My suggestion for Passpack is ...

Two factor authentication with Google Authenticator.

A lot of security-conscious users already use Google Authenticator with their Google accounts. It seems like a no-brainer to include in the two-factor authentication options (or at least to use as a backup).

291 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Dan LoewenherzDan Loewenherz shared this idea  ·   ·  Admin →

    22 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • David JohnsonDavid Johnson commented  · 

        This is an incredibly easy implementation and it is not planned or even under review. It is one of the top requested features without any feedback from passpack.

        My guess is that passpack is getting kickbacks from YubiKey and has some kind of deal to exclusively use YubiKey.

        For a security oriented company this is disgraceful.

        I have a yubikey and I use it, but it is an unreasonable demand from passpack for a little extra profit. Easy two-factor is better than no two-factor.

        I am considering alternative password managers because of the lack of alternate and easy to use 2FA. Everyone I know and everyone I recommended passpack to in the past will know exactly why I changed:

        Passpack is a security company that seems to put profit ahead of security. Is the exclusive deal with yubikey really worth it?

      • Anton DerbenevAnton Derbenev commented  · 

        @Chuck Atkins

        > Using Google Aauthenticator as the 2fa option for Paspack is quite dangerous.

        you say it's more "dangerous" than email or no second factor at all?

      • Chiarng LinChiarng Lin commented  · 

        2FA beats having to remember a packing key that is only used on passpack, especially when my only option is to create a new account.

      • sammy singhsammy singh commented  · 

        I am also looking for this same. DropBox is using google authenticator for their 2FA. passpack should do the same....

      • Nathan PondNathan Pond commented  · 

        Yes, some additional options for mfa would be welcome, Google Authenticator, mobile app, etc.

      • Martin BachmannMartin Bachmann commented  · 

        Actually, while Google Authenticator and OTP are really a needed feature here (it's a password manager, after all), we should also consider the emerging U2F unified 2 factor auth standard developed by the FIDO alliance. Seems there is finally a standard for 2FA which works great (e.g. with Yubikey and others). See https://www.yubico.com/applications/fido/

        So if you have spare votes: http://passpack.uservoice.com/forums/49999-suggestions-feedback/suggestions/10373214-fido-u2f-unified-2-factor-authentication

      • ToddTodd commented  · 

        Google Authenticator would be a great alternative to the Yubi key. I think you should keep the Yubi key as an option for those that want the ultimate two-factor authentication solution. There is nothing wrong with Google authenticator as a second factor, it is more secure than e-mail as the second authentication.

      • HanamHanam commented  · 

        I would like this so I can use Google Authenticator/Authy. Otherwise, if I plan to use something like one-time passwords via email, there's a possibility that my emails would be compromised, and I will never be able to get my passwords out of them.

      • ChrisChris commented  · 

        The YubiKey is great, but has limited site support and costs money. I would never be able to convince my parents to get one and set it up with passpack for example. Google Auth would be a great compromise. It surely has to be better than the email based 2nd factor, even if it is not as strong as YubiKey. Better to have as many people as possible on MultiFactor. For my Google Auth app I use Authy, which requires a passcode to open the app.

      • storeboystoreboy commented  · 

        I also would like to see Google Authenticator as an option for two-factor authentication.

      • Chuck AtkinsChuck Atkins commented  · 

        It seems I am the lone dissenting opinion here. Using Google Aauthenticator as the 2fa option for Paspack is quite dangerous. Since Google Authenticator is a software based solution, the 2FA process is quite suceptable to mobile malware. If a phone is hacked and it's screen captured (or think more coordinated with a 3rd person involved) and a malicious 3rd party can see your auth code, they can enter it and lock the account out forever, unrecoverably.

        The technological advantge of the YubiKey is that it's impossible for an attacker to know the secret code before it's entered. Even the user doesn't know it; It's automatically generated in hardware, never seen by the user. The only time it can be captured is the split second between the code being generated and the code being sent, which would be present in any 2fa system. All of the "generate a code that I manually type in" methods have a much larger window of oportunity for attack.

      • ChuckChuck commented  · 

        Adding my upvote for this feature. Many exchanges use Google Authenticator already.

        If there is a security reason not to use it, please let us know!

      • VimalVimal commented  · 

        Even Microsoft now allows Google based authenticator and they have an app in Microsoft app store as well. Please allow 2FA using Google based authenticator

      • Ralph FinchRalph Finch commented  · 

        I'd like this. Yubikey won't work with iOS devices.

      • dasheddotdasheddot commented  · 

        Using Google Authenticator with dropbox already. Would be great to allow 2-factor authentication with Google Authenticator as an alternative to yubi key.

      • DulaniDulani commented  · 

        Any one of the following: Google Authenticator, Symantec's VIP Access (second factor generated on a mobile phone app) or SMS verification would all be a big improvement as the second factor! I like that Passpack offers the Yubikey, but I don't want more hardware to manage.

      • BINITBINIT commented  · 

        It is better to replace the packing key with SMS verification. Less things to remember for the user.

      • Anonymous commented  · 

        It would be great to have Google Authenticator App for 2-factor-authentication of passpack. Google Authenticator App works e.g. with Dropbox or Synology DSM logins. It would help to replace yubikey and having only one tool :-)

      ← Previous 1

      Feedback and Knowledge Base