OLLI_S 37 Report post Posted January 13 I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot! 4 Share this post Link to post Share on other sites
OLLI_S 37 Report post Posted January 17 At the Two Factor Auth List (https://twofactorauth.org/) there is a link in the first column that openes an official documentation of the target service. Means: at the entry "Trello" the link openes the documentation https://help.trello.com/article/993-enabling-two-factor-authentication-for-your-trello-account So you could use the website to look up the services and open the link to the official documentation. There is also some source code available at GitHub: https://github.com/2factorauth/twofactorauth Share this post Link to post Share on other sites
Anshu kumar 244 Report post Posted January 18 Hey @OLLI_S, I have noted down your suggestion and forwarded to the concerned desk for further consideration. Cheers! 1 Share this post Link to post Share on other sites
OLLI_S 37 Report post Posted January 18 Thank you @Anshu kumar Do you need a list of Top-10 or Top-20 websites that use TOTP (so you can implement the "suggest 2FA" for these features first)? Share this post Link to post Share on other sites
OLLI_S 37 Report post Posted February 8 (edited) At the Two Factor Auth List (https://twofactorauth.org/) they have some criteria that describe what websites should be added:https://github.com/2factorauth/twofactorauth/blob/master/CONTRIBUTING.md#site-criteria So they do not add all sites. I suggest that you add a new forum section where users can report website that support 2FA and where Enpass does not yet suggest to use 2FA. Edited February 8 by OLLI_S Share this post Link to post Share on other sites
xarekate 11 Report post Posted February 8 At first I thought it might be a nice feature, but on the other hand you have to consider that by updating those lists the Enpass app will establish a connection to the mentioned website (even though I have nothing against them) or even calling home for manual updates. I don’t know if this feature is worth it, playing around with users confidence. On the other hand adding this as an option that you have to proactively enable in the settings (like e.g. notifications about updates) could work, I think. Share this post Link to post Share on other sites
