The Mac pwSafe app should have a 2-step authentication option for logging in.
I'm worried that if my master password is ever compromised, at least this will provide some level of backup security. Also, if the password for a safe is ever entered incorrectly for 10 times consecutively, the app should automatically send an email to the 'owner' of the safe.
-
Anonymous commented
This would also be good for iOS versions of pwSafe as well, especially as a fall-back option similar to the way Google authenticator let's a user generate a number of offline codes for recovery.
-
Greg commented
I am not a white hat or anything, but I suspect that a real black hat would attempt to crack the password file directly, rather than inputting data through the interface. An email notification on 10 consecutive password attempt failures would have no effect. The 2-step authentication option sounds interesting, but might be difficult to implement in practice, due to incompatibility with the original PasswordSafe product.