Setting up 2FA with KeePassXC

1. Setting up a KeePassXC database

Once you have opened KeePassXC, you will first need to set up a database. This is where the TOTP secrets are stored securely.

  1. Launch KeePassXC.
  2. Click on “Create Database” or, via the menu, select “Database” and then “New Database…”.
  3. Enter a name for the database.
  4. Leave the encryption settings unchanged and confirm by clicking the “Next” button.
  5. Choose a secure password for the database. If KeePassXC flags your password as insecure, it is too short. (You can also specify a key file.)
  6. Click “Finish” and then select a save location in the “Save Database As” dialogue.

The database for KeePassXC is now created. You can now use it to manage multiple passwords and TOTP database entries.

Note

If you are working exclusively on the university network, it is advisable to save the database in your home directory on the central file server (usually drive H:). In this case, no further backup is required.

In all other cases, the database file should be backed up, just like all other data.

2. Set up a database entry with TOTP

Once the database you have created or an existing one has been opened in KeePassXC, you can now configure an entry for TOTP. It is advisable to change the time settings in KeePassXC first.

Change time settings

  1. Click on the cog icon or go to the menu and select “Tools” and “Settings”.
  2. Go to the “Security” tab.
  3. Change the “Clear clipboard” setting to “30” seconds.
  4. Click the “OK” button to save the change.

Set up a database entry

  1. Click on the plus icon or select “Entries” and “New entry …” from the menu.
  2. Enter the title “2FA University of Greifswald” and enter your username for the database entry.
  3. Click “OK” to save the database entry.
  4. Right-click on the database entry or select “Entries” from the menu.
  5. Under “TOTP”, select the menu item “Set up TOTP …”.
  6. Log in to the account management portal using your username and password.
  7. You will now see a page with a QR code. Under Option B: Manual Setup, click the “Show details” link.
  8. Copy the TOTP secret using the “Copy” link.
  9. In KeePassXC, paste the TOTP secret from the account management into the “Secret Key” field (CTRL + V).
    This helps you avoid unnecessary errors when copying, such as extra spaces.
  10. Click “OK” to save the TOTP secret (secret key) in KeePassXC.

Attention

To successfully set up your two-factor authentication, you must complete the final step, “Complete 2FA setup”. Otherwise, the TOTP secret will not be linked to your account, the database entry in KeePassXC will become invalid, and you will generate invalid TOTP codes. 

3. Complete the 2FA setup

  1. Select your database entry in KeePassXC.
  2. Right-click on the database entry or select “Entries” from the menu.
  3. Under “TOTP”, select the menu option “Show TOTP”.
  4. A six-digit code is now regenerated every 30 seconds. If you still have enough time, click “Copy”; otherwise, wait a moment until a new code is displayed.
  5. Go back to Account Management and paste the code into the “TOTP Code” field (CTRL + V).
  6. Click the “Confirm” button.

This completes the setup of two-factor authentication for your account. If 2FA is required for logging into various University of Greifswald online services, KeePassXC is now configured with your database entry to generate further TOTP codes.

Click-by-click guide

The step-by-step guide below will help you follow the individual steps visually.