MatsuShimizu
Well-Known Member
I have wanted to write this tutorial for more than 2 months now, but just don't have time to do it before this. Glad I could finish it this week.
In case you didn't know, KeepassXC is an open-source, cross-platform password manager but it can also be used as a 2FA app. Once I use KeepassXC as my 2FA app, I was able to stop using most 2FA apps on smartphones like Google Authenticator. This tutorial will guide you through the process.
Part 1: Getting started with KeepassXC.
Part 2: How to use KeepassXC for 2FA TOTP. If you already knew how to use KeepassXC, this one is for you. Scroll down to post #2 or click here.
Part 3: How to transfer from Google Authenticator to Aegis or other 2FA apps. Scroll down to post #3 or click here.
Part 4: How to set up and use the Authy app. Authy app is a cross-platform 2FA app. Scroll down to post #4 or click here.
Part 5: Troubleshooting and more tricks. Scroll down to post #5 or click here.
- What did I mean by safer? The problem with Google Authenticator is if I lose the phone, I need to use the backup codes and reset back my 2FA settings. If I lose both 2FA backup codes and my phone, I will lose the entire account.
- With KeepassXC, I can backup my 2FA accounts into a USB drive. As for Authy, my accounts are backed up in the cloud so it is safe.
- Storing your 2FA TOTPs in a password manager is not a bad thing most of the time. It will keep things simple but secure as it should be. More details here.
- For other websites like forums, you can use a password manager with strong, unique passwords. In most cases, you don't need to activate the 2FA on forums if you already used a password manager with strong, unique passwords for all your online account. Read the details here: Do I need 2 factor authentication if I use a password manager - Discussion on Quora.
- Important: Please write the one-time backup codes on a piece of paper. If you lose the 2FA device and your backup codes and secret keys, you will lose the entire account.
Installation:
KeepassXC is available for Ubuntu, Debian, Arch, Gentoo and more.
On Ubuntu:
I prefer using snap because it is more secure according to their documentation.
On Debian:
On other distros:
Read on the official website here for details: https://keepassxc.org/download/#linux
Pros of using KeepassXC as password manager:
- You can set an easy-to-memorize password as your database master password. It is safe as long as you keep the KDBX database offline.
- It comes with a TOTP function, password generator, password strength meter function, the ability to assign a specific icon for any type of password.
Cons of using KeepassXC as password manager:
- If your house gets burned, you will lose your passwords, unless you backup the database somewhere else.
- The database is stored locally on your PC, so you must back it up into a USB drive now and then.
If you don't have the time to backup your passwords, you can use an online password manager like Bitwarden or Lastpass. Watch this tutorial on Password Bits on how to get started with Bitwarden.
General tips about password manager:
- Use strong, randomly generated passwords for your online accounts. A strong password must contain at least 20 characters with random characters.
- Use the KeepassXC password generator to generate and measure the strength of your password.
- The KeepassXC password generator/strength meter is the best so far when compared to other password strength meters I've found on search engines. If the password shows excellent on the KeepassXC strength meter, it will pass other password strength testing sites. Watch the animated GIFs below for demonstrations.
If the GIF image is not clear, click on it to enlarge.
I don't use my real password on the above GIF image. It is just a randomly generated password.
Related sources:
KeepassXC support forum at Github: Click here
KeepassXC homepage: keepassxc.org
KeepassXC browser extension: For Firefox here | For Chrome here
In case you didn't know, KeepassXC is an open-source, cross-platform password manager but it can also be used as a 2FA app. Once I use KeepassXC as my 2FA app, I was able to stop using most 2FA apps on smartphones like Google Authenticator. This tutorial will guide you through the process.
I posted each part of this tutorial on a different post for easy navigation.This tutorial consists of 4 parts:
Part 1: Getting started with KeepassXC.
Part 2: How to use KeepassXC for 2FA TOTP. If you already knew how to use KeepassXC, this one is for you. Scroll down to post #2 or click here.
Part 3: How to transfer from Google Authenticator to Aegis or other 2FA apps. Scroll down to post #3 or click here.
Part 4: How to set up and use the Authy app. Authy app is a cross-platform 2FA app. Scroll down to post #4 or click here.
Part 5: Troubleshooting and more tricks. Scroll down to post #5 or click here.
- From experience, I figure out that using 2FA apps on Linux Desktop like Authy or KeepassXC is much easier and safer rather than using 2FA apps via smartphone.My experience of using 2FA apps on both Linux desktop and smartphone
- What did I mean by safer? The problem with Google Authenticator is if I lose the phone, I need to use the backup codes and reset back my 2FA settings. If I lose both 2FA backup codes and my phone, I will lose the entire account.
- With KeepassXC, I can backup my 2FA accounts into a USB drive. As for Authy, my accounts are backed up in the cloud so it is safe.
- Storing your 2FA TOTPs in a password manager is not a bad thing most of the time. It will keep things simple but secure as it should be. More details here.
- Some websites might ask for your phone number if you don't have 2FA activated. In this case, you have no choice but to use 2FA apps like KeepassXC or Authy rather than giving them your real phone number.General tips about 2FA:
- For other websites like forums, you can use a password manager with strong, unique passwords. In most cases, you don't need to activate the 2FA on forums if you already used a password manager with strong, unique passwords for all your online account. Read the details here: Do I need 2 factor authentication if I use a password manager - Discussion on Quora.
- Important: Please write the one-time backup codes on a piece of paper. If you lose the 2FA device and your backup codes and secret keys, you will lose the entire account.
If you are new to using KeepassXC, watch this video first.Part 1: Getting started with KeepassXC
Installation:
KeepassXC is available for Ubuntu, Debian, Arch, Gentoo and more.
On Ubuntu:
I prefer using snap because it is more secure according to their documentation.
Code:
sudo snap install keepassxc
On Debian:
Code:
sudo apt-get install keepassxc
On other distros:
Read on the official website here for details: https://keepassxc.org/download/#linux
Pros of using KeepassXC as password manager:
- You can set an easy-to-memorize password as your database master password. It is safe as long as you keep the KDBX database offline.
- It comes with a TOTP function, password generator, password strength meter function, the ability to assign a specific icon for any type of password.
Cons of using KeepassXC as password manager:
- If your house gets burned, you will lose your passwords, unless you backup the database somewhere else.
- The database is stored locally on your PC, so you must back it up into a USB drive now and then.
If you don't have the time to backup your passwords, you can use an online password manager like Bitwarden or Lastpass. Watch this tutorial on Password Bits on how to get started with Bitwarden.
General tips about password manager:
- Use strong, randomly generated passwords for your online accounts. A strong password must contain at least 20 characters with random characters.
- Use the KeepassXC password generator to generate and measure the strength of your password.
- The KeepassXC password generator/strength meter is the best so far when compared to other password strength meters I've found on search engines. If the password shows excellent on the KeepassXC strength meter, it will pass other password strength testing sites. Watch the animated GIFs below for demonstrations.
If the GIF image is not clear, click on it to enlarge.
I don't use my real password on the above GIF image. It is just a randomly generated password.
Related sources:
KeepassXC support forum at Github: Click here
KeepassXC homepage: keepassxc.org
KeepassXC browser extension: For Firefox here | For Chrome here
Last edited: