nkapp2 doc update (#493)

---------

Co-authored-by: jans23 <[email protected]>

Author: alexgithublab

source/components/software/nk-app2/images/FIDO2-menu.png

@@ -1,24 +1,27 @@
 Nitrokey App 2
 ==============
-Nitrokey App 2 is the graphical application for Nitrokey 3 devices. For Nitrokey Pro and Nitrokey Storage, use `Nitrokey App 1 <https://www.nitrokey.com/download>`__ instead.
+
+The Nitrokey App 2 is a graphical application designed to manage Nitrokey 3 devices. It provides a user-friendly interface for configuring FIDO2 authentication, passwords, firmware updates, and PIN management.
+Available languages: English, German, French, Italian, Polish, and Arabic. Language change requires application restart.
+
+.. note::
+
+   This application is compatible only with Nitrokey 3 devices. For Nitrokey Pro and Nitrokey Storage devices, please use `Nitrokey App 1 <https://www.nitrokey.com/download>`__.
 
 Installation
 ------------
-Download it for `Linux <installation-linux.html>`__ , `Windows <installation-windows.html>`__ or `macOS <installation-mac.html>`__ (pipenv only).
 
+Download it for `Linux <installation-linux.html>`__ , `Windows <installation-windows.html>`__ or `macOS <installation-mac.html>`__.
 
-Supported Features
-------------------
 
-- Updating the firmware
-- One-Time Passwords (OTP)
-- Password Storage
+Getting Started
+---------------
 
-Planned Features
-----------------
+- `Passwords <./passwords.html>`__
+- `PIN Managment <./pin.html>`__
+- `KeePassXC <./keepassxc.html>`__
+- `Firmware Update <./update.html>`__
 
-- PIN management
-- macOS support
 
 .. toctree::
    :maxdepth: 1
@@ -27,3 +30,24 @@ Planned Features
 
    *
 
+Overview
+--------
+
+.. figure:: ./images/overview.png
+
+
+The overview allows quick access to check the current app version, saving log files, and getting support.
+
+
+App Version
+***********
+
+To ensure you are using the latest version of the application, click “Check for App Update.” 
+If no updates are available, the button will display “App is up to date.”
+If an update is available it will change the button text to "update available"
+And by clicking once more it will open the release GitHub page where the latest one is on top. From here you will be able to download the binary if you want to do perfom a manual install
+
+Log File
+********
+
+The “Save Log File” option lets you export a record of the application’s recent activity, including actions, errors, and system messages. This log file can help diagnose and resolve issues with the application.

source/components/software/nk-app2/images/HOTP-secret.png

@@ -1,25 +1,73 @@
 Passwords
 =========
 
-.. note::
-    You can store up to 50 passwords.
-
 Password entries may consist of:
 
-* Login
+* Login name
 * Password
 * Comment (for e.g. a website reference)
-* OTP (HOTP or TOTP)
+* One-Time Passwords (HOTP and TOTP)
+* Hash-Based Message Authentication Code (HMAC)
+
+.. note::
+
+    All fields are optional and can be edited and added at any time using the "Edit" button.
+
+    You can store up to 100 passwords.
+
+.. figure:: ./images/credential-example.png
+
+
+Adding Credentials
+******************
+
+1. To add a new entry click on the "Add" button.
+2. Enter your user name.
+3. Enter the password or OTP secret
+4. You can enter the web address to the field Comment.
+5. If you want to store a regular password, let "None" in the algorithm field. If you want to store a OTP or HMAC, choose the appropriate algorithm (see below) and copy the OTP secret or QR code that is given by the website (you want to login to) into the field next to it.
+
+    .. figure:: ./images/TOTP-secret.png
+
+    .. figure:: ./images/HOTP-secret.png
+
+6. You can choose to add more security by checking the "Require PIN" or "Require Touch" boxes. Credentials with "Require PIN" (shown as a closed lock) can only be accessed by entering a device the PIN when clicking on "Show Protected Passwords". Unprotected credentials (shown as an open lock) can be accessed without entering a device PIN.
+
+7. Once all desired fields are filled click on "Save".
+
+.. Note::
+
+    You need first to set a device PIN before using "Require PIN". Otherwise it will show an error.
+    The device PIN can be set or changed in the `settings <./pin.html#passwords>`__).
+
+.. important::
+    
+    You are allowed only 8 attempts to enter a device PIN otherwise you will not be able to access or create new credentials and you will need to perform a factory reset in order to use this feature again.
+
+Login
+*****
+
+Once your credential is stored you can login to your account with these steps:
+
+1. Select on the left side your Nitrokey on which your credential is stored.
+2. Click on the "Passwords" tab.
+3. Click on your desired credential, if your credential is protected click on "Show Protected Passwords" first.
+4. If it's a regular password, copy the username and the password into the login prompt. If it's a OTP credential, click the “OTP” icon to generate the OTP and enter the OTP code into the appropriate field in the login prompt. (For HOTP, press the button again to generate a new code.)
+
+    .. figure:: ./images/TOTP-code.png
 
-All fields are optional and can be edited and added at any time using the "Edit" button.
+OTP Algorithms
+**************
 
-For a list of websites supporting OTP have a look at `dongleauth.com <https://www.dongleauth.com/>`__.
+One-Time Passwords (OTPs) are used as multi-factor authentication (MFA) designed to make it much harder for hackers to access protected information such as online accounts.
+With the Nitrokey App 2 and your Nitrokey you can use two different MFA:
 
-Usage
------
+* TOTP or Time-based One-Time Password is a two-factor authentication code that changes at regular time intervals (e.g. 60 seconds). This is the standard typically used by websites.
+* HOTP or HMAC-based One-Time Password is a two factor authentication code that changes each time it's requested and validated. It is rarely used today.
+* HMAC is primarily used with KeePassXC.
 
-Entries are divided into two categories: unprotected (shown as an open lock) and protected (shown as a closed lock). Unprotected entries can be accessed directly. Protected entries can only be accessed with the PIN. 
+.. Note::
 
-You can choose to create a protected entry by checking the "Protect with PIN" box when adding a new entry.
+    For a list of websites supporting OTPs have a look at `dongleauth.com <https://www.dongleauth.com/>`__.
 
-You also have the option to require user presence in the form of a required touch on the Nitrokey 3 to access the entry by checking the "Require User Presence" box.
+You can test TOTP with `this <https://authenticationtest.com/totpChallenge/>`__ website.