As a Passbolt user, I want the ability to generate TOTP codes within the app for websites where I have saved login details, so that I can conveniently and securely use two-factor authentication without relying on a separate authenticator app

Prior to posting check if a similar request does not already exist.
Try to give a name in the user story format (ref. User story - Wikipedia)
Like: As a role I can action, so that expected benefit

Q1. What is the problem that you are trying to solve?
The change request or new feature aims to enhance the convenience and security of using two-factor authentication (2FA) in the Passbolt app. Currently, users need to rely on a separate third-party authenticator app on their smartphones to generate time-based one-time passwords (TOTPs) for 2FA. However, with this change, Passbolt itself would be able to securely generate TOTP codes for websites that have saved login details.

By implementing this feature, Passbolt aims to simplify the 2FA process for users by eliminating the need for a separate authenticator app. Users can conveniently generate TOTP codes directly within the Passbolt app, reducing the number of applications they need to use for authentication. Furthermore, Passbolt ensures the security of these generated codes, making it a reliable and trusted solution.

To measure the success of this change request or new feature, several indicators can be considered. Firstly, user feedback and satisfaction can be assessed to gauge if the convenience of generating TOTP codes within Passbolt has improved. This can be done through surveys, user interviews, or monitoring user sentiment. Additionally, the number of users adopting and utilizing 2FA within Passbolt can be measured to determine if the implementation of this feature has increased the overall security posture. Finally, tracking any security incidents related to compromised accounts or unauthorized access can provide insights into the effectiveness of the TOTP code generation feature in preventing unauthorized access, ultimately indicating the success of the solution.

Q2 - Who is impacted? The number of people impacted by this issue or who would benefit from the new feature depends on the user base of the Passbolt app. If Passbolt has a large user base, then potentially a significant number of users would benefit from this new feature. However, it is important to note that not all users may choose to enable or use 2FA. The impact would be specifically for Passbolt users who opt to use 2FA for their accounts.

Q3 - Why is it important and/or urgent? Enabling the Passbolt app to securely generate TOTP codes for websites where users have saved login details is important for several reasons. Firstly, it enhances the convenience of using 2FA by eliminating the need for a separate authenticator app. This streamlines the authentication process for users and reduces the number of applications they need to manage. Secondly, it improves the overall security posture of Passbolt accounts. By generating TOTP codes within the app, Passbolt ensures the security and integrity of the codes, minimizing the risk of unauthorized access even if passwords are compromised. While the urgency may vary depending on the specific context and priorities of the Passbolt development team, this feature can be considered important in terms of enhancing user experience and strengthening security measures.

Q4 - What is your proposed solution? (optional)
The proposed solution could be to integrate a TOTP code generator directly within the Passbolt app. Protonpass has a great example of this functionality.

Here’s an example user story and a test scenario:

User story: As a Passbolt user, I want the ability to generate TOTP codes within the app for websites where I have saved login details. This eliminates the need for a separate authenticator app and provides a seamless and convenient 2FA experience.

Test scenario: Given that I have logged into the Passbolt app, When I navigate to a website for which I have saved login details, Then I should be able to generate a TOTP code within the Passbolt app, And the generated TOTP code should be valid and usable for 2FA on the website.

Additional requirements:

  • The TOTP code generator should adhere to the relevant standards and ensure the security of the generated codes.
  • The Passbolt app should securely store the necessary encryption keys or secrets required for TOTP code generation.
  • The user interface should provide clear instructions and guidance on how to generate and use TOTP codes within the Passbolt app.

Protonpass has a great example of this functionality.

Q5. Community support [poll type=regular max=1000 public=true]

  • :ok_man: Must have: this is critical for me to have this
  • :raising_hand_man: Should have: this is important for me to have this
  • :tipping_hand_man: Could have: this could be nice to have
  • :no_good_man: Won’t have: we should not schedule this (explain why) [/poll]

Hi @jabertech

Welcome to the community forum!

TOTP alpha is available for testing. I think it is working really great. thanks to @max for his amazing work!

Great to know! Thanks @Duffman @max will this be part of the community edition once released? And what’s the expected delivery date?

Yes! TOTP is available for CE users. I am a CE user and testing the alpha version. If you want to help test, you can post your results on this thread.


And for the Web version most likely end of August beginning of September.

People are taking holidays right now so it takes a bit more time


Great news! Yes indeed to help test. Just provide me with instructions please on how I can do so

Just read the post provided in the previous posts, you have the instructions there :slight_smile:

1 Like