I understand that the encryption key is needed to unlock the vault, but it’s still as vulnerable as a password in that if its value is known (through social engineering / shoulder surfing / keylogging / etc.) an unauthorized party can access it. I think having 2FA after supplying the encryption key would be a great protection mechanism. And I like the idea of an email being sent when the vault is accessed.
2 Likes