While yes, usage within keepass changes a TOTP from 2FA to just a dynamic extended password, I would imagine very few keepass users fail to understand that. That said, I’m not entirely sure it’s appropriate to plaster warnings over the functionality beyond a cursory one-time notice. I personally use KeeTrayTOTP (extended functionality fork of TrayTOTP), and know there is no warning in that. As for warnings, in my time looking at keepass plugins and alternative keepass implementations, I don’t believe I’ve ever seen a TOTP plugin actually warn of the inherently reduced security associated with using them. Granted, this comes from the perspective of someone who already does not use autofill for security reasons. In terms of end behavior, I’d say any field other than username and password should by default not autofill, instead requiring a click on the already-present kee icon in the field to be filled.
0 Comments
Leave a Reply. |