Only display TOTP code on click

[du33169]

Is your feature request related to a problem? Please describe.
Currently, KeePassDX displays all TOTP codes after unlocking the database.
Describe the solution you'd like
Hide them by default and click to show, like most other TOTP apps.

Describe alternatives you've considered

Additional context
It might be better to use monospaced font to align TOTP codes for better visual appearance.

[J-Jamet]

It's not an argument that other applications do a feature in a certain way. As far as I'm concerned, there's no argument for hiding TOTP code once the database is open, it just adds another step to access the information.
If you don't want to see them as soon as the database is open, you can put them in a group.

And even when you look at other TOTP applications, I don't think that's the majority.
I took TOTP application samples and just looked at the screenshots :

https://f-droid.org/en/packages/com.beemdevelopment.aegis/ NO
https://f-droid.org/en/packages/com.u2fa.secur/ NO
https://f-droid.org/en/packages/org.liberty.android.freeotpplus/ YES
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en NO
https://play.google.com/store/apps/details?id=com.totp.authenticator&hl=en NO
https://play.google.com/store/apps/details?id=com.authenticator.authservice2&hl=en NO

[michaelschattgen]

https://f-droid.org/en/packages/com.beemdevelopment.aegis/ NO

Just chiming in to say that we do support 'Tap to reveal' / hidden codes in Aegis as shown below.

[du33169]

It's not an argument that other applications do a feature in a certain way.
As far as I'm concerned, there's no argument for hiding TOTP code once the database is open, it just adds another step to access the information. If you don't want to see them as soon as the database is open, you can put them in a group.
And even when you look at other TOTP applications, I don't think that's the majority.

I apologize for the arbitrary phrase “like most other apps”, which lacks research. As far as I know, 2FAS, Ente Auth and Aegis support it.

I understand your point. I submit this feature request not simply because some other apps have it, but because I believe some users might find it useful or appealing, and I don't think I'm the only one. It doesn't need to be enabled by default if most users prefer straightforward access, offering as an option would suffice.

The point of Tap to Reveal is to restrict or minimize access, i.e., if I open the app to retrieve the TOTP code for a particular site, it should not expose the codes of others. (Device-level screen blocking is not a silver bullet.) Or, hiding them by default can also provide mental reassurance about security, at least for me.

[J-Jamet]

That makes more sense, I agree, if clicking on the hidden TOTP allows it to be revealed and copied at the same time, and if we set a parameter to hide or not, all the needs will be met. I like that.

[cbiere]

Currently, KeePassDX displays all TOTP codes after unlocking the database.

You can actually disable that already:

If you use the magic keyboard, like you should, it won't be revealed visually at all by KeePassDX - but most likely by the form field you enter it into.