Thanks for the suggestion. Actually, Enpass is an offline password manager and doesn’t keep any of your information on any cloud/server. Two factor authentication is generally used in online services where the requested data is transmitted after validating the user through a second factor (generally an OTP on phone or email) and works as an extra protection, which is not at all required in case of offline services as your data is with you only.
Also, being offline is not a limitation of Enpass but gives you a peace of mind that your data is with you only. But to add extra randomness to your Master Password, you can use a KeyFile in Enpass. A KeyFile gets appended to your Master Password before the actual encryption or decryption of your data happens. So, even if someone, somehow gets access to your data and your Master password is also compromised (a worst case scenario), your data is still safe as the KeyFile is required to decrypt or access your data.
2FA like fido2 can prevent from a keylogger virus/attack and I think you have to consider it.
Implement FIDO2 / SQRL 2FA to Login
in Feature requests
Posted
2FA like fido2 can prevent from a keylogger virus/attack and I think you have to consider it.