Option of signing in with pincode instead of master password
-Option of signing in with pincode(4 to 8 characters) instead/together of master password
-Option to backup of KeyEntries encrypted with a pincode
Comments
-
Hello,
Sorry for my opinion.
If such a pincode instead of master password - then I think that this option will completely reduce security of F-Secure KEY and importance of masterpassword itself.
Just because, it is just like a masterpassword (four to eight characters). Although it can be a good option to "extract" entries (where full master password is requested). But, in general, such action should not be too often; and.. maybe master password there is much more suitable for security meanings.
I think that for situations with brief access to F-Secure KEY after first "unlock" - there is an option "keep KEY unlocked" certain time.
Furthermore, I think that QR Code (Recovery Password) is something as such proposed pincode (when you do not want to type masterpassword. but possible to use 'stored' on device picture. In general, I think it is even more secure than ability to unlock KEY with four-eight pincode).
Sorry for my opinion. And sorry if I do not understan where it can be useful and why it is not possible to replace by something else. Or why current design is not enough.
Thanks!
-
Thus, it will protect against re-use pincode on another machine / system for access to stored data on localstorage (entries database) by malicious intends. Probably.
And, maybe, it means that pincode should be unique for each user's device. Otherwise it is just as a masterpassword probably (as second one - it is good, in fact. As an addition and not as a replacement).
But what about protection against re-use it on user's machine? With meanings - someone with access to user's device?
With current design - need to know masterpassword (or to re-use QR Code / Recovery code - which are not expected to be stored on device and is not recommended). Or to hack / crack F-Secure KEY.
With pincode (four to eight characters) - someone able to try guess pincode.
Potential protection is something like more strong (then with current design for masterpassword) limits for tries. And block after "some" wrong attempts.
With Windows system (where pincode is available as replacement to password for some activities) - I feel that such thing is useful. But with F-Secure KEY - is it useful? Or it is about fully replacement masterpassword (not as an "additional" option)?
Also, "shorter" pincode is for brief access to F-Secure KEY? Not need to remember strong / long master password (or even to type it)? Or there is something else?
Sorry for my English.
Thanks!
