AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Lastpass yubikey not working4/27/2023 We have to wait until Yubikey supports all major mobile platforms before promising anything to you. However, Yubikey is not compatible with all mobile devices. So, Enpass is just a tool to decrypt that data for you if you provide correct master password.īut it doesn't mean that we don't want to take our chances with Yubikey. You guys are right saying that we can add Yubikey support by splitting master password in two parts (user provided + static from Yubikey) and definitely the approach will work. However, it is always encrypted with your master password. So, your data is always with you without even a single factor. You are the sole owner of your data as it is on your local disk. While in case of Enpass there is no one controlling your data at other end. Once, you are successfully authenticated, it will send the required data to you or perform any other operations on your behalf. An online services typically authenticate based on username/password and additionally second factor like TOTP etc. In online services, user has to prove his authenticity to service provider (other party) to access the resources. Here I would like to point out how Enpass differs from an online service. Thanks all for your inputs on this matter. So just think for a moment, if any one knows your master password why will he go into hassle of OTP stuff as he just need your database from device and open it using your compromised master password. Also Enpass is an encryption software which recognizes your Master Password as the only key to get your data. Being offline is not a limitation of Enpass but gives you a peace of mind that your data is with you only. Lets consider for a moment, any how Enpass implements TOTP support (again, its a consideration), but how that OTP will be verified through server as we don’t have any information. Two factor authentication is used in online services where the requested data is transmitted after validating the user through a second factor (generally an OTP on phone or email) and works as an extra protection, which is not at all required in case of offline services as your data is with you only. Enpass is an offline password manager and doesn’t keep any of your information or Enpass data on any cloud/server.
0 Comments
Read More
Leave a Reply. |