How to setup TOTP in KeePassium

KeePassium can generate time-based one-time passwords (TOTP) for services that require two-factor authentication. For security reasons, you should not keep your passwords and TOTP tokens in the same database.

Using QR code

This feature is planned for one of the future updates. In the meanwhile, TOTP setup requires a bit of manual interaction.

Using a TOTP secret key (token)

When you setup two-factor authentication on a website, choose the option to enter the TOTP secret code manually:

Screenshot: TOTP secret key for a Google Account
TOTP secret key for a Google Account

Now, open your database in KeePassium (or any other KeePass app), and open entry editor.

Create two custom fields:

  • TOTP Seed with value 30;6 (these are the refresh interval in seconds, and the number of digits in generated codes, respectively)
  • TOTP Settings with your TOTP secret key (spaces and capitalization don't matter)

The result should look like this:

Screenshot: Working TOTP setup in KeePassium
Working TOTP setup in KeePassium

Some websites will provide you an otpauth:// link instead of the secret code:

Screenshot: TOTP setup for Mailbox.org
TOTP setup for Mailbox.org

In this case, instead of the two fields described above (TOTP Seed and TOTP Settings), create just one field named otp. Copy the URL to that field — and that's it.

Steam TOTP setup

Valve's Steam service has its own TOTP format. KeePassium can generate Steam TOTP codes, too.

Open the Steam entry in your database and create two custom fields:

  • TOTP Settings with value 30;S (30 is the refresh interval, and S means that TOTP codes should have Steam-specific format)
  • TOTP Seed with the secret key

There is no easy way to extract Steam's secret key, but this is possible. For more details, please follow this guide: How to get your Steam shared_secret key).

Troubleshooting

Generated TOTP codes seem invalid

  • Make sure the system time on your device is correct. Even a 30-second deviation can make generated codes invalid.
  • Make sure that the secret key is entered without typos.

Last Updated: 2019-12-01