FIDO U2F for multifactor auth?

[cboettig]

In addition to the master password, I'd love to see support for FIDO U2F open authentication standard protocol for 2 factor authentication (e.g. see https://developers.yubico.com/U2F/Libraries/List_of_libraries.html for libraries.) Could this get on the roadmap?

[guillaumevincent]

@cboettig I always wanted to add a physical dongle with open hardware associated with LessPass. I did not know FIDO U2F before. I will look at it.

Thank you for this request

[guillaumevincent]

@cboettig we bought two FIDO U2F Security Key from Yubico to see if we can innovate in this area

[thom4parisot]

Especially as it's been recently standardised as webauthn 👍 (➡️ npm)

[jaeyeom]

Hi. If I understand it correctly, this 2 factor authentication can be used for the database that stores metadata such as site name, username, and password options. I can't think of a way to use it for password generation which is the actually important thing in LessPass. Could you clarify that?

[guillaumevincent]

Yes, you could imagine protecting your authentication to the LessPass Database with your key.
But we can imagine also using the key to generate your master password easily.

I admit this is an area where we need to experiment to see what is possible.

[JLarky]

@guillaumevincent you can probably use RSA keys like Nitrokey Pro to store master password or to encrypt the password :) you can also look into OpenKeychain Android app, you can even sign into ssh with it :) with termbot

[guillaumevincent]

I close this one for now
LessPass is developped during our free time. LessPass database don't save some sensitive information. We will probably never have some time for this one. Low priority