Removing the hard drive from your computer wouldn't change anything, it would actually better hide the key file, as it can only be revealed through the Cryptomator app! On starting the computer, you and or a potential thief, would need, your Enpass master password, and your Cryptomator password, for that vault, to open/decrypt your Enpass vault. Simply turning your computer off would lock the Cryptomator vault and re-encrypt the key file. Open Enpass and point it to the new key file location.Ĭryptomator can be set to a timeout (locking all vaults), or remain open until the computer is shut down. Create a Cryptomator vault (folder) on your computer, choose an appropriate password, unlock the Cryptomator vault and place your Enpass key file inside the revealed folder. If Enpass can't find/read the key file, the vault won't open even with the master password.Įncryption could be as basic as a password-protected zip, but a more robust set up is via Cryptomator. However, if you are concerned about your computer, Enpass vault and master password, falling into the wrong hands, it's possible to add another layer of security, a second factor if you will, to your vault.Īdd Enpass's key file to your vault, as normal, then use an encryption tool, to encrypt the key file. For more information, please do reply to us at we are just an email away!Īs mentioned by Steve Hansen, it's technically not possible to use 2FA (as in TOTP authentication), to secure an encrypted vault, physically stored on your computer. Your patience and loyalty in being with us are always appreciated. In response to your feedback, I've already informed Enpass' development team about adding Multi-Factor Authentication to Enpass Vaults, Unfortunately, I'm not yet able to provide a specific timeframe for this particular feature request since a variety of factors influence the removal, implementation, or improvement of an app feature (feasibility, demand, or other factors). Additionally, we offer our users the option of adding a Keyfile as an additional layer of security. We always strive to improve our app, based on regular customer feedback, so that it meets every user's needs.Īs mentioned previously, Enpass' data is fully encrypted by 256-bit AES encryption with 100,000 rounds of PBKDF2-HMAC-SHA512 using the peer-reviewed and open-source encryption engine SQLCipher, an open-source, peer-reviewed encryption engine. I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know.
#Enpass in chess Pc#
even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives.Īlso please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault.
#Enpass in chess password#
It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it.
I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. I am a security researcher and i know what i am talking about. So when a hacker have access to a pc having enpass keyfile does not make it secure. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. There is no option to set or change default primary vault if i want to.Ģ: Even if you have created primary vault with enpass key it can be hacked very easily. As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share.ġ: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key.
0 kommentar(er)
