9/19/2023 0 Comments Chess enpass![]() ![]() ![]() I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know. even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives.Īlso please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault. It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it. I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. I am a security researcher and i know what i am talking about. So when a hacker have access to a pc having enpass keyfile does not make it secure. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. There is no option to set or change default primary vault if i want to.Ģ: Even if you have created primary vault with enpass key it can be hacked very easily. As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share.ġ: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |