As a user, I want the ability to add entries which have TOTP keys such as GitHub / Amazon (2FA/MFA)

Q1. What is the problem that you are trying to solve?
I’m trying to share the AWS root account of my company. The strong password is already in my own Passbolt instance but isn’t enough. My Root account is secure by a MFA process, and I cannot share it securely. I am looking for a way to add TOTP tokens to entries/sites that support it (GitHub, Amazon, etc).

Q2 - Who is impacted?
System and network administrators

Q3 - Why is it important and/or urgent?
Ease of use for system administrators will increase adoption.

Q4 - What is your proposed solution? (optional)
So my idea is to share 2FA generator like we can already do with password.
TOTP should be enough for a first shot but HOTP can be great also.
I thinks, It’s possible to do that with the current GPG process. (For storing the “secret”)
In UI, attached to an existing password entry seems to be a good place.

Example for Github:
As a user I want to store TOTP initialization code in Passbolt

  1. Loginto github, goes to settings, security under two-fractors authentication.
  2. Clicks on “Set up two-factor authentication”, click on “Set up using an app”, click on “enter this text code”
  3. Log into passbolt, on the password workspace, click on “new”, select “TOTP token”
  4. Copy the Github text code into passbolt create TOTP dialog
  5. Save

As a user I want to use passbolt to generate a one time token to login into Github

  1. Login passbolt, right click on the github TOTP entry, click on “copy OTP to clipboard”
  2. Login into github, past the OTP token in the second authentication step input form, press login

ref. https://github.com/passbolt/passbolt_api/issues/71

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

4 Likes

Hi,
This could be great to get this function in Passbolt, as some other password management software already have it.
Hope this come to Passbolt too !
Telemak