Dani Posted March 13, 2022 Report Share Posted March 13, 2022 So, I had a conversation with our company's CTO - his opinion is you should remember 2 passwords: 1. Password manager's master password 2. Your main email's password (meaning, do not keep your email's password in the vault) His reasoning is the extra layer of security - if a hacker somehow gains access to your vault, they won't be able to reset majority of the accounts (at least the important ones - like bank and stuff) as they don't have the password for your email. Additionally, he doesn't store 2FAs in the password manager and cringes every time i tell him i do store my 2FAs in the PM. His thoughts on this - again, extra security - use a separate app like Authy that also has a password so even if someone has gained access to your vault, they won't really be able to reset your password (no access to the email) and they don't have the 2FA. Sounds like really paranoid to me (yes, it's secure but it's also inconvenient not to mention I tried Authy and I realized i can't get the 2FA key back, what a bummer). Currently, i do store my 2FAs & Email in Enpass. Curious to hear what are your thoughts on this? Link to comment Share on other sites More sharing options...
Manish Chokwal Posted March 14, 2022 Report Share Posted March 14, 2022 Hello @Dani, We agree with your CTO. It makes more sense to keep passwords and 2FA codes separate. TOTP secrets are stored in Enpass as a convenience feature (authenticator with autofill, backup) requested by our users for their use cases. For example, some of them use Enpass only to generate one-time codes. To read more about this, visit the discussion. In addition, you can add another layer of security by using a keyfile with the master password. Enpass appends the characters in the keyfile to the master password and uses them together to encrypt your data or to unlock the Enpass app. To make it way more secure, I suggest keeping the Keyfile on a portable drive like a pen drive. visit Enpass Security Whitepaper. SI-2675 Link to comment Share on other sites More sharing options...
Fadi Posted April 5, 2022 Report Share Posted April 5, 2022 @Manish Chokwal How do we create a keyfile? Can we generate it for already in-use database? Or do we have to create new database for keyfile to be generated? Link to comment Share on other sites More sharing options...
Manish Chokwal Posted April 5, 2022 Report Share Posted April 5, 2022 Hi @Fadi, A keyfile can be added to an existing or a new Enpass database while changing/creating the master password. For more information, visit our Keyfile User manual. Let me help you with the steps to generate a keyfile: Open Enpass on your desktop, click Settings > Security > Change master password. Enter the master password. Click Continue. At the bottom of the screen, click Advanced. Click Generate keyfile. Name the keyfile and save it. In the Enter New password and Confirm New password fields, enter the master password. Click Done. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now