OLLI_S Posted January 13, 2019 Report Share Posted January 13, 2019 (edited) I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot! Edited February 20, 2019 by OLLI_S 4 Link to comment Share on other sites More sharing options...
OLLI_S Posted January 17, 2019 Author Report Share Posted January 17, 2019 At the Two Factor Auth List (https://twofactorauth.org/) there is a link in the first column that openes an official documentation of the target service. Means: at the entry "Trello" the link openes the documentation https://help.trello.com/article/993-enabling-two-factor-authentication-for-your-trello-account So you could use the website to look up the services and open the link to the official documentation. There is also some source code available at GitHub: https://github.com/2factorauth/twofactorauth Link to comment Share on other sites More sharing options...
Anshu kumar Posted January 18, 2019 Report Share Posted January 18, 2019 Hey @OLLI_S, I have noted down your suggestion and forwarded to the concerned desk for further consideration. Cheers! 1 Link to comment Share on other sites More sharing options...
OLLI_S Posted January 18, 2019 Author Report Share Posted January 18, 2019 Thank you @Anshu kumar Do you need a list of Top-10 or Top-20 websites that use TOTP (so you can implement the "suggest 2FA" for these features first)? Link to comment Share on other sites More sharing options...
OLLI_S Posted February 8, 2019 Author Report Share Posted February 8, 2019 (edited) At the Two Factor Auth List (https://twofactorauth.org/) they have some criteria that describe what websites should be added:https://github.com/2factorauth/twofactorauth/blob/master/CONTRIBUTING.md#site-criteria So they do not add all sites. I suggest that you add a new forum section where users can report website that support 2FA and where Enpass does not yet suggest to use 2FA. Edited February 8, 2019 by OLLI_S Link to comment Share on other sites More sharing options...
xarekate Posted February 8, 2019 Report Share Posted February 8, 2019 At first I thought it might be a nice feature, but on the other hand you have to consider that by updating those lists the Enpass app will establish a connection to the mentioned website (even though I have nothing against them) or even calling home for manual updates. I don’t know if this feature is worth it, playing around with users confidence. On the other hand adding this as an option that you have to proactively enable in the settings (like e.g. notifications about updates) could work, I think. Link to comment Share on other sites More sharing options...
OLLI_S Posted February 23, 2019 Author Report Share Posted February 23, 2019 Hello, by the way: the Two Factor Auth List (https://twofactorauth.org) have also a JSON file that contains all data:https://twofactorauth.org/data.json So this file can easily be used to check what websites of the user support 2FA by Authenticator Code. Her the following data is relevant: "software":true So it should be easy to implement. Best regards OLLI Link to comment Share on other sites More sharing options...
OLLI_S Posted March 6, 2019 Author Report Share Posted March 6, 2019 (edited) Hello, just a side note: 1Password also uses the Two Factor Auth List (https://twofactorauth.org/) as you can see in the screen shot in the first posting. Using this list means that you don't have to update a list of pages that use 2FA, you just use an existing list. You just have to write that the data is from an external source (like 1Password did it). 1Password also displays a link to the instructions (how to set up 2FA). I think they open the link to the instructions that is provided by the Two Factor Auth List too. Best regards OLLI Edited March 6, 2019 by OLLI_S Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now