Remember to press OK for confirming the entry in KeePass and save the updated KeePass database file. If the code is recognized, a new “Authenticator app” row will appear among the other sign-in methods. Go back to Microsoft account setup and press Next. They continue to change every 30 seconds. KeePass immediately starts generating OTP values. In KeepPass, right click on the entry where you want to store the code, select “Edit entry (quick)” OTP Generator Setting…Ĭopy the value into the field “Shared secret”. Copy it, pressing the small icon on the right. This is the information needed by TOTP protocol to work. Now the website shows the very key-information we need to setup into the multi-factor-authentication application: the Secret Key. But KeePass runs on a computer, and it is not able to scan it. Normally, at this step, you should scan the QR code with your mobile phone app. The wizard suggests using Microsoft Authenticator. With a work-account, login to and select Security Info. The following step-by-step guide shows how to add KeePass as an authenticator-app. More, availability of keepass-third-party plugins help the embarking but even the “raw” KeePass, starting from the last version (2.51), can be easily used. KeePass, the well-known password manager, ships with a built-in support for TOTP protocol, making it good candidate for using in the MFA process. It just needs to implement the TOTP protocol. However, it is also possible to setup a third-party authenticator application for MFA. Microsoft work-accounts / Azure AD easily integrate with Microsoft Authenticator for Multi-Factor Authentication.
Also, the number of iterations is configurable (6000 is only the default value).Using KeePass as MFA sign-in method with Microsoft work-accounts In "custom password derivation process", the "custom" is a scary word. This assumes that the password derivation process is not flawed in some way. But with two PC that's only 25 million years. You're in for 10 20*0.5/32000 seconds, also known as 50 million years.
With ten random characters chosen uniformly among the hundred-of-so of characters which can be typed on a keyboard, there are 10 20 potential passwords, and brute force will, on average, try half of them. With a quad-core recent PC (those with the spiffy AES instructions), you should be able to test about 32000 potential passwords per second. The default number of iterations is 6000, so that's 12000 AES invocations for processing one password (encryption is done on a 256-bit value, AES uses 128-bit blocks, so there must be two AES invocations at least for each round). KeePass uses a custom password derivation process which includes multiple iterations of symmetric encryption with a random key (which then serves as salt), as explained there.
0 kommentar(er)
