qutterr / keepassdroid

Automatically exported from code.google.com/p/keepassdroid
0 stars 0 forks source link

Implement OATH-HOTP two factor authentication support (OtpKeyProv, YubiKey) #594

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
There is YubiKey version with NFC chip - YubiKey NEO - 
https://www.yubico.com/products/yubikey-hardware/yubikey-neo/

It would be great to be able to use it to unlock the passwords database.

I would suppose some workflow like the one below could be used:
- user launches KeePassDroid
- types in master password
- a prompt then appears asking for the "second factor" of the authentication
- in desktop KeePass user would press YubiKey button to "type in" OTP - 
http://www.yubico.com/applications/password-management/consumer/keepass/
- in KeePassDroid user would touch the phone with a token for NFC transmission

Yubico is also working with Google and others on a standard for 2-factor 
authentication - U2F.
They plan to release YubiKey NEO with U2F support in 2014.

Here are some details and a demo video:
http://www.yubico.com/products/yubikey-hardware/yubikey-neo/yubikey-neo-u2f/

Original issue reported on code.google.com by 2sa...@gmail.com on 2 Sep 2013 at 9:15

GoogleCodeExporter commented 8 years ago
I really think this should not be too hard to implement.
Especially as you "just" need to access the yubico libraries.

Or you could achieve 2-factor authentication by using a challenge-response with 
a "public" seed, which is transformed in a secret response with the yubikey 
builtin secret.

Or you could achieve 2-factor authentication without any change to KeePassDroid 
by using the static password function.

Is anyone already working on this ?
I would be interested to join in.

Original comment by quickh...@gmail.com on 26 Oct 2013 at 2:13

GoogleCodeExporter commented 8 years ago
Yes, it would really be neat to use the YubiKey NEO NFC features described 
above. This will really enhance the security of KeePassDroid. 

U2F has already been released in the latest Yubikeys in v2.4.2 so no need to 
wait till next year.

https://store.yubico.com/store/catalog/product_info.php?products_id=92

Original comment by clementl...@gmail.com on 26 Nov 2013 at 3:02

GoogleCodeExporter commented 8 years ago
I would love to have the OATH-HOTP functionality from the OtpKeyProv KeePass 
plugin duplicated in KeePassDroid.

Original comment by joe.dun...@gmail.com on 20 Jan 2014 at 5:36

GoogleCodeExporter commented 8 years ago
Has anything happened in regards to this feature idea/request? I would love to 
have an alternative to LastPass for Android-compatible password management with 
Yubikey/OTP/2FA support. Even just adding support for YubiAuth OTPs (which 
themselves are generated by a Google Authenticator style app, which is unlocked 
with a YubiKey NEO via NFC) would be enough for me (though still not as smooth 
as simply following the workflow indicated in the first post here).

Original comment by adrian.t...@gmail.com on 29 Jul 2015 at 10:00