-
Notifications
You must be signed in to change notification settings - Fork 13
Two factor authentication
kure offers storing two-factor authentication codes in the form of time-based one-time password (TOTP), a variant of the HOTP algorithm that specifies the calculation of a one-time password value, based on a representation of the counter as a time factor.
The time-step size used is 30 seconds, a balance between security and usability as specified by RFC6238.
TOTP codes can be either 6, 7 or 8 digits long. The hash algorithm used is SHA1.
Two-factor authentication adds an extra layer of security to your accounts. In case an attacker gets access to the secrets, he will still need the constantly refreshing code to get into the account making it, not impossible, but much more complicated.
Key files are a form of local two-factor authentication method. The user is required to provide not only the correct password but also the path to the key file, which contains a key that is combined with the password to encrypt the records.
Using a key file is optional, as well as specifying the path to it in the configuration file (if it isn't, it will be requested every time you try to access the database).
It's safe to store the path to the key file in the configuration file only if it has limited access or is stored in an external device that must be plugged to log in.
kure - Cross-platform command-line password manager with sessions.