Jump to content

Recommended Posts

I talked with a colleague about password managers and he suggested 1Password.
On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password.

One feature is very interesting and increasing the security:
They show which sites in your vault support TOTP but the user has not set up TOTP.

Here is a screenshot from the 1Password site:

watchtower.5b23f657d18e0108d000f4a30e98c

Suggestion

In Enpass add the entry "Missing TOTP" in the section "Password Audit".
Here you should show all password entries, where TOTP is possible but not set up by the user.

Here is a list of services that support TOTP: https://twofactorauth.org/

We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities.
This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. 

So this feature increases the security a lot!

  • Like 4

Share this post


Link to post
Share on other sites

At the Two Factor Auth List (https://twofactorauth.org/) there is a link in the first column that openes an official documentation of the target service.
Means: at the entry "Trello" the link openes the documentation https://help.trello.com/article/993-enabling-two-factor-authentication-for-your-trello-account

So you could use the website to look up the services and open the link to the official documentation.

There is also some source code available at GitHub: https://github.com/2factorauth/twofactorauth

Share this post


Link to post
Share on other sites

At the Two Factor Auth List (https://twofactorauth.org/) they have some criteria that describe what  websites should be added:
https://github.com/2factorauth/twofactorauth/blob/master/CONTRIBUTING.md#site-criteria

So they do not add all sites.

I suggest that you add a new forum section where users can report website that support 2FA and where Enpass does not yet suggest to use 2FA.

Edited by OLLI_S

Share this post


Link to post
Share on other sites

At first I thought it might be a nice feature, but on the other hand you have to consider that by updating those lists the Enpass app will establish a connection to the mentioned website (even though I have nothing against them) or even calling home for manual updates. 

I don’t know if this feature is worth it, playing around with users confidence. 

 

On the other hand adding this as an option that you have to proactively enable in the settings (like e.g. notifications about updates) could work, I think. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×