I have been toying with the new version of AxCrypt and I noticed that when signing up for an account there is no option for 2-Step Verification. This is becoming more or less standard now on most websites especially security-related sites.
It’d be nice to see an optional feature on the web interface allowing the use of a TOTP/HOTP. There are lots of open source libraries out there which allow integration of a Google Authenticator 2SV system and this is universally compatible with most 2SV apps (including Authy).
The suggestion better protects the account because:
You have a rudimentary password manager which needs better protecting [2SV would increase security]
It would require 2SV confirmation to reset password / delete account [emails can be intercepted]
If the AxCrypt password is saved in the web browser, it’d require the extra code prior to login
It’s not foolproof but it appreciably increases security in those scenarios.
Thanks for the input! However, there’s a fundamental difference between authentication (with any number of factors) and encryption. I’ve written a longer text on this here: https://www.axcrypt.net/blog/encryption-vs-authentication/ .
Well, some of the web access does require knowledge – specifically the online password manager. We will be working on a more complex model in the future where indeed we’ll have a ‘zero knowledge’ protocol for all that can work that way, and not require sending any passwords to the site.
Most components for this are in place already, but it’s still non-trivial to implement so it’ll probably take a little while more.