Jump to content

yubikey support

Recommended Posts

I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this:


We know that it should be for web app but if you say was the ONLY usecase then

-> we wouldn't use it to auth in windows 7 locally

-> we wouldn't use it to auth in keepass locally

-> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY

Should I continue?

Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager.

We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.


  • Like 6

Share this post

Link to post
Share on other sites


Would be nice to use my 2FA security key (yubico) to open/unlock the vaults. Even on mobile with NFC or even if I have more than one 2FA keys. I mean assign more than one yubikey to the vault.

  • Like 1

Share this post

Link to post
Share on other sites

I would love also to see support for Yubikey token devices, especially since as Apple opened the NFC interface to allow apps to read. And Yubico also provides a SDK for dealing with it on iOS. With that the suggestion that not all mobile plattforms are supported (probably cause of iOS) does fall in my eyes, since majority devices does feature NFC or a USB port, making it useful for probably over 90% of the Enpass users. What I have in mind for the use would be the choice of a dual auth (so you can use your passphase OR the token) or a combined auth (user passphase and a token from the yubikey). The dual auth variation would be nice for my parents, since we had it already that they forgot the passphase and we had to redo all... thank god it was at the beginning and still easy to readd everything.

Besides not all Macs come with a TouchID, so this could give us the same benefit as the TouchID fellows. Also I wouldnt mind it being a premium feature, I mean after all its work and that needs to be rewarded.

Edited by grimneko

Share this post

Link to post
Share on other sites

+1 from me as well.

Yubikey is working well in offline environment. I don't see any technical reason why U2F or challenge-response mode would not be suitable for the Enpass.
I agree - for redundancy there has to be second option to open vault besides Yubikey (or any other hardware token). Otherwise loosing HW token would render your vault inaccessible.
It could be master password, second HW token, etc.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now