Add the ability to hide OTP functionality from desktop client

[torunar]

Describe the feature you'd like

Add the ability to hide OTP in desktop client for better security: maybe introduce the additional password or pin code to access OTPs.

The idea of two-factor authentication implies using a separate device to obtain the OTP. While being really comfortable to have all the login-related stuff in the single client, I'd prefer to access OTP on my phone only.

Of course, this problem could be solved by installing the separate app from Google or Microsoft, so I understand if you prefer not to move forward with this issue.

[keepassium]

@torunar, thank you for the suggestion!

I am not sure how hiding the OTP functionality makes setup any more secure, though… In order to view OTP codes, the attacker must know either the database master key or the app protection passcode. Assuming the attacker has this knowledge, the game is pretty much over:

1) If the attacker knows the database master key, they would open the database in any other app and easily get the OTP secrets. 2) If the attacker knows the app protection passcode, they would open KeePassium settings and flip the switch "Hide OTP functionality".

As an alternative, you might want to store your OTP codes in a different database (not necessarily different app). This way, your OTPs would be independently encrypted, can be backed up — and opened on the desktop only if necessary.