So I'm pretty pissed about your ideology guys. Yes this post will seem to be from some rant but I think if you go pass that you will understand that there is a real lack of features for a lot of use case.
1/ there is no section on your forum about your forum itself besides of lounge and there is no place either to discuss your actual global model of security. You are not anymore a platform by platform password manager but since you are asking or at least encouraging for a subscription then you are becoming a general cross platform, so it should be a place to discuss that and not under windows, mac or even the different kind of subscription like families or teams.
2/how the average user is supposed to login?
You ask for the user to enter a login + secret key + a password. Which is the same as for cisco login(which is bad actually).
So are you guessing that in every cybercafe, in every classroom, in every work room they use only TN monitor or that the screen are not in front of anyone else ?
This secret key is never encrypted with dots on your website. It would have been the least you could have done.
How does it prevent anyone to rewrite my secret key on a piece of paper? Didn't you learn anything about the famous post-it on the screen security breach ?
You are gonna say "yeah but you have your password" -> Gosh, really guys? So because you have some "basic" redundancy, it prevents you to implement some Serious security measures?
Or maybe your point of view is that you are enforcing people to buy their own equipment and to always travel with it?.... Don't you think it is a bit elitist? or not empathetic about the vast majority of people in the world? Maybe your platform is only reserved to the rich western occidental elite? (Yes I'm forcing the trait on purpose).
So I've read here that your CSO, is thinking that 2 factor is not necessary. Yeah ... what can I say to that non-sense. It's only ideology on his behalves.
Why is that? on the simple usecase I described before.
And don't think that your 2-factor on the phone is enough just because it offer some redundancy.
It is not.
Mailbox.org for example, have implemented a real 2 factor identification with a pincode + the yubikey output int the password case.
If you want to retrieve your account, nothing more simple, you enter your master password on a secure computer and you get access again to your account if you lost your yubikey for example.
That's how it should be everywhere.
You don't want to put in front of other people your secret key, it's something you should use on secure computers only and/or to retrieve access to your hijacked account or something like that. That's what it should be the behavior here.
And for the least, the secret key should be encrypted with dots!
Are you really making people buy their own equipment and exclude people who need to use cybercafes, shared work's computers, open-space computers,...? You are not developing an app for you and your usecase only or your work environment, think about other environment!
With the approach of mailbox.org, you get rid of -> eyes-peaking, camera problems, malware problems, remote desktop problems.
With your approach, it needs only one malicious guy with more or less no tech-skill to steal all your information and your phone if you activate the "pseudo" 2FA.
So I really don't know why you don't implement that.
The only argument I can be empathetic with, of course, is that you would need to delay for a few days other projects to implement that. But Don't dramatize it too much guys. You are a very efficient team -> you have developed in just a few days a project on github about the Troy Hunt project so don't get drama queen about that <- and all the sufficient APIs are out there for implementing that without any problem even free of charge!
So what's the real problem here? some ideology?
It's like the CON- PIN CODE ideology. You have stated many times that it wouldn't be secure enough because of malware and keylogger or anything like that. But again you seem to not projecting yourself into the real world. Somewhere outside from your routine of programmers or canadian or actually middle-high social class.
a Pin code is NOT less secure. Why?
Because you don't need to think it as a basic monkey guys.
Enpass does implement it as a one-time (acceptance) error shortcut. again it's not about being infected by a malware or a keylogger. The usecase is eye peaking.
At this stage of development of your platform, the only possible usecase is to get access from very secure computers and no public computers at all.
With the pin code + yubikey or something else approach, you just expose the pincode to the outside world. That's why pin code are useful. For shortcutting and for some security mitigation.
And every mitigation you can add to a vault is a good mitigation!
The only actual solution for the moment for me when I can't access to my equipment and I need some password, and yes my password are in general 64 char long so not possible to retype them, is to connect to a mail server with a true 2 factor auth client side and send the codes from my phone to this mailbox. Do you find that a good solution? of course not, but you don't let any other solutions to your users. Which is clearly bad. And your behavior where you always neglect the positive and constructive way to improve your platform is a really really aggressive behavior. Not accepting a development just because of internal debate inside the company about some ideology... Guys, I don't get you, are you really developing something for people or your marketers did only segment this product for high middle class people?
And don't answer to that post if it's to find new excuses because there are actually none since I'm myself working as in the same field and besides ideology there are no other good reasons since you've proven that your past excuses were not so true.
I can give you plenty of places where it is actually a bad emplacement to use your system as it is right now. most of the cybercafe in paris, brussels. most of the department in the transportation companies in benelux and france because you can't connect your equipment to the internal network for security reasons and you need to share computers, arms dealing society where again you can't bring equipment and when you are not a higher up member because of the sharing issues, nearly any police stations when you are just a policemen and not an inspector, and I can go on and on like that for hours.
Think about it and please stop those internal debate and do some actual ground work by let it tested by the beta testers or something.
And that post should be going into a dedicated area where we are discussing the threat models and not only business or families or anything else because it applies to anyone.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:How are we suppose to from a public computer -> pincode or yubikey support