Jump to content
Enpass Discussion Forum

Storing 2FAs & Main email password in your vault (Discussion)


Recommended Posts

So, I had a conversation with our company's CTO - his opinion is you should remember 2 passwords:

1. Password manager's master password

2. Your main email's password (meaning, do not keep your email's password in the vault)

His reasoning is the extra layer of security - if a hacker somehow gains access to your vault, they won't be able to reset majority of the accounts (at least the important ones - like bank and stuff) as they don't have the password for your email.

Additionally, he doesn't store 2FAs in the password manager and cringes every time i tell him i do store my 2FAs in the PM. His thoughts on this - again, extra security - use a separate app like Authy that also has a password so even if someone has gained access to your vault, they won't really be able to reset your password (no access to the email) and they don't have the 2FA.

Sounds like really paranoid to me (yes, it's secure but it's also inconvenient not to mention I tried Authy and I realized i can't get the 2FA key back, what a bummer). Currently, i do store my 2FAs & Email in Enpass. Curious to hear what are your thoughts on this?

Link to comment
Share on other sites

Hello @Dani,

We agree with your CTO. It makes more sense to keep passwords and 2FA codes separate. TOTP secrets are stored in Enpass as a convenience feature (authenticator with autofill, backup) requested by our users for their use cases. For example, some of them use Enpass only to generate one-time codes. To read more about this, visit the discussion

In addition, you can add another layer of security by using a keyfile with the master password. Enpass appends the characters in the keyfile to the master password and uses them together to encrypt your data or to unlock the Enpass app. To make it way more secure, I suggest keeping the Keyfile on a portable drive like a pen drive. visit Enpass Security Whitepaper


Link to comment
Share on other sites

  • 3 weeks later...

Hi @Fadi,

A keyfile can be added to an existing or a new Enpass database while changing/creating the master password. For more information, visit our Keyfile User manual. 

Let me help you with the steps to generate a keyfile:

  1. Open Enpass on your desktop, click Settings > Security > Change master password.
  2. Enter the master password. Click Continue.
  3. At the bottom of the screen, click Advanced.
  4. Click Generate keyfile.
  5. Name the keyfile and save it.
  6. In the Enter New password and Confirm New password fields, enter the master password.
  7. Click Done.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...