Leaderboard

Hello Fadi - 2FA as in TOTP (authenticator app Authy, Aegis etc.) cannot physically be used to add another protective layer to 'any' offline vault file, physically on your computer. Bitwarden is identical in this regard. If someone stole your computer, and you had Bitwarden desktop installed, providing the computer was kept offline, and the thief knew your e-mail and master password, they could open your Bitwarden vault, even if you had set up 2FA on your account. As mentioned in an earlier comment, encrypting the key file on your computer is a way to add another protective layer. In this situation, the thief would need 5 things. 1 - To know your Enpass e-mail, 2 - master password, 3 - the key file location, 4 - to know that the key file was encrypted and 5 - to know the password used to encrypt the key file. Online or offline, without all that information, the Enpass vault would not open, even if they knew your e-mail and master password. Another alternative is to store your key file on a USB stick. Without the USB, the key file would be inaccessible, making it impossible to open the vault, even with the correct e-mail and master password. 2FA as in TOTP (authenticator app) protects online access to files and information, it's not designed to protect physical files, when offline. Stored in your personal cloud, Dropbox, OneDrive etc. your Enpass vault(s) are protected by 2FA, when enabled in your cloud account. It is purely the offline element of Enpass, that a 2FA authenticator app can't protect. For that to change, Enpass would need to be an online password manager. Which comes with a mixture of advantages, and disadvantages. The key disadvantage being, without access to the internet, or if the company's servers are down, an online-only password manager blocks you from accessing your own passwords. I completely understand your thoughts and concerns, but in order to protect offline physical files, the approach itself needs also to be offline. Encrypting the key file or storing it externally are two such methods, and there are likely others. Whether Enpass might consider a hybrid online approach I don't know, but for myself what I value most about Enpass is having complete control of where my vault(s) are stored, enabling 2FA, in each cloud storage location, having a secure, memorable master password and vitally being able to access critical information regardless whether I'm online or offline or whether Enpass' servers might be down. With every password storage set up, regardless the method, it is ultimately the responsibility of the end user to protect that information. Enpass is built as an offline password manager and why it differs from others. If that approach isn't practical for you, then possibly a different online password manager might be more suitable.

I'm sorry @Fadi but how can 2FA protect a local encrypted file? It's just a fixed key that is used to generate a unique 6-digit number each 30 seconds, there is nothing with 2FA that could possible add any protection to locally encrypted files.