May 16, 20187 yr I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this: We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager. We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.
October 18, 20187 yr I also agree. YubiKey challenge-response mode can be used as an alternative to master password or pin. Keepass has it.
January 23, 20197 yr +1 Would be nice to use my 2FA security key (yubico) to open/unlock the vaults. Even on mobile with NFC or even if I have more than one 2FA keys. I mean assign more than one yubikey to the vault.
March 9, 20196 yr I would love also to see support for Yubikey token devices, especially since as Apple opened the NFC interface to allow apps to read. And Yubico also provides a SDK for dealing with it on iOS. With that the suggestion that not all mobile plattforms are supported (probably cause of iOS) does fall in my eyes, since majority devices does feature NFC or a USB port, making it useful for probably over 90% of the Enpass users. What I have in mind for the use would be the choice of a dual auth (so you can use your passphase OR the token) or a combined auth (user passphase and a token from the yubikey). The dual auth variation would be nice for my parents, since we had it already that they forgot the passphase and we had to redo all... thank god it was at the beginning and still easy to readd everything. Besides not all Macs come with a TouchID, so this could give us the same benefit as the TouchID fellows. Also I wouldnt mind it being a premium feature, I mean after all its work and that needs to be rewarded. Edited March 9, 20196 yr by grimneko
March 12, 20196 yr +1 from me as well. Yubikey is working well in offline environment. I don't see any technical reason why U2F or challenge-response mode would not be suitable for the Enpass. I agree - for redundancy there has to be second option to open vault besides Yubikey (or any other hardware token). Otherwise loosing HW token would render your vault inaccessible. It could be master password, second HW token, etc.
March 18, 20196 yr Lack of U2F support is the one thing keeping me from switching to Enpass. Should be supported on both mobile and desktop.
May 9, 20196 yr hello. as you probably know Yubikey supports offline operation and, for instance, it's actually used to open encrypted volumes with LVM https://github.com/cornelinux/yubikey-luks LVM uses 8 slots to store passwords, which means that it's possible to set 8 different password or yubikey challenges. In other words, if the yubikey is lost, you can use the password, if the password if forgotten you can use they yubikey. We (the users) don't understand what you see as being wrong with this implementation. What you think the guy of the project above for LVM did wrong?
July 22, 20196 yr If you do not have support for Windows hello, I do not see any possibility of implementing this ...
July 22, 20196 yr I don't understand the link between yubikey and Windows Hello. And if they include a 2FA with a yubikey, the goal is for a professional usage, and of course must include Linux/Mac (without windows hello of course)
July 27, 20196 yr +1 - lastpass already have it https://www.lastpass.com/yubico Edited July 27, 20196 yr by dnf
September 27, 20196 yr Yes, agree! I do not see why there is TouchID as a premium feature and not yubikey.
Create an account or sign in to comment