TOTP Codes
Pleasant Passwords generates and stores TOTP codes (Time-based One-Time Password) for Authenticator apps like Google Authenticator. These authenticator codes are valuable to easily facilitate access for user teams into websites and applications requiring Two-Factor Authentication.
Applies to:
- Versions 7.11.28+
Pleasant client apps will generate 6-digit codes, the Time-based One-Time Passwords (TOTP), rotating them every 30 seconds. These tokens are based on the Secret Key which by default is Base32 encoded with HMAC-SHA1, a prevalent industry standard used across the majority of websites and apps.
Additional options can be specified: number of digits, time period, etc.
In the future, additional OTP (One-Time Password) options could be supported, such as: QR code scan, HOTP formats, Base64 encoding, etc.
Enable or Disable TOTP Codes
- Set the following actions on an Access Level: View TOTP Settings, Modify TOTP Settings
- Provide this Access Level to the user
- Create/Open an existing entry
- Enter the random digits of the secret Authenticator Key
Now the application will start generating 6-digit codes every 30 seconds, by default.
Generate TOTP Codes
The application will generate TOTPs (Time-based One-Time Passwords) that can be used in synchronization with websites or applications which support 2FA via Authenticator tokens.
Once a secret key is added to an Entry in the client app, immediately the codes will start to display based on the provided parameters.
These tokens will rotate every 30 seconds, or the period specified. The spinner will indicate the remaining time to enter the value before the token changes.
Enter a Secret
Enter the authenticator key into the web application interface.
Or enter the Authenticator TOTP values with the KeePass for Pleasant client:
Scan a QR Code
This feature is not supported yet, but hopefully in the future.
Copy Generated Codes
The Authenticator (TOTP) code can be copied from the menu item, or from the web Entry screen using the copy button.
In KeePass, the keyboard shortcut or copy menu item is available to copy the code to clipboard.
Optional Parameters
-
Digits:
- The number of digits the TOTP Code will have. Default 6-digits.
-
Period:
- The amount of time in seconds to display each TOTP Code. Default 30 seconds.
-
Issuer:
-
(currently not supported - this is provided for the ability to enter values now, providing compatibility with future use)
- Secret keys may be encoded in QR as a URI with this type of format:
-
otpauth://TYPE/LABEL?PARAMETERS
-
-
For example:
-
otpauth://totp/Example:john@example.com?secret=AJUWX5AZMEO8KLM&issuer=Example
-
-
Additional Formats
Currently the vast majority of the uses are handled with the common formats. More formats should be provided in the future, so please let Support know.
Additional formats can be provided in the future such as:
- TOTP, HOTP
- Base-32, Base-64
Convert a Base64 Key
Currently the application supports base32 encoding. For websites which use a base64 TOTP key, you may first convert the TOTP key manually with a decoder tool such as this one:
Warning: Exercise caution when using 3rd-party tools. This information is provided only as a convenience to you and your users. Pleasant Passwords does not officially recommend or support these solutions.