After using 1Password for a long time, I plan to go back to Enpass, the first password manager I used. This is mainly because multiple vaults are available in the latest Enpass versions.

My 1Password account is secured with a master password, secret key and 2FA. At Enpass I will have to use a keyfile to make the vault just as safe.

But where can I store my keyfile the best and easiest so that I can access it on any device (Windows, Android smartphone, Chromebook)?

It's impossible for hackers to crack the database if they don't have access to the keyfile. The secret key gets appended to the master password so the password will be very long (check the picture). The best way is to keep the keyfile on your device and only the enpass database on your cloud storage.

Correct me if I'm wrong but the only reason to use a keyfile is to ensure that the Enpass database will be safe on your cloud account. 

When hackers get into your device they will find your database and keyfile location, so it's always recommended to use a unique strong master password.

As a backup measure I encrypted the keyfile with AES Crypt: https://www.aescrypt.com/ it's an open source cross platform tool (Windows, Linux, Mac, Android and iOS) to encrypt/decrypt files. So that I can safely store the encrypted keyfile somewhere else like on an other cloud account ,webhosting or work computer (which I have easy access to). Just in case when my house catches fire with all my data and devices.

 

This picture may be out of date.

Edited May 25, 20205 yr by TREMOR

10 hours ago, TREMOR said:

It's impossible for hackers to crack the database if they don't have access to the keyfile. The secret key gets appended to the master password so the password will be very long (check the picture). The best way is to keep the keyfile on your device and only the enpass database on your cloud storage.

Correct me if I'm wrong but the only reason to use a keyfile is to ensure that the Enpass database will be safe on your cloud account. 

When hackers get into your device they will find your database and keyfile location, so it's always recommended to use a unique strong master password.

As a backup measure I encrypted the keyfile with AES Crypt: https://www.aescrypt.com/ it's an open source cross platform tool (Windows, Linux, Mac, Android and iOS) to encrypt/decrypt files. So that I can safely store the encrypted keyfile somewhere else like on an other cloud account ,webhosting or work computer (which I have easy access to). Just in case when my house catches fire with all my data and devices.

 

This picture may also be outdated.

Are there any other ways that could protect the keyfile in the worst case scenario? I don't like to have more passwords to remember.

Maybe a keyfile on an USB stick. But that sucks when you want to use it on your phone.

I like to use a NFC tag for this, but I need to research this and maybe I need help from enpass. 

Hopefully enpass is reading this. We need some kind of hardware keyfile. A keyfile should be something seperate from the device.

Edited May 25, 20205 yr by TREMOR

6 minutes ago, TREMOR said:

Maybe a keyfile on an USB stick. But that sucks when you want tu use it on your phone.

I like to use a NFC sticker for this, but I need to research this and maybe I need help from enpass. 

Hopefully enpass is reading this. We need some kind of hardware keyfile. A keyfile should be something seperate from the device.

An encryption key that you can write down could also be a solution I think. Just like 1Password's Secret Keys.

I don't like to store the keyfile on a USB.

Edited May 25, 20205 yr by Martijn;)

Created a new post for a feature request. I think NFC could be a really good idea when it's encrypted.

Hi @Martijn;)  @TREMOR,

Thanks for writing in.

We have noted down your valuable suggestion and forwarded it to the concerned team for further consideration. Thanks for your feedback!