What is Keyfile and how to use it with Enpass?

Using Keyfile with Enpass

Passwords are the basic tenant of online security, and much has been said about the need to use strong passwords.

Enpass uses the master password to encrypt your data offline securely. Using a strong master password almost makes a Brute-force attack infeasible on your Enpass data, but there are additional measures that one can take to counter risks. Using Keyfile with a master password is one of those.

What is a Keyfile?

A Keyfile (key-file) is basically a file on your computer which contains encryption key. And when used along with a password, it acts as a second factor of authentication.

Using Keyfile with Enpass

To get started, you’d need to first create the Keyfile using the desktop version of Enpass. While setting up the master password, you’ll get an option to create a Keyfile from the advanced options. Once the set up is done, you’ll need this Keyfile along with the master password to log into Enpass each time. 

To use the Keyfile with the desktop version of Enpass, you just have to enable Remember the location of last used Keyfile from Enpass security settings and then point the app to the location of the Keyfile from the lock screen. After that, each time you try to log in, you just have to enter the master password and Enpass will recognize the path of the Keyfile automatically.

The mobile version follows a slightly different approach. To add the Keyfile in the Enpass mobile app, you can choose the Keyfile from the cloud in iOS devices or from local storage in Android devices (if you’ve got a saved Keyfile already), or you can scan the Keyfile QR code from the desktop, and once done, the Keyfile will get stored in the Keychain on iOS devices and in Sandbox on Android devices. So, whenever you try to log in, you will just need to enter the master password and Enpass will automatically load the Keyfile.

Bonus Tip: Although using Keyfile with Enpass increases the security, it is still recommended always to use a strong master password.

How does using Keyfile increase security?

Using Keyfile with master password acts as a second factor of authentication to log into Enpass.

Security researchers generally divide authentication into three factors – Something you know, something you have, and something you are. Keyfile is ‘something you have,’ and when combined with a master password (‘something you know’), it acts as a second factor of authentication. The second factor of authentication provides an extra layer of security making it harder for the hackers to gain access to your private data.

The Keyfile that Enpass generates contains a secret key that gets appended to the master password, and the combination of the two is used to encrypt the Enpass data. It is, of course, very important that you never lose the Keyfile and save it in a secure location. 

Security researchers advise that the Keyfile with a good amount of entropy ensures higher security to your data. Password entropy predicts how difficult it is to crack a given password through guessing or brute force cracking. Enpass generates high entropy random data for Keyfile using Cryptographically Secure Random Number Generator which make every brute-force attack infeasible.