How can I secure my password-database better?

[AdvancedFabian]

hi guys, I'm a heavy user of ENPASS. Recently I just also bought the abo, I dont like abos, but I'm using the software heavily on phone and computer.

However I have big fear that some keylogger or whatever will logg my Masterpassword. Its somehow strong, but gives the entry to all my passwords, and now I start to add some 2FA...
two questions:
- Is adding 2FA a good idea? Feels like that is destroying the 2FA, because with one password you get access to the password and also 2FA.. Maybe I should leave that in the google-authenticator?
- How can I protect my masterpassword any-better? Is there maybe also a possibility for a 2FA, protect it with another OTP or 2FA or Finger-print? I have no problem to buy a sensor for my computer.

Please give me any tipps which makes it as save as possible.

best regards,

Fabian

PS- i switched my database to my private server, so it is not on dropbox anymore... 1 layer more...

Edited February 8, 2021 by AdvancedFabian

[Ankur Gupta]

Hey@AdvancedFabian

Thanks for writing in!

Your worries about security of your passwords from key-loggers is absolutely justified. Autofilling your passwords—rather than typing—definitely adds another line of defense against them.

Now getting to your queries.

On 2/8/2021 at 4:04 PM, AdvancedFabian said:

- Is adding 2FA a good idea? Feels like that is destroying the 2FA, because with one password you get access to the password and also 2FA.. Maybe I should leave that in the google-authenticator?

You're right that saving one-time codes and passwords at same place is not a good idea as it defeats the purpose of having 2FA. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case (convenience).

On 2/8/2021 at 4:04 PM, AdvancedFabian said:

- How can I protect my masterpassword any-better? Is there maybe also a possibility for a 2FA, protect it with another OTP or 2FA or Finger-print? I have no problem to buy a sensor for my computer.

For better safeguarding of your Enpass data you can also add a Keyfile along with the master password which becomes an additional requirement along with your master password to unlock Enpass app. 

Adding 2FA for unlocking Enpass won't be a genuine solution because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. Neither it can contribute any way into encryption/decryption of local Enpass vault. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other unauthorized devices. 

Let me know if you have any queries.