commented 1 month ago

Maybe user-defined field is a good approach.

In the passwords client for iOS, when adding totp, a user field is automatically created. Choose a name that is not easily confused, such as totp-passwords-android. It will not cause major compatibility issues when used to store information.

hegocre commented 1 month ago

Hello,

Thank you for the info @dalianzhu

I will try to replicate how the iOS app works, so the OTP codes will be available in both apps without needing user intevention, making switching apps or using both at the same time easy.

If the screenshots are yours and you are using the iOS app, it would be great if you could send me via email how the iOS app stores it (since it is a custom field, I suppose it will show in the web app as a JSON/whatever format it uses).

Cheers!

dalianzhu commented 1 month ago

I opened the nextcloud website, edited the entry with TOTP, and found that this entry only shows the title client.ios.otp, and does not show the value.

On my NextcloudPasswords for android, I can see its specific value, which is a json.

default sha1 with totp : {"secret":"AAAAAAAA","type":"totp"}
sha256 with totp : {"algorithm":"SHA256","secret":"AAAAAAAA","type":"totp"}
sha512 with totp: {"type":"totp","secret":"AAAAAAAA","algorithm":"SHA512"}
sha512 with hotp: {"algorithm":"SHA512","secret":"AAAAAAAA","counter":0,"type":"hotp"}
sha256 with digits and period: {"algorithm":"SHA256","digits":8,"secret":"AAAAAAAA","period":35,"type":"totp"}