Jump to content
boistordu

yubikey support

By boistordu, in Feature requests

Recommended Posts

boistordu    8

boistordu
Posted

I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this:

 

We know that it should be for web app but if you say was the ONLY usecase then

-> we wouldn't use it to auth in windows 7 locally

-> we wouldn't use it to auth in keepass locally

-> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY

Should I continue?

Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager.

We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.

 

  • Like 7

Share this post

Link to post
Share on other sites

Gabor_O    5

Gabor_O
Posted

+1

Would be nice to use my 2FA security key (yubico) to open/unlock the vaults. Even on mobile with NFC or even if I have more than one 2FA keys. I mean assign more than one yubikey to the vault.

  • Like 1

Share this post

Link to post
Share on other sites

grimneko    2

grimneko
Posted (edited)

I would love also to see support for Yubikey token devices, especially since as Apple opened the NFC interface to allow apps to read. And Yubico also provides a SDK for dealing with it on iOS. With that the suggestion that not all mobile plattforms are supported (probably cause of iOS) does fall in my eyes, since majority devices does feature NFC or a USB port, making it useful for probably over 90% of the Enpass users. What I have in mind for the use would be the choice of a dual auth (so you can use your passphase OR the token) or a combined auth (user passphase and a token from the yubikey). The dual auth variation would be nice for my parents, since we had it already that they forgot the passphase and we had to redo all... thank god it was at the beginning and still easy to readd everything.

Besides not all Macs come with a TouchID, so this could give us the same benefit as the TouchID fellows. Also I wouldnt mind it being a premium feature, I mean after all its work and that needs to be rewarded.

Edited by grimneko

Share this post

Link to post
Share on other sites

Lauri K    2

Lauri K
Posted

+1 from me as well.

Yubikey is working well in offline environment. I don't see any technical reason why U2F or challenge-response mode would not be suitable for the Enpass.
I agree - for redundancy there has to be second option to open vault besides Yubikey (or any other hardware token). Otherwise loosing HW token would render your vault inaccessible.
It could be master password, second HW token, etc.

Share this post

Link to post
Share on other sites

lnh    0

lnh
Posted

Lack of U2F support is the one thing keeping me from switching to Enpass. Should be supported on both mobile and desktop.

Share this post

Link to post
Share on other sites

likarum    1

likarum
Posted

I don't understand the link between yubikey and Windows Hello.

And if they include a 2FA with a yubikey, the goal is for a professional usage, and of course must include Linux/Mac (without windows hello of course)

Share this post

Link to post
Share on other sites

pyro57    0

pyro57
Posted

I'll give a plus one to this... or if you use Enpass on Linux somehow integrating with PAM would work too.  Like being able to use PAM's authentication to unlock enpass databases based on user.  If you did that then Yubikey would work (or any U2F key for that matter) as would fingerprint (if you have one that works with Linux) or Windows hello style ir camera facial unlock, (thank you Howdy for this btw works great!)

Share this post

Link to post
Share on other sites

AnthonyB    0

AnthonyB
Posted

It looks like there's nothing on the horizon from Enpass to support Yubikeys. While I love Enpass, it looks like time to head over to Lastpass. I don't mind paying USD$36/yr for the Yubikey support.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing
×
×
  • Create New...