Niko_K

@morten_bendtsen: Apple iOS devices are only supported up to iPad2. Everything more recent (iPad3+, iPad mini...) will not work with the linked possibilities (due to some change it the apple firmware I guess). In general I am not so sure anymore that the solution has to be U2F and that the password has to be replaced by it. A better approach seems to be adding a yubikey to the password... However, Yubikeys allow to login into Windows using HMAC-SHA1, so maybe this is the way to go when adding some security using yubikeys as a second factor.

@Vinod Kumar: Yes... the code is experimental (that's why I talked about "proof-of-concept"), but it also shows that something like U2F makes sense for offline applicatiions, doesn't it? @morten_bendtsen: NFC in a yubikey is a great feature for mobile devices, but do you known about support for iOS (and maybe windows phone)? Isn't this something that works with android only? However, I will try to grab some yubikeys and do some testing with them (for logging into the OS for example :-))

Using a yubikey with a static password is a great idea... thanks @morten_bendtsen (I did not know that this is possible). It is exactly what I wanted to do (although I just found out that this won't work on an iPad... so I'm stuck here somehow :-)) As far as I know there is a "proof-of-concept" with sqlcipher and mfa (https://github.com/sqlcipher/sqlcipher-mfa), so maybe that's something to consider (that's what you talked about @Stahlreck, right??) :-) @Anshu kumar: I do not get your point... why should U2F be only limited to online services?? In fact extending the master password with a second factor would make things more secure, wouldn't it??

It would be great if one could login to enpass using a FIDO U2F security key (or another other U2F dongle, e.g. the yubikey). Would that allow us to get rid of the last passwort to remember (the master passwort to enpass)?? That would be replaced by a USB device (or even a biometric scanner that supports U2F :-)).