Lesspass: FIDO U2F for multifactor auth?
In addition to the master password, I'd love to see support for FIDO U2F open authentication standard protocol for 2 factor authentication (e.g. see https://developers.yubico.com/U2F/Libraries/List_of_libraries.html for libraries.) Could this get on the roadmap?
cboettig
All 7 comments
@cboettig I always wanted to add a physical dongle with open hardware associated with LessPass. I did not know FIDO U2F before. I will look at it.
Thank you for this request
guillaumevincent
on 23 Jan 2017
@cboettig we bought two FIDO U2F Security Key from Yubico to see if we can innovate in this area
guillaumevincent
on 16 Feb 2017
oncletom
on 9 May 2018
Hi. If I understand it correctly, this 2 factor authentication can be used for the database that stores metadata such as site name, username, and password options. I can't think of a way to use it for password generation which is the actually important thing in LessPass. Could you clarify that?
jaeyeom
on 6 Sep 2018
Yes, you could imagine protecting your authentication to the LessPass Database with your key.
But we can imagine also using the key to generate your master password easily.
I admit this is an area where we need to experiment to see what is possible.
guillaumevincent
on 6 Sep 2018
@guillaumevincent you can probably use RSA keys like Nitrokey Pro to store master password or to encrypt the password :) you can also look into OpenKeychain Android app, you can even sign into ssh with it :) with termbot
JLarky
on 2 Oct 2018
I close this one for now
LessPass is developped during our free time. LessPass database don't save some sensitive information. We will probably never have some time for this one. Low priority
guillaumevincent
on 12 Dec 2018
Related issues
guillaumevincent
·
4Comments
panther2
·
5Comments
jparsert
·
3Comments
panther2
·
5Comments
fulldecent
·
3Comments
Most helpful comment
@cboettig we bought two FIDO U2F Security Key from Yubico to see if we can innovate in this area