Jump to content

treege

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About treege

  • Rank
    Newbie
  1. Just a thought I'd like to share. With the introduction of time-based OTP in Enpass, you are able to use your one-time passwords from within the Enpass client. While this saves time for browsing to another OTP client (such as Google Authenticator), it does decrease the level of security. One-time passwords are usually used as the second factor of two-factor authentication. In most cases, these two factors are 'something you know' (your password) and 'something you have' (your phone with the OTP app on it). With the integration of OTP in Enpass, these two separate factors become one as they are both 'something you know/have/stored in the Enpass database'. Have you considered this decreased level of security? I know using OTP in Enpass is optional and the chance of someone obtaining and cracking the SQL database is low, but still the principle of two-factor authentication is thrown out the window by storing both your password and OTP in one place.
×