Fadi

@Abhishek Dewan any idea when it will be released? Because this feature is being requested from past several years but it is yet to be implemented.

@Thoughts? So in short 2FA or FIDO2 cannot be implemented with enpass and once your system got hacked and hacker keylogged you and downloaded your database and enpass key file there is nothing you can do to protect yourself? Bitwarden is way better than loosing my all passwords just because enpass is not able to implement 2FA which i am not sure why is not possible to implement even with yubikey. Because no matter where you secure your key file even in cryptomator enpass requires access to that file and once the cryptomator vault is unlocked you can access all files using any RAT. So how come enpass calls it self secure when you have to have access to key file or master password which can be keylogged or even key file can be stolen? Just because enpass is encrypting database is not enough. What enpass is doing to secure that database once key file and database and master password gets stolen?

I don't think they are going to implement any 2FA or FIDO2 in near future not at least for next 5 years as they already spent several years ignoring this feature request.

@Steve Hansen @Thoughts? Well there is another option also which can be implemented which is using hardware security key like yubikey or you can save that 2FA code in encrypted enpass database. This will add security layer because that 6 digit code is not generated on computer instead it will be generated on mobile device. Until we do not enter 2FA or plugin hardware key it will not be unlocked like key file. But keeping key file on same pc even in encrypted cryptomator drive won't work because in the end you have to unlock cryptomator to access key file. But otp gets generated on mobile phone or using yubikey is much more safer way to implement encryption instead of using key file. I am amazed to hear that it cannot be implemented or even will not protect encrypted files if that is the case than why bitwarden has it? If you are not using cloud version and using self hosted version like enpass it still has those security implementations to secure the vault and database. If 2FA or FiDO2 do nothing to secure anything then i think all those giants are dumb who are moving to those options doesn't matter if it is online or offline. Thank you Thoughts? But the approach you have mentioned i have already implemented. The problem is once your cryptomator vault is unlocked it can be access remotely and without unlocking vault no one will be able to access their enpass database and in real world case scenario if your system is hacked by a RAT then cryptomator vault/drive can also be accessed remotely. So in short 2FA or FIDO can be implemented. There is not even a single possible reason or explanation which justifies that it cannot be implemented or implementation of these will not secure your database.

@stefmanWell it sounds like no buddy cares about security. Even after what happened to LastPass Enpass must consider adding security layers for data stored in enpass but no support for hardware keys no support for 2FA. No major new features released since last year, and we do not even know where the roadmap is located, so we can see when it will be implemented and i have no longer any hope for this in near future.

@Pratyush Sharma using key file is not an effective option since it must be stored on same pc we use and once a pc gets hacked keyfile + database + password keystrokes can be stolen from same device so where is that security which stop hackers from getting access to our passwords?

Any news on adding pcloud?

Well since past 2 years i have been using enpass and it worked as expected but some how it was lack in security of data as i described it few months ago in this thread below I have been waiting for Enpass team to get it done but it seems there is no chance of getting 2FA any sooner and i have ended up deciding to stop using enpass until it gets this feature as there is no point is using something what it is supposed to do at it's best but this issue regarding stealing data and password from enpass using malware is scaring me. Thank you enpass team for listening to my requests. Even though I am a lifetime subscriber I am going to stop using it. Sad to leave enpass and moving to other much secure option as i am a security freak and my 20 years of online experience dosn't allow me to use something unsecure as enpass. Have a great future and will see if enpass gets much more secure than maybe some day i will move back to it but until than BYE BYE

Any updates about this?

Thank you @stefman and @Abhishek Dewan i hope this will be implemented very soon.

+1 must have this feature.

@Abhishek DewanThank you for your concern but once a system is hacked and hacker got all files of enpass and he keylog that system there is no point in bruteforcing as he already have password and can unlock vault. Adding 2FA to secure it more will be a better way even if a hacker got keyfile, vault and password he still must need 2FA code to access that vault.

As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share. 1: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key. There is no option to set or change default primary vault if i want to. 2: Even if you have created primary vault with enpass key it can be hacked very easily. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. So when a hacker have access to a pc having enpass keyfile does not make it secure. I am a security researcher and i know what i am talking about. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it. even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives. Also please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault. I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know.

i also requested this a long time ago but i was being told to create tag in enpass and save websites using that instead of having a simple button in enpass option to bookmark a page with just a single click.

@Abhishek Dewan I have 2 vaults in macbook app and i have created keyfile for secondary vault. Yes i know when we restore vault it requires keyfile and password but every time i try to restore vault it says keyfile and password does not match. i have tried this 3 times as i have described in details above. I never ever tried to restore vault without keyfile or even with wrong keyfile. after first time i thought i have made mistake and keyfile is wrong but after testing this 2 more times very carefully generating key file and loading it again to restore i always get error that keyfile and password does not match. i have even tried ti note down my password and generated keyfile in separate folder but still error was same.