Jump to content
Enpass Discussion Forum

boistordu

Members
  • Posts

    8
  • Joined

  • Last visited

  • Days Won

    5

Posts posted by boistordu

  1. I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this:

     

    We know that it should be for web app but if you say was the ONLY usecase then

    -> we wouldn't use it to auth in windows 7 locally

    -> we wouldn't use it to auth in keepass locally

    -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY

    Should I continue?

    Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager.

    We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.

     

    • Like 14
  2. I wanted to rectify something here because we are at a time where conspiracy theory need to be challenged.

    Lastpass doesn't store the credentials. Lastpass have been subjected to many challenged since it was one of the first password managers and have even been subject to challenge from the blackhat community as presented here. How do works lastpass is explained here by independent expert.

    1password is not more costly than other payed solution like dashlane which is very much alike. 

  3. Hi,

     

    I think that it would be important for us, customer, to understand what's your business model. As a security app, we should be able to know how would you work?

    So How can you make money on your app? Do you work like keepass, you have other jobs and do that as a side job (which is absolutely not a problem if there is not conflict of interest)? If you were a european company, 9 euros for only buy once the mobile app would be really not enough to survive for that big of a team. How can we trust a company that we don't know how do they make money? Especially with the problems with facebook etc. Any attempt to levitate this subject won't be very good for your image so I would suggest a frank answer to that and statement. 

     

  4. Hi,

     

    You've described that the master password doesn't change from one device to another but need the new one for sync.

     

    Would you care to explain how do your encryption works? 

    As @TroyHunt, security researcher, say on twitter and on hist website, I don't think it's a problem for you to say that since the technology is under public patent. So How does it work in your software ? How is it possible that we don't need to change the master password on the local device? Which algorithm do you use? 

     

    If you are able to explain that, I think it would give more strenght to your brand image. 

    best regards

×
×
  • Create New...