2FA for the vault

Is it possible to add 2FA to the iOS app and/or the Windows app?
I see the forum has it, but I noticed the Desktop nor the iphone app has it.

I don’t know about the IOS app but there is a way to have essentially two factor Authentication in Windows if you use the cryptonator plugin for keepass XC password manager.

You wouldn’t need to use keepass XC as your primary password manager, it would control access to your vaults only and you can have two-factor authentication that way. My keypass XC is linked to my cryptomator. When I launch keepass XC I have two-factor authentication enabled so it asks me not only for the password but my windows hello thumbprint as well.

That is the only way that I’m aware of that you can add a extra layer of Authentication to the Windows app.


Me too trying to find 2FA solution for cryptomator. Found your post but I’m not sure what did you mean and how to implement it. Do you mind please elaborate how to implement 2FA using google authenticator for cryptomator using keepass XC?

Thank you!


Here is the link to the plugin that links KeepassXC to Cryptomator.

keepass-crptomator plugin

keepass XC is a password manager that supports windows hello so you can set up authentication so that when you first start the keypass program you will need to type in your key pass master password and then pass the windows hello biometric authentication as a second step.

Setting up keypass alone without windows hello is adequate because that will give you a second step of authentication. You’ll be required to know the master password for keepass and the vault password as the second step. Linking to windows hello inside keepass XC is essentially a third step that I use. I chose to use keypass XC with windows hello because after you unlock the vault the first time in the morning each subsequent unlocking can be done by just looking at the screen or touching your finger on the fingerprint reader.

Because the cryptomator vault passwords will be stored there, you must first unlock keypass for you before you can unlock the vault. It prevents unauthorized users from accessing the vault without having your Keepass credentials as well.

There is a wiki that describes how to set everything up.

Let me know if you need anything further.