I assert that a key file, for example, as implemented in KeePass can increase security in the case where there is a keylogger Trojan or clipboard scraper. Eventually, your anti-malware program will eliminate the Trojans but in the meantime it can help in most of those circumstances because keyloggers and clipboard scrapers generate a lot of data to sift, creating a delay practically speaking.
I mention a "key file" because it is something you have that is not a Yubikey. A yubikey outputs keystrokes, which presumably can be captured by a keylogger.
Please note that Master Password does not perform any authentication. The only difference a keyfile could make is to introduce a security factor that is not observable purely by logging the user's input. However, if a system has a key logger installed and running, it is already compromised and the key file itself can not be deemed safe either. If you think a key logger cannot also log your key file's contents, you are likely being a little naive. That said, if you prefer to protect your passwords by means of keys, I would urge you to stop using Master Password, since Master Password will not give you any advantages anymore. You are now using a vault, and Master Password is only useful if you are operating statelessly. Just use KeePass.
But again, you are sacrificing a lot of security in order to gain very little but perhaps the illusion of extra security.
If there is anything you want to me to remove from my last post that
has failed to post post for at least ~16 hours as of now, I'd be
happy to remove it. I put a lot of time into that one and I'd like to
see it posted.
(I would need a copy as I don't have it after I posted it.)
Or if you wish we can discuss it in this email, it doesn't have to be
Maarten Billemont wrote on Wed, 09 May 2018 19:22:39 +0000: