tag:help.masterpassword.app,2014-09-03:/help/discussions/questions/202-universal-2nd-factorMaster Password: Discussion 2018-05-27T23:50:01Ztag:help.masterpassword.app,2014-09-03:Comment/410729792016-10-25T13:54:42Z2016-10-25T13:54:42ZUniversal 2nd Factor<div><p>There is no advantage that hardware factors can give to the
master password solution.</p></div>Maarten Billemonttag:help.masterpassword.app,2014-09-03:Comment/410729792018-05-09T19:13:42Z2018-05-27T23:50:01ZUniversal 2nd Factor<div><p>I assert that a key file, for example, as implemented in KeePass can increase security in the case where there is a keylogger Trojan or clipboard scraper. Eventually, your anti-malware program will eliminate the Trojans but in the meantime it can help in most of those circumstances because keyloggers and clipboard scrapers generate a lot of data to sift, creating a delay practically speaking.</p>
<p>I mention a "key file" because it is something you have that is not a Yubikey. A yubikey outputs keystrokes, which presumably can be captured by a keylogger.</p></div>charliembtag:help.masterpassword.app,2014-09-03:Comment/410729792018-05-09T19:15:58Z2018-05-09T19:15:58ZUniversal 2nd Factor<div><p>Feel free to expand on your assertion with proof or a methodology.</p></div>Maarten Billemonttag:help.masterpassword.app,2014-09-03:Comment/410729792018-05-09T19:22:36Z2018-05-09T19:22:36ZUniversal 2nd Factor<div><p>Please note that Master Password does not perform any authentication. The only difference a keyfile could make is to introduce a security factor that is not observable purely by logging the user's input. However, if a system has a key logger installed and running, it is already compromised and the key file itself can not be deemed safe either. If you think a key logger cannot also log your key file's contents, you are likely being a little naive. That said, if you prefer to protect your passwords by means of keys, I would urge you to stop using Master Password, since Master Password will not give you any advantages anymore. You are now using a vault, and Master Password is only useful if you are operating statelessly. Just use KeePass.</p>
<p>But again, you are sacrificing a lot of security in order to gain very little but perhaps the illusion of extra security.</p></div>Maarten Billemonttag:help.masterpassword.app,2014-09-03:Comment/410729792018-05-10T15:46:05Z2018-05-27T23:50:01ZUniversal 2nd Factor<div><p>Hi Maarten</p>
<p>If there is anything you want to me to remove from my last post that<br>
has failed to post post for at least ~16 hours as of now, I'd be<br>
happy to remove it. I put a lot of time into that one and I'd like to<br>
see it posted.</p>
<p>(I would need a copy as I don't have it after I posted it.)</p>
<p>Or if you wish we can discuss it in this email, it doesn't have to be<br>
public.</p>
<p>Charlie</p>
<p>Maarten Billemont wrote on Wed, 09 May 2018 19:22:39 +0000:</p></div>charliemb