NextcloudPasswords icon indicating copy to clipboard operation
NextcloudPasswords copied to clipboard
verified publisher icon hegocre

2FA / TOTP

Open RGBCube opened this issue 1 year ago • 8 comments

Checklist

  • [X] I have checked and there are no existing issues - open or closed - which request the same feature.
  • [X] I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise.
  • [X] This issue contains only one feature request.

Feature description

As the title says, having a way to manage 2FA codes would be a great feature. It would also sync with nextcloud, of course.

Why do you want this feature?

I'd like to unify my password manager and 2FA application. My 2FA data is already stored on Nextcloud so it would be neat to have it in a single app.

Additional information

No response

RGBCube avatar Apr 29 '24 13:04 RGBCube

That would be a LastPass and BitWarden killer feature :)

@hegocre might be part of a paid version like BitWarden do.

Can't wait to ditch my BitWarden and centralize all my data under Nextcloud

JOduMonT avatar Aug 07 '24 18:08 JOduMonT

Hello,

Firstly, sorry for the long delay. It would be great to know how are the codes stored in your nextcloud server. Do you create a custom field with the keys/algorithms/etc, or do you have a separate app for this?

I think if the app has to store the codes into the password object, it should have a predefined name/format, which would probably not be compatible with the multiple ways people might be storing them as of now.

Thank you for your feedback!

hegocre avatar Sep 06 '24 08:09 hegocre

Maybe user-defined field is a good approach.

In the passwords client for iOS, when adding totp, a user field is automatically created. Choose a name that is not easily confused, such as totp-passwords-android. It will not cause major compatibility issues when used to store information.

dalianzhu avatar Sep 10 '24 05:09 dalianzhu

Hello,

Thank you for the info @dalianzhu

I will try to replicate how the iOS app works, so the OTP codes will be available in both apps without needing user intevention, making switching apps or using both at the same time easy.

If the screenshots are yours and you are using the iOS app, it would be great if you could send me via email how the iOS app stores it (since it is a custom field, I suppose it will show in the web app as a JSON/whatever format it uses).

Cheers!

hegocre avatar Sep 10 '24 11:09 hegocre

I opened the nextcloud website, edited the entry with TOTP, and found that this entry only shows the title client.ios.otp, and does not show the value.

On my NextcloudPasswords for android, I can see its specific value, which is a json.

default sha1 with totp : {"secret":"AAAAAAAA","type":"totp"}
sha256 with totp : {"algorithm":"SHA256","secret":"AAAAAAAA","type":"totp"}
sha512 with totp: {"type":"totp","secret":"AAAAAAAA","algorithm":"SHA512"}
sha512 with hotp: {"algorithm":"SHA512","secret":"AAAAAAAA","counter":0,"type":"hotp"}
sha256 with digits and period: {"algorithm":"SHA256","digits":8,"secret":"AAAAAAAA","period":35,"type":"totp"}

dalianzhu avatar Sep 10 '24 13:09 dalianzhu