Skip to content
View in the app

A better way to browse. Learn more.
Enpass Discussion Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
We’re on Reddit now, Come and join us there!!

Storing 2FAs & Main email password in your vault (Discussion)

Dani
in Data Security

Featured Replies

So, I had a conversation with our company's CTO - his opinion is you should remember 2 passwords:

1. Password manager's master password

2. Your main email's password (meaning, do not keep your email's password in the vault)

His reasoning is the extra layer of security - if a hacker somehow gains access to your vault, they won't be able to reset majority of the accounts (at least the important ones - like bank and stuff) as they don't have the password for your email.

Additionally, he doesn't store 2FAs in the password manager and cringes every time i tell him i do store my 2FAs in the PM. His thoughts on this - again, extra security - use a separate app like Authy that also has a password so even if someone has gained access to your vault, they won't really be able to reset your password (no access to the email) and they don't have the 2FA.

Sounds like really paranoid to me (yes, it's secure but it's also inconvenient not to mention I tried Authy and I realized i can't get the 2FA key back, what a bummer). Currently, i do store my 2FAs & Email in Enpass. Curious to hear what are your thoughts on this?

Hello @Dani,

We agree with your CTO. It makes more sense to keep passwords and 2FA codes separate. TOTP secrets are stored in Enpass as a convenience feature (authenticator with autofill, backup) requested by our users for their use cases. For example, some of them use Enpass only to generate one-time codes. To read more about this, visit the discussion

In addition, you can add another layer of security by using a keyfile with the master password. Enpass appends the characters in the keyfile to the master password and uses them together to encrypt your data or to unlock the Enpass app. To make it way more secure, I suggest keeping the Keyfile on a portable drive like a pen drive. visit Enpass Security Whitepaper

SI-2675

  • 3 weeks later...

@Manish Chokwal How do we create a keyfile? Can we generate it for already in-use database? Or do we have to create new database for keyfile to be generated?

Hi @Fadi,

A keyfile can be added to an existing or a new Enpass database while changing/creating the master password. For more information, visit our Keyfile User manual. 

Let me help you with the steps to generate a keyfile:

  1. Open Enpass on your desktop, click Settings > Security > Change master password.
  2. Enter the master password. Click Continue.
  3. At the bottom of the screen, click Advanced.
  4. Click Generate keyfile.
  5. Name the keyfile and save it.
  6. In the Enter New password and Confirm New password fields, enter the master password.
  7. Click Done.

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.