possible security concern

Issue #44 resolved
molnarti
created an issue

As much as I was wishing for a desktop based 2F authenticator I am having some security concerns: - storing your login, password and 2FA tokens in the same place goes against the philosophy of using 2FA. If someone would crack your keepass safe he could access all your accounts, even if protected with 2FA. - furthermore, the shared key secret is stored in the Keepass database as plain text, enabling the user (or somebody who hacked into the the database) to replicate it to infinite number of authenticators, further decreasing the security.

I am by no means a security expert, just found this a little bit concerning. My suggestion would be the following: - add some disclaimer on the first page for the user to think twice what 2FA they will store in the database and what not (storing 2FA tokens in Keepass is arguably better than not using 2FA at all) - think about some hashing to be used for the shared secret key

Comments (3)

  1. Devin Martin repo owner

    You are correct, it does expand your exposure window. A few thoughts:

    Personally I as a user am far more worried about password reuse among websites (and their associated leaks) than I am about my KeePass db being exposed. That is a personal decision that I've made to balance security and convenience. KeePass doesn't store the secret plaintext in the DB. The entire DB is encrypted and the parameter for your entry is using the protected strings model that all the passwords in the db use. It is a tradeoff, one (very hardened) point of access with some increased convenience and possibly exposure, or spreading it out and creating fragmented exposure requiring multiple compromises (but also multiple points of access for login)

    You are correct, it expands your exposure window and is a personal choice. All security decisions are about balancing risk vs need for access. Security is always a spectrum. I don't think there is a correct answer here. You are correct in that an explanation of these trade-offs on the wiki is a good idea.

  2. Devin Martin repo owner

    You can always have 2 KeePass db's (with different keyphrases/files) and spread them out if you want a desktop 2FA system. I've heard of some users doing that.

  3. Log in to comment