Search the Community
Showing results for tags 'two-factor'.
Hello! I would like to know if there is an 2FA-Option additionally to the Master-Password when I open my Passwortmanager? Of course I hope, that nobody cracks my Master-Password. However "better safe than sorry" ... since 2FA is an important security-feature, I wonder why this option to add an 2FA (and I don't mean the Logins for my inside-Password) is not available yet? Or did I miss it? Thanks for your answer in advance. Best Regards
Enpass currently works well with the standard TOTP implementation of a numeric, 30 second interval TOTP code which makes it possible to use most services that offer this sort of authentication. Due to it supporting custom digits, it not only works with the standard 6-digit, but also with some different ones like Blizzard's 8-digit authenticator (which I use just fine with Enpass). What Enpass still lacks in this regard is support for custom time interval and also Steam's 5-digit alphanumeric standard. I, for instance, have to use another authenticator for services like 'Twitch' and 'Mercado Livre' which use 7-digit 10-second TOTP codes (which I believe is Authy's own standard) and Steam (I believe Bitwarden is the only one that currently offers working TOTP for all of these). I know there's currently a thread which is a little over 4 months old about Steam's TOTP, but I couldn't find anything regarding custom time intervals in the feature request so I figured I should post it and hope it gets done sometime in the future
Just a thought I'd like to share. With the introduction of time-based OTP in Enpass, you are able to use your one-time passwords from within the Enpass client. While this saves time for browsing to another OTP client (such as Google Authenticator), it does decrease the level of security. One-time passwords are usually used as the second factor of two-factor authentication. In most cases, these two factors are 'something you know' (your password) and 'something you have' (your phone with the OTP app on it). With the integration of OTP in Enpass, these two separate factors become one as they are both 'something you know/have/stored in the Enpass database'. Have you considered this decreased level of security? I know using OTP in Enpass is optional and the chance of someone obtaining and cracking the SQL database is low, but still the principle of two-factor authentication is thrown out the window by storing both your password and OTP in one place.