undefined | Better HN

0 pointsth3zero8y ago0 comments

Just to make sure no one gets the wrong impression: You should store your TOTP keys in a different KDBX file, locked with a different master password, and maybe even used on a different device/PC.

We all know that you shouldn't store your password along with TOTP secrets, or should I make a blog post explaining this?

0 comments

tscs378y ago

I store them in the same password safe for quite a simple reason; more convenient and less complexity.

I personally see TOTP only as a security against phishing and password stealing attacks. I don't see how a separate database for TOTP secrets improves on that in any way.

The thing is; a Keepass Password is (usually, looking at your password requirements Paypal) fairly secure in of itself, long, random and contains all the good characters.

TOTP is mainly useful when you have weak passwords and enter them into the wrong place, something that Keepass (especially with the Browser Extension) fully prevents. It's just for show and some extra padding.

Though I do use U2F anywhere I can.

ktta8y ago

>We all know that you shouldn't store your password along with TOTP secrets

https://xkcd.com/1053/

j / k navigate · click thread line to collapse