ZaptorZap
commented
2 months ago There are plenty of methods to get the secret off what's shown. You could just use a QR code reader such as ZBar to just render the QR code locally. I believe you can just take the QR code's URL and copy the bit between secret= and % as well, but I was unwilling to completely remove 2FA from my account to test the new fix for the previous 2FA issues fixed by 6.4.4. For all I know the "URL" is just incomprehensible Base64 now.
But as always, if the device you're logging in with is the 2nd factor, then you aren't using 2FA properly. This provides little extra security and simply brings the potential for permanent account loss if you lose access to this device. This is why I believe there's motivation to confirm that a 2FA is in fact being set on a 2nd, unique device. I don't think I have the authority to close this issue without implementation, but the technological expertise of TETR.IO's demographics would definitely lead to a couple people gluing together "2FA makes my account more secure"→"I can just generate it online(allegedly)" and irretrievably losing access to the account.
Checklist
Is your feature request related to a problem? Please describe.
currently, there is no way to copy the secret key while setting up totp. however, most desktop passwords(keepassxc, the one i am using) requires a secret key to setup totp like this:
Describe the solution you'd like
add a button or a section to reveal the secret key so it is able to be copied. it would also help for devices which camera would not work or could not scan the qr code.
Describe alternatives you've considered
scanning on phone i guess and copy the key over to the computer which might kind of be a hassle
Additional context
No response