Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this:

 

We know that it should be for web app but if you say was the ONLY usecase then

-> we wouldn't use it to auth in windows 7 locally

-> we wouldn't use it to auth in keepass locally

-> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY

Should I continue?

Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager.

We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.

 

  • Like 14
  • 1 month later...
  • 1 month later...
  • 1 month later...
  • 3 months later...
Posted

+1

Would be nice to use my 2FA security key (yubico) to open/unlock the vaults. Even on mobile with NFC or even if I have more than one 2FA keys. I mean assign more than one yubikey to the vault.

  • Like 1
  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...
Posted (edited)

I would love also to see support for Yubikey token devices, especially since as Apple opened the NFC interface to allow apps to read. And Yubico also provides a SDK for dealing with it on iOS. With that the suggestion that not all mobile plattforms are supported (probably cause of iOS) does fall in my eyes, since majority devices does feature NFC or a USB port, making it useful for probably over 90% of the Enpass users. What I have in mind for the use would be the choice of a dual auth (so you can use your passphase OR the token) or a combined auth (user passphase and a token from the yubikey). The dual auth variation would be nice for my parents, since we had it already that they forgot the passphase and we had to redo all... thank god it was at the beginning and still easy to readd everything.

Besides not all Macs come with a TouchID, so this could give us the same benefit as the TouchID fellows. Also I wouldnt mind it being a premium feature, I mean after all its work and that needs to be rewarded.

Edited by grimneko
Posted

+1 from me as well.

Yubikey is working well in offline environment. I don't see any technical reason why U2F or challenge-response mode would not be suitable for the Enpass.
I agree - for redundancy there has to be second option to open vault besides Yubikey (or any other hardware token). Otherwise loosing HW token would render your vault inaccessible.
It could be master password, second HW token, etc.

  • 2 weeks later...
  • 1 month later...
Posted

hello. 

as you probably know Yubikey supports offline operation and, for instance, it's actually used to open encrypted volumes with LVM https://github.com/cornelinux/yubikey-luks

LVM uses 8 slots to store passwords, which means that it's possible to set 8 different password or yubikey challenges. In other words, if the yubikey is lost, you can use the password, if the password if forgotten you can use they yubikey. 

We (the users) don't understand what you see as being wrong with this implementation. What you think the guy of the project above for LVM did wrong? 

  • 1 month later...
  • 4 weeks later...
  • 2 weeks later...
Posted

I don't understand the link between yubikey and Windows Hello.

And if they include a 2FA with a yubikey, the goal is for a professional usage, and of course must include Linux/Mac (without windows hello of course)

  • 1 month later...
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...