Comment by foxyv
4 months ago
Yeah, you can implement a software based method using PBKDF2 or BCrypt. This is why most password managers use a "Master Password." They are much less convenient than hardware based keys like Yubikey and HSMs/Secure Enclave.
Secure enclave is not an alternative for Yubikey because the program inside enclave cannot tell if the request comes from the user or from malware.
Most secure enclaves use a fingerprint scanner to authenticate the request for data key or private certificate decryption. For instance, on the MacBook you will get a message prompting for fingerprint. On a Windows laptop without a fingerprint scanner it will prompt for a PIN.