keepassxc-browser icon indicating copy to clipboard operation
keepassxc-browser copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

OTP autofill

Open ghost opened this issue 5 years ago • 8 comments

Current Behavior

If I visiti a website KeepassXC detect and autofill the username/password, however not the OTP. For the OTP I have to use the shortcut. If I choose detect fields, I only can choose username/password, but I can't set a field as a OTP field

Steps to Reproduce (for bugs)

  1. Visit a website with OTP
  2. Click fill in for username
  3. Click fill in for password
  4. Set a field as OTP field, so Keepass can use it, doesn't work (only wirth shortcut)

Debug info

KeePassXC - {2.5.1} KeePassXC-Browser - {1.5.4} Operating system: Win 10 Browser: Firefox 71

ghost avatar Dec 30 '19 17:12 ghost

Autofilling or choosing the OTP field manually is currently not supported.

varjolintu avatar Dec 30 '19 18:12 varjolintu

I don't support this even as an option because there is no standard to identify an otp field. The false positive fills will cause more issues then its worth. Recommend "wontfix"

droidmonkey avatar Dec 30 '19 18:12 droidmonkey

Under Kee I can set the fields. They look like this:

Name view:zugangskennung:zugangskennung,code,Code,challenge,challenge_response,totp,tan,otpCode, ID challengeresponse,totp,totp-form,otp,authcode,totpPin,auth-mfa-otpcode,

ghost avatar Dec 30 '19 18:12 ghost

This would require allowing to choose the specific OTP field for the page. Often OTP is on a different page from the login fields making this more complicated.

@varjolintu what would the effort be to allow this action? I would support autofill TOTP if it worked only after explicit TOTP field selection for the page.

droidmonkey avatar Dec 30 '19 19:12 droidmonkey

@droidmonkey It's possible to make it work if it's explicitly selected. Otherwise it doesn't seem reliable enough.

varjolintu avatar Dec 30 '19 19:12 varjolintu

This might save a click/shortcut on login-pages like accounts.fedoraproject.org.

If the TOTP-Field is already available when the password-field gets filled, the TOTP-field could be filled automatically. And if autosubmit is configured, it can autosubmit.

Blaimi avatar May 04 '21 21:05 Blaimi

1Password browser extension supports this for many different fields, maybe they have some kind of allow-list.

It would be great to have the option even if it is disabled by default.

goetzc avatar Oct 21 '21 20:10 goetzc

Why no make TOTP filled, at least for entries that I have chosen and asked to fill TOTP on next step. Why need to click TOTP icon manually? Create an option switch, to allow enabling autofill of TOTP codes into TOTP field for ~previous~ selected entry or if fill single entry automatically enabled, also fill TOTP along other fields.

4-FLOSS-Free-Libre-Open-Source-Software avatar Dec 02 '21 12:12 4-FLOSS-Free-Libre-Open-Source-Software

I don't support this even as an option because there is no standard to identify an otp field.

There is the attribute autocomplete="one-time-code" according to caniuse and MDN.

hex-m avatar Jul 14 '23 08:07 hex-m

@hex-m That only applies for a single field. We already detect those, if there are six fields that can be identified as TOTP fields. If there are more fields, or the extension does not detect them, we need to add an exception. You can see the identified fields if you enable Debug Logging in the extension settings and open the JavaScript console when you are on the login page before 2FA fields are visible.

varjolintu avatar Jul 14 '23 09:07 varjolintu