Universal 2nd Factor

GLopes's Avatar

GLopes

25 Oct, 2016 10:01 AM

Do you support U2F authentication? https://fidoalliance.org/
Using for instance Yubikey devices?

Thanks

  1. Support Staff 1 Posted by Maarten Billemo... on 25 Oct, 2016 01:54 PM

    Maarten Billemont's Avatar

    There is no advantage that hardware factors can give to the master password solution.

  2. 2 Posted by charliemb on 09 May, 2018 07:13 PM

    charliemb's Avatar

    I assert that a key file, for example, as implemented in KeePass can increase security in the case where there is a keylogger Trojan or clipboard scraper. Eventually, your anti-malware program will eliminate the Trojans but in the meantime it can help in most of those circumstances because keyloggers and clipboard scrapers generate a lot of data to sift, creating a delay practically speaking.

    I mention a "key file" because it is something you have that is not a Yubikey. A yubikey outputs keystrokes, which presumably can be captured by a keylogger.

  3. Support Staff 3 Posted by Maarten Billemo... on 09 May, 2018 07:15 PM

    Maarten Billemont's Avatar

    Feel free to expand on your assertion with proof or a methodology.

  4. Support Staff 4 Posted by Maarten Billemo... on 09 May, 2018 07:22 PM

    Maarten Billemont's Avatar

    Please note that Master Password does not perform any authentication. The only difference a keyfile could make is to introduce a security factor that is not observable purely by logging the user's input. However, if a system has a key logger installed and running, it is already compromised and the key file itself can not be deemed safe either. If you think a key logger cannot also log your key file's contents, you are likely being a little naive. That said, if you prefer to protect your passwords by means of keys, I would urge you to stop using Master Password, since Master Password will not give you any advantages anymore. You are now using a vault, and Master Password is only useful if you are operating statelessly. Just use KeePass.

    But again, you are sacrificing a lot of security in order to gain very little but perhaps the illusion of extra security.

  5. 5 Posted by charliemb on 10 May, 2018 03:46 PM

    charliemb's Avatar

    Hi Maarten

    If there is anything you want to me to remove from my last post that
    has failed to post post for at least ~16 hours as of now, I'd be
    happy to remove it. I put a lot of time into that one and I'd like to
    see it posted.

    (I would need a copy as I don't have it after I posted it.)

    Or if you wish we can discuss it in this email, it doesn't have to be
    public.

    Charlie

    Maarten Billemont wrote on Wed, 09 May 2018 19:22:39 +0000:

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

21 Oct, 2018 08:02 PM
20 Oct, 2018 06:47 PM
16 Oct, 2018 11:17 PM
13 Oct, 2018 10:24 AM
10 Oct, 2018 11:48 PM

 

09 Oct, 2018 01:17 PM
07 Oct, 2018 05:48 PM
05 Oct, 2018 09:22 AM
02 Oct, 2018 10:22 AM
01 Oct, 2018 10:37 AM
30 Sep, 2018 01:07 PM