A TOTP authenticator that scans QR codes makes the switch to secure 2FA log-ins and one-time passwords much easier. But what happens if the authenticator is lost? Then the only thing that helps is a backup of all keys and passwords. A password manager like KeePass manages this sensitive data for two-factor authentication.
To protect themselves from losing the TOTP authenticator, many users use PIN protection on the respective device. If this important security function of the authenticator is activated, time-based one-time passwords (TOTP) can only be generated after the PIN has been entered. However, this effective protection against misuse is only half the battle. Users must also ensure that they still have access to their accounts. For this reason, it is recommended that all keys and passwords required for two-factor authentication be backed up when a 2FA log-in is created.
REINER SCT Authenticator
Hardware for two-factor authentication
The ultimate protection for your online accounts. Secure platforms like Microsoft (Office 365), Google, Amazon, PayPal, Etsy, GMX, 1&1, X, Facebook and many more.
For secure two-factor authentication, users need not only the classic access data such as user name and password, but also a secret key for generating the time-limited one-time passwords as a second factor. A backup of all required data should therefore include the following keys and passwords:
The simplest variant of a back-up of all required 2FA credentials is therefore the encrypted management of all user names and passwords and the secure storage of all all back-up and QR codes in the form of text and graphic files.
The most convenient and secure way to manage 2FA credentials is via a password manager like KeePass. Version 2.x of this software is available for download free of charge for Windows. Corresponding ports for other platforms such as Linux, Android, Mac OS X or iPhone and iPad are also available on the website of the open source project. A portable version of Kee Pass is recommended for backing up 2FA credentials. In this way, the program installation can be saved on one and the same storage medium, such as a USB stick, together with the back-up of the 2FA data, regardless of the device.
The KeePass installation is quick and easy: Simply create a new folder and unpack the ZIP file of the portable KeePass version. For a German user interface, the additional installation of the corresponding translation is recommended. The content of this ZIP archive is copied into the subfolder “Languages”. For the first start of the program, double-click on the program file “KeePass.exe”. The question “Enable automatic update check?” is confirmed with “Enable (recommend)” to activate the automatic check for KeePass updates. Finally, the change to the German user interface is done via “View, Change Language …” with a click on the option “German (Deutsch)”. After restarting the program, KeePass is ready for use.
To create a new password database, simply click on “File, New …” after the restart. After confirming the following message with “OK”, the user selects the file name and location of the encrypted database and then the main password for opening and decrypting. The defaults of the database settings can be accepted in the following dialog with “OK”. Now everything is ready for entering the 2FA credentials. The first account is created via “Entry, Add entry …”. The “Title”, such as “Google account (email@example.com)”, is only used to identify the account. Afterwards, the user name and password are entered. If you have already used KeePass to manage classic 1FA accounts, you will be familiar with all the information up to this point.
Additional recovery codes for two-factor authentication can also be entered in the “Comments” field via the clipboard. However, it is safer to store them – as well as secret TOTP keys in plain text – in the “Advanced” tab as a “String field”. After clicking on “Add”, select “Back-up codes (2FA)” as the name of the field, enter the codes under “Value” and activate the option “Protect value in process memory”. TOTP keys are saved in plain text in the same way.
Here, however, it is recommended to use “TOTP Seed” as the name of the field so that the data can also be read later with the optional KeePass plug-in KeeTrayTOTP. TOTP keys in the form of a QR code, which are saved locally as a graphic file from the browser with a right click and the option “Save graphic as …” or via a screenshot, can be saved in KeePass in the “File attachments” area via the “Attach” button. After entering all the required account data, one click on “OK” is enough to apply all the changes. Before making any further changes, you should save the updated KeePass database by clicking “File, Save”.
Most online services not only provide their users with a QR code when they activate two-factor authentication, but also offer the option of accepting the secret TOTP key in plain text. Usually, a link like "You can't scan it?" can be found next to the QR code for this purpose. How KeePass uses QR codes and TOTP one-time passwords
With the optional plug-in KeeTrayTOTP, KeePass also generates one-time passwords for secure 2FA log-in and QR codes for the configuration of an authenticator from the secret TOTP key in plain text. All that is required is to copy the plug-in file “KeeTrayTOTP.plgx” into the KeePass subfolder “Plug-ins”.
After installing the plug-in, its options are available from KeePass with a right-click on the respective account entry via the menu item “Tray TOTP Plug-in”. Copy TOTP” can then be used to copy a freshly generated one-time password to the clipboard. The “Show QR” option is particularly interesting for backups. This can be used to generate a QR code of the secret TOTP key. Users of the REINER SCT Authenticator also have the option of changing the “Issuer (Title)”. This is particularly useful if the account name is not completely displayed in the REINER SCT Authenticator. The name can then be shortened via the “Issuer (Title)” in order to better distinguish it from similar accounts.
If you don’t need this option, you can also use the much more modern program KeePassXC instead of KeePass. This software is also available in a portable Windows version and supports the management of TOTP keys as well as the generation of TOTP one-time passwords out of the box.
Create a hack-proof web page Making your own website hack-proof
Cybersecurity on holiday Holiday time. Finally, relaxation. Away from work.
Qualifications of data protection officers A data protection officer ensures
Handling hacked emails The e-mail is indispensable as a communication
Fraudulent websites and fake shops That hackers try everything to
How to prevent spam How to prevent spamWe are all
Two-factor authentication statistics Two-factor authentication has been around for a
Security Awareness in German Companies There are still many people
The importance of protection When people talk about data security,
Google Authenticator is not free of criticism and omissions. For
Dangerous Authenticator Apps Two-factor authentication is one of the most
Two-factor authentication via SMS Perhaps you have already noticed: Since
Privacy in the gym The members of a fitness center
It is always possible that a security hole opens up
Here on this blog, we regularly use terms like authentication,
The Internet is full of links. There is no web
Hard disk encryption can protect data on laptops or PCs
DDoS stands for Distributed Denial-of-Service. Distributed denial of service. This
A data protection breach in the company may have serious
Malware is the generic term that summarizes all types of
Employee data protection plays a major role in companies. At
Ransomware is a special form of malware. At least in
The General Data Protection Regulation (GDPR) counts health information as
Online shopping is here to stay. Most purchases are made
The Trojan gets its name from the fact that this
Password security and where it ends Password security. A topic
Cybercrime or Internet crime refers to criminal activities that target
Passwordless security is still a relatively unknown procedure for many.
The home office is becoming more and more popular. The
Why two-factor authentication also makes sense for companies User accounts
How two-factor authentication protects cloud and SaaS services Many companies
How TOTP one-time passwords secure sensitive corporate data Time-based one-time