Right click again the line for the user/password of the Home Assistant user, choose again TOTP but now go for ‘Show TOTP …’. You’ll find a small clock icon that shows you that TOTP is configured now. Enter the TOTP key from file ‘auth_module.totp’ on the top of the just opened pop up window, leave all other entries as is and confirm clicking in. Right click this line, choose ‘TOTP’ and then ‘Set up TOTP …’. Open keepassxc and go to the entry with user/password of the Home Assistant user that has the ID as stated in the ‘auth_module.totp’. We believe that storing both together can still be more secure than not using 2FA at all, but to maximize the security gain from using 2FA, you should always store TOTP secrets in a separate database, secured with a different password, possibly even on a different computer. But only if you store them in the same database as your password. Doesn’t this alleviate any advantage of two-factor authentication?Ī: Yes. Q: KeePassXC allows me to store my TOTP secrets. Be sure not to change anything in the file ‘auth_module.totp’ and close it.
Grab this line and copy it in an ampty editor sheet, we’ll need this information later.
For the example above, HA user with ID 9xxxxxxxxxxxxxxxxxxxxxxxxxxxxx2 has TOTP secret BOOOOOOOOOOOOOOOY. Under users, every Home Assistant user ID that has 2FA activated has it’s TOTP secret (qutoes aren’t part of the secret). “9xxxxxxxxxxxxxxxxxxxxxxxxxxxxx2”: “BOOOOOOOOOOOOOOOY” In this folder you’ll find a file called ‘auth_module.totp’, that’s where all information for TOTP is stored. You’ll maybe have to change the file explorer’s settings to make hidden elements visible, I’m confident you will find how to do this if necessary. In Home Assistant config folder (where your configuration.yaml lays) is a hidden folder called ‘.storage’.
You’ve been warned but chill, it’s not magical, if I can do it, you can. If you mess up the code within this environment and can’t get into Home Assistant later I won’t be responsible. The really sensitive part of TOTPs is the key that generates the 6 digits upon time iteration.īefore I show you where you can grab this key be alerted: You’re messing with an authentication unit.
Since they change very often they aren’t as sensitive as passwords. Let’s quickly recap: TOTPs are 30 seconds valid one time passwords. It looks like Bitwarden offers similar function as well, but since I’m not using Bitwarden, maybe somebody else can dive into this world later. Tired of always having to grab my phone, open an additional app and manually enter 6 digits when login in to Home Assistant with activated 2FA I dug deeper into TOTP and have found the elegant way to “one click does it all” with the free and open-source password manager keepassXC.
0 kommentar(er)
