I assert that a key file, for example, as implemented in KeePass can increase security in the case where there is a keylogger Trojan or clipboard scraper. Eventually, your anti-malware program will eliminate the Trojans but in the meantime it can help in most of those circumstances because keyloggers and clipboard scrapers generate a lot of data to sift, creating a delay practically speaking.
I mention a "key file" because it is something you have that is not a Yubikey. A yubikey outputs keystrokes, which presumably can be captured by a keylogger.
Please note that Master Password does not perform any authentication. The only difference a keyfile could make is to introduce a security factor that is not observable purely by logging the user's input. However, if a system has a key logger installed and running, it is already compromised and the key file itself can not be deemed safe either. If you think a key logger cannot also log your key file's contents, you are likely being a little naive. That said, if you prefer to protect your passwords by means of keys, I would urge you to stop using Master Password, since Master Password will not give you any advantages anymore. You are now using a vault, and Master Password is only useful if you are operating statelessly. Just use KeePass.
But again, you are sacrificing a lot of security in order to gain very little but perhaps the illusion of extra security.
on 10 May, 2018 03:46 PM
If there is anything you want to me to remove from my last post that
has failed to post post for at least ~16 hours as of now, I'd be
happy to remove it. I put a lot of time into that one and I'd like to
see it posted.
(I would need a copy as I don't have it after I posted it.)
Or if you wish we can discuss it in this email, it doesn't have to be
Maarten Billemont wrote on Wed, 09 May 2018 19:22:39 +0000: