First of all I'm very happy with the product and have been for quite a while. I was wondering if any support for 2FA will be added in the near future? Specifically yubikey as an extra layer on top of your masterpassword.
Thank you for the feedback Pamalam. I never thought of using the Apple Watch for some type of MFA, so we'll have to look into whether that would work or not. For some, if it's possible, that my be all they would want for extra security. Regarding push and sms methods, we plan on using Authy since it is more flexible and easier to manage for the user. The Google authenticator makes it difficult to move to other devices and nearly impossible, if not actually impossible, to restore or sync MFA keys. For some, that's a good representation of security, but for most it goes too far and is difficult to use.
Long time user first time "caller".... I too would like to add a YubiKey to my security suite. I haven't updated my desktop copies of MSecure because entering a long password every time I want to use it on my desktop is a pain. Instead I've begun allowing Apple Keychain to manage some passwords, and this has left me with a weaker security arrangement. While I trust the iPhone and iPad's security, I think the requirement of a non-digital act, i.e., touching the Yubikey to the phone or tapping its sensor should present a serious deterrent to remote mischief by hackers. It's at least marginally less hassle than receiving a text or some other phone-based method, and more secure as well. I urge you to implement it in a comprehensive way.
- If you think that users might find YubiKey or any type of MFA/2FA, annoying if implemented as a global requirement in order to access any password in MSecure, then perhaps being able to turn it on an off for each password would be sensible.
- such a system would allow users to switch on YubiKey for banking, work, stock accounts, and wallet apps and not have it active for less consequential passwords.
Finally, I think that secure Password protection is an essential element for users these days, but it is still not anywhere near universal among us. I hope, since you hinted at changing your pricing structure that you will not go to a subscription system, but instead remain a one time purchase product, or perhaps offer a choice of payment methods and remain competitively priced.
Thank you very much for your feedback Jonathan. We do have 2FA support on our radar, and we plan to implement it in future releases of v6. It won't be implemented for 6.0, but we plan for it to be a significant feature to be added in a 6.x release.