Data Security

The new beta version 6.9.4 for android seems to lock the main app when it is brought to focus (and if the "lock after" has been set), not in the background. I'm seeing my items briefly before enpass lockscreen covers it. So it seems the data is unprotected in the background. The behavior is seen when "Lock on leave" is disabled. If that setting is activated, the locking seems to happen as soon as the app is put to background.

I was surprised that Enpass showed me a prompt to "re-register" via a TOTP sent to my registeration email. What is going on here? Its not like I am logged in a website

What about autospill vulnerability?

On the pricing page, the standard plan includes the Admin console while the Enterprise plan shows an additional feature called Enpass Hub. I can access the Admin console but cannot find any explanation of Enpass Hub. Is it a feature that appears either in the app or in the Admin console or is it a completely different item (and, if so, how to access it)? Thank you.

Is it possible to set the PBKDF2 iteration count in Enpass? I can see here it's set to 100K: https://support.enpass.io/app/kb/data_security_and_encryption_in_enpass.htm But is it like that for all vaults? My vault is several years old and I've seen old forum threads where it says it used to be 24K iterations. OWASP recommends 120K iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

Due to my work, my computer and other icloud devices, are encrypted and always require login and are automatically logged out on screen saver etc etc. I was previously using 1password when you bought a lifetime license and were able to use icloud for your vault. At that time I had a very simple pin to unlock. They they changed to using their own web-based storage outside of my control which resulted in needing a fairly string master password. Due to this, and many other reasons, such as having to pay lots of money for something you have already bought..... I did research and found Enpass, which is great. They offer the ability to put my vault at icloud. …

I am trying to reset my password after a security breach on my MacBook Pro. I understand I have to go to Settings in Enpass to Reset the master password. I however can not find Settings in Enpass. Can someone please direct me? I am anxious to change the password quickly as I donot know how much exposure Enpass is up to. Thank you Martin Weiss

I've setup TOTP on a couple of accounts and it works fine on one machine and my phone, but on another pc it always says the code is wrong. Has anyone else noticed this issue?

Enpass güvenli değil. Güvenli olmadığı kadar hem açık kaynak değil hemde yedekleme kısmında bir tane dahi açık kaynak bir depolama bile yok.

Master password can be extracted from memory dump created without admin priviledges and after locked password manager: https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/ Are we (Enpass users) safe? regards, syriusz

I am a happy owner of Enpas, but I have a question about unlocking with windows hello. Is it safe to unlock with fingerprint windows hello? When I unlock the database with my fingerprint, can same keyloggers detect the master password and the key file? Thank you

I was wondering if you have any guideline to use enpass portable. If I setup enpass portable on a USB drive, what can I do to best secure it. I have two concerns. There is a copy of the vault on the drive. The vault is encrypted, so I supposed even if they get the vault they can't easily decrypt the file. What are the likelyhood that the copmputer I use it on contains a keylogger and logs my master password? I am wondering about the use caes of the portable enpass. Is it supposed to be used on public computers?

Hello i wonder if there is a opportunity to integrate to backup Enpass to proton drive Kind regards

I have used Enpass for 5 years and open it regularly. I've never changed my Master Password. Overnight it stopped working. I'm on a Mac laptop using OS Monterey 12.31 I have read that this has happened to others. Advice appreciated

Hi Enpass: Is it possible that a business adminstrator could somehow intercept、read out their member's password? Sincerely!

I've been a happy user of Enpass for years now, but this lastpass debacle has me concerned. My main concern is how Enpass handles the type of user information which lastpass apparently did not encrypt, info like website URLs and other metadata, although I'm not clear if that metadata was part of their vault or just information lastpass had in dealing with customers. I'd like to learn more about how Enpass hands off the password vault to a cloud provider and any inherent risks with that. This would seem like a very valuable discussion with your customers to feel at ease using Enpass going forward. Edit: So from what I've been reading, it looks like part of the U…

LastPass has reported another security breach, and as I understand it, not for the first time. I do like to think that Enpass is the best of the bunch, with the encrypted database stored in your own vault, but then if you sync that in the cloud (DropBox, Google Drive, etc.) to access anywhere & anytime, are you really any safer? Just how secure is any password manager? Discuss! At the end of day, I guess, if it's in the cloud it could get hacked – but if encrypted what are the real chances of any comprehensive password data being recovered by the hacker?

So, I have completely given up using my Nextcloud server for Enpass (Enpass is just not reliable in that environment)....sad because the ability to use my private server was the reason I switched in the first place. However, given the amount of time I have now invested in Enpass, before giving up on Enpass completely I thought I'd try using iCloud as the server and immediately ran into a new problem. Scenario: I have multiple devices but with just my Mac and an iPhone, here's the problem I ran into. Step 1. I switched my Mac to use iCloud instead of NextCloud and synced. Step 2. I then modified the passwords for one of the entries in Enpass (Plex ha…

Hello, is it possible to describe the format how enpass generates the share link/file (enpasscard://share?data=XY&tag=XY, *.enpasscard) ? I have a tools that generates wordpress instances and then in want to import the login for a generated instance without manually copy and paste user password and url, the best way i found is using the share link. Unfortunatly i dont know how i can generate this link by myself with a custom PSK without using enpass. (The data is base64 encoded and probably aes256-cbc encrypted but where is iv stored or is salt used) thanks

Is Enpass using OpenSSL version 3.0 on any platforms? https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

Hello dear Community, Now I want to hear from you, where you save your Passwordfiles on the Computer? I had a pretty obvious file, where you could assume that it would be there. Which is pretty dumb obviously. Still I'm not sure which way would be smarter. Put in an any "random" file where no one would suspect it? Oder put in a file with countless other files inside? Do you get what I mean? I'm sorry, if my english is bad .. Best Regards

Hello! I would like to know if there is an 2FA-Option additionally to the Master-Password when I open my Passwortmanager? Of course I hope, that nobody cracks my Master-Password. However "better safe than sorry" ... since 2FA is an important security-feature, I wonder why this option to add an 2FA (and I don't mean the Logins for my inside-Password) is not available yet? Or did I miss it? Thanks for your answer in advance. Best Regards

Hi everyone, is there anyone who has analyzed Luca Stealer's behavior? Can it really break browser addons?

Hello there On multiple sites i've got the problem, that MFA Code is not filled in automatically. Login works - but the 6digit code isn't recognized by enpass. So i have to get the code manually everytime and fill in the section. Coworkers have 1password and for them its working automatically. Anybody a solution for this? Thank you in advance

Just wondering what the enpass team doing to their security to prepare for quantum computing risks for breaking existing encryption systems. Quantum computing will break today’s encryption standards - here’s what to do about it | About Verizon Thanks