Option of signing in with pincode instead of master password

JOnes
JOnes Posts: 411 Rock Star

-Option of signing in with pincode(4 to 8 characters) instead/together  of master password

-Option to backup of KeyEntries encrypted with a pincode

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my opinion.

     

    If such a pincode instead of master password - then I think that this option will completely reduce security of F-Secure KEY and importance of masterpassword itself.

    Just because, it is just like a masterpassword (four to eight characters). Although it can be a good option to "extract" entries (where full master password is requested). But, in general, such action should not be too often; and.. maybe master password there is much more suitable for security meanings.

     

    I think that for situations with brief access to F-Secure KEY after first "unlock" - there is an option "keep KEY unlocked" certain time.

    Furthermore, I think that QR Code (Recovery Password) is something as such proposed pincode (when you do not want to type masterpassword. but possible to use 'stored' on device picture. In general, I think it is even more secure than ability to unlock KEY with four-eight pincode).

     

    Sorry for my opinion. And sorry if I do not understan where it can be useful and why it is not possible to replace by something else. Or why current design is not enough.

     

    Thanks!

  • JOnes
    JOnes Posts: 411 Rock Star

    In order to " increase security" there's could be a user-id/pincode pair to open the security wallet(key premium) and/or  mandatory master key Qr code/key entries backup  creation facility.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Thus, it will protect against re-use pincode on another machine / system for access to stored data on localstorage (entries database) by malicious intends. Probably.

    And, maybe, it means that pincode should be unique for each user's device. Otherwise it is just as a masterpassword probably (as second one - it is good, in fact. As an addition and not as a replacement).

     

    But what about protection against re-use it on user's machine? With meanings - someone with access to user's device?

    With current design - need to know masterpassword (or to re-use QR Code / Recovery code - which are not expected to be stored on device and is not recommended). Or to hack / crack F-Secure KEY.

    With pincode (four to eight characters) - someone able to try guess pincode.

    Potential protection is something like more strong (then with current design for masterpassword) limits for tries. And block after "some" wrong attempts.

    With Windows system (where pincode is available as replacement to password for some activities) - I feel that such thing is useful. But with F-Secure KEY - is it useful? Or it is about fully replacement masterpassword (not as an "additional" option)?

     

    Also, "shorter" pincode is for brief access to F-Secure KEY? Not need to remember strong / long master password (or even to type it)? Or there is something else?

     

    Sorry for my English.

     

    Thanks!

  • JOnes
    JOnes Posts: 411 Rock Star

    Well,the ultimate "truth(best possible)" is allways a compromise between strict security and smooth usability.Some improvements with usability with key

    premium product would be expected with pleasure...