When login to nc i use my phone to generate the 2nd factor.
If phone is not in range i will use my tablet as 2nd verification generator instead.
How can i make nc16.0.3 generating a second QR Code for my tablet?
QR Code for the phone comes automatically by enabling TOTP but i don’t want to disable and re-enable TOTP again…
NC will only present the QR code once… However, depending on the TOTP app you’re using on your phone, you might be able to export or display that QR code again.
If both devices are Apple, you may be able to sync the TOTP app data with iCloud. Authy also has an option to sync between devices I believe. If you used Google Authenticator then you may not have any other options.
Authy on iOS is also, what I am using - recommding it strongly. Authy will also show you the QR code for each stored TOTP secret, even without syncing through iCloud…
I don’t have 2 iOS devices so there is no way to sync between 2 apple devices.
Never the less, there should be a trigger to enable QR Code more than once…
Is it possible, to disable TOTP and reenable it with making a screenshot of the new QR for further devices? Will i loose all my app-tokens in that case??
I believe in the exact opposite!
You already have an option to save the screenshot of the QR code during creation.
Providing tools to recover the key introduces nothing but vulnerability…
Yes, you can do that. In the end, the secret ist just the starting point of the pseudo-random number generator, you’re initializing with this code and that would be the same on any device you feed the secret to.
If you disable TOTP for your account and re-enable it, you will be presented a new QR code, which you can use for that. Print it out and file the sheet in a cabinet - safe from cyber attacks.
But that didn’t happen
I disabled TOTP and re-enabled it → got a new QR Code and saved it to my keepass2 as file attach. Deleted the file after that.
And all my Tokens were still there…and continued working
You mean you application passwords? They are not derived from the TOTP code and are completetly separate - so yes, you are to keep them, even when swapping the TOTP secret.
Again, I believe the opposite.
The creator should authorize the device so just one can be used.
This makes the saved picture of the QR a useless piece of paper…
@anon71540698, this is not possible with TOTP. As I explained earlier, the TOTP secret ist the IV (initialization vector) for a PRNG, a pseudo random number generator. This generator will always create the same “random” numbers for a given point in time, so it’s “reusable” by nature and the server can’t tell if the provided pin came from one device or the other.
I also deem it safe enough to print out the QR code and file it in a drawer, as someone would have to brake into your house/office on purpose, to get that paper.