Forum / Devolutions Password Hub - Feature Request

YubiKey support

  • Create an Issue
  • Cancel

Would be really cool to have Yubikey (or some other kind) support so you can put your Vault password in an actual vault and use your Yubikey smile

Much safer then having a Vault password laying around

Clock4 mths

Hi Michel,

There are some 2FA options that you can set on your Devolutions account which is main authentification to access the Password Hub.
You can configure your Two-Step verification in your Devolutions account : https://account.devolutions.com/
See prnt scr attach.

We have our own Push Authentificator,
APP Authentificator: Devolutions , Google, Microsoft and Authy
Email
SMS

You must know also that we are planning to add more in 2020.

TIP: In Password Hub you can also Enforce the 2-Step verification" go in Administration/System settings

Give it a try.
Thank you for using our Forum.


Account two-step.png
Clock4 mths

Yes, i know. Thank you.

I see this as 2 different things:


1) Accessing my account
2) Accessing my vault(s)

So i'm logging into my account super secure with 2FA and then accessing my vault with a password (master key) seems odd to me, because where do i store my super secret Vault encryption key smile It would be awesome to have something like a yubikey or OTP or something, with my Vault key stored in a safe place for backup purposes. i know even Keepass has a plugin for yubikey.

Clock4 mths

Hi Michel,

Your account serves for authentication and authorization to your Password Hub.
Your master key serves as an encryption layer over your data, so that we, Devolutions, can not access your real data.

With that being said, I understand your concern. We will discuss it and see what we can do.

Meanwhile, if you are afraid of forgetting or losing your master key, our mobile applications allow you to securely save your master key in your devices. You can then unlock your vaults on your mobile device with your fingerprint or face. (Only works in the mobile app; no mobile app to web integration yet.)

If you have any other concerns, let us know.

Have a good day!


Maxime Morin

signaturesignature

Clock4 mths

Hi Maxime,

Thats great ! The more secure the better. Is it then also that if for some reason data is leaked they can't access my credentials ?
Or if a government wants to access the data you are unable to reverse the encryption ? Even if they forced you to that ?

But thanks for looking into this !

I am not afraid of losing my master key, but i always need to have my super insane Vault key somewhere to access my other insane passwords wink


Clock4 mths

Hi Michel,

Is it then also that if for some reason data is leaked they can't access my credentials ?
Yes, your sensitive data is encrypted.

Or if a government wants to access the data you are unable to reverse the encryption ?
Yes, we are unable to reverse the encryption without your master key.

Even if they forced you to that ?
They could force us to brute force the encryption, but that's currently technically not viable.
https://en.wikipedia.org/wiki/Brute-force_attack#Theoretical_limits

Have a good day!

Maxime Morin

signaturesignature

Clock4 mths