Jump to content
Enpass Discussion Forum

Recommended Posts

Hi @BMO,

Welcome to the forums!

I would like to inform you that we already have a feature request for the same and aligned for implementation in the future. Meanwhile for better safeguarding of your Enpass data you can also add a Keyfile along with the master password which becomes an additional requirement along with your master password to unlock Enpass app.

Hope this helps!

Link to post
Share on other sites

I know this feature. THX.
However, a Youbikey would provide not only for increased security, but also for convenience at the same time!

Link to post
Share on other sites
  • 2 weeks later...

Hello,
as I store more and more passwords on Enpass, I'm starting to get scared regarding security.
If my master password is spied out, all my passwords are open.
In the office we use yubikeys. This would alleviate that worry a bit.
Will there be any support in the near future?
If not I would have to switch to competitor unfortunately.

Can you give a date?

Link to post
Share on other sites
7 minutes ago, Servus100 said:

Hello,
as I store more and more passwords on Enpass, I'm starting to get scared regarding security.
If my master password is spied out, all my passwords are open.
In the office we use yubikeys. This would alleviate that worry a bit.
Will there be any support in the near future?
If not I would have to switch to competitor unfortunately.

Can you give a date?

 

An excerpt from an article about Password Managers

This becomes fatal in combination with cloud synchronization. By synchronizing via a cloud service provider, the user effectively gives control of the password database into foreign hands. In any case, into the hands of the cloud service provider, possibly also into the hands of the state in which it has its headquarters and data centers, and are we really 100% sure that the transport encryption commonly used nowadays has no weaknesses?

Once the database is in the hands of interested third parties, they can start using a stone-age instrument - the brute force attack. Unlike modern smartphones, the database does not delete itself after x failed attempts and many programs do not even temporarily block access. It is therefore only a question of time and the quality of the password.

If synchronization via a cloud service is unavoidable, it is essential to choose a program that supports such two-factor authentication

That makes with worry

Edited by Servus100
Link to post
Share on other sites

On top of that, you have to add that Enpass is closed source, and makes outbound requests while the database is decrypted. 

So even with a yubikey, but yeah it would still be a huge improvement 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...