jp-weber
commented
1 month ago That would be optional possible, but then of course you would also have restrictions, so that you couldn't use Windows Hello and would always have to enter the password for decryption.
However, I would actually still see a possible implementation with the Windows Credential Manager, which sounds strange at first, but with a password encrypted at runtime, as is the case with the local files via Windows Explorer that are opened. As a user, you would then no longer have any insight for the real password, because the encrypted password from the credential manager works only with the random bit sequence always new at runtime after the login.
- Open the app and enter the password
- The correct password is encrypted and stored with runtime entropy in the Windows Credential Manager
- The app can now at runtime decrypt the password for internal use
Describe the problem this feature would solve
You can use Windows Credential Manager to restore lost 2fast password. However, this could turn out to be very bad if someone has the administrator password and gains access to the Credential Manager. Unfortunately, manually deleting the credentials from Credentials Manager only leads to the password being saved again in the Credential Manager the next time you log in to 2fast.
Describe the solution
Please allow the manual deletion of the password from the Credential Manager or make the Credential Manager feature optional.
Describe alternatives you've considered
Manual deletion of the password in the Credential Manager -> Will unfortunately be set again at the next login
Additional context & Screenshots
n/a