On Sat Feb 14, 2026 at 10:42 AM PST, Stuart Henderson wrote:

> On 2026/02/14 17:13, sysop@ubik.com.de wrote:
>> Without looking at the code, the actual risks seem (imo) low, but I
>> don't know your threat model.
>
> if some random process run by your uid is not allowed to read the
> password without confirmation, it should not be able to read an otp key
> either. (*possibly* an otp calculated value might be ok, but the key is
> *at least* as sensitive as a password, probably more so).

A process should be able to read the attributes it created itself
without confirmation (im).  Otherwise, having to mash confirmations all
the time defeats the point of these things anyway.  It's a balance.

Re: OTP, common sense tells me to not use it this way.  That is, if I
were to even use keepassxc for OTP, I'd keep that in a separate entry
outside of the designated group for secret service.

I realize that approach may not be obvious to everybody.

Cheers