Data Security

I was wondering if you have any guideline to use enpass portable. If I setup enpass portable on a USB drive, what can I do to best secure it. I have two concerns. There is a copy of the vault on the drive. The vault is encrypted, so I supposed even if they get the vault they can't easily decrypt the file. What are the likelyhood that the copmputer I use it on contains a keylogger and logs my master password? I am wondering about the use caes of the portable enpass. Is it supposed to be used on public computers?

Hello: I have checked my mobile connections and I have seen that Enpass has connected to an Amazon AWS related IP in Ireland. I would like to know if it is normal and if Enpass works with these servers. Thank you.

My windows 10 system was overwhelmed by Temporary files and and i have less storage, so i decided to delete all those temporary files, as i read in this article https://youprogrammer.com/how-to-delete-temporary-files-windows-10-8-7/ that they can be deleted automatically everytime i boot into system, i am curious, is this gonna make any security issue to my windows 10 system, if i use this method to delete temporary files.

I upgraded to the latest version 6.04. I used to be able to login with my Master PW and my PW's were accessible to me. Now I get a message that there is no data and that I need to restore from a backup. It won't allow my DropBox backup (bad PW again) to be accessed and the same for restoring from a local backup. Weird thing - I can log in ok from my Android phone using a finger swipe with no issues. Anyone else having this issue?

Hello, I want to buy Enpass Premium, to be able to have multiple faults. My Question is, is it possible, not to store the password of the secondary vault in the primary vault? I don't need any auto unlock features. Entering the password every time, is perfectly fine. This page indicates this is default: "When you create multiple vaults, the passwords of other vaults are stored securely in the Primary vault and are removed when you delete the vault. That’s why when you unlock Enpass, all the vaults get unlocked automatically." - https://www.enpass.io/docs/manual-desktop/vault.html#vaults-in-enpass Can this be changed? I need different faults for …

Elmsoft Enpass Hello What's the Enpass opinion on this article : https://blog.elcomsoft.com/2017/08/one-password-to-rule-them-all-breaking-into-1password-keepass-lastpass-and-dashlane/ where those people claim they can easily break many of the master passwords. Despite Enpass was not tested but known competitors to Enpass (1Password, LastPass, Dashlane etc.) , some results appear just SOOO critical..... it would be good to have Enpass's opinion (as well as an ElcomSoft test on Enpass). Kind regards, Francesco

How do I enabled the SYNC via WEBDAV to occur only when connected to my home wifi network. Based on the user manual, the app on my phone will attempt to connect to the URL for my webdav server to perform a sync each time I unlock the vault, the issue is that the IP address I am using could theoretically exist when I am connected to another network, and thus will attempt to connect - while passing across the name and password for my webdav server. If there was an open WEBDAV server at that address, and it were to allow the connection (even if name/password are incorrect), then the ENPASS app will sync across my vault to the webdav server. While the 'SSL Cert…

Hi Enpass team, Currently there is the Magellan Vulnerability on SQLLite. Enpass use SQLCipher engine and SQLCipher use old version of SQLLite (under 3.26). So I wonder if encrypted data of Enpass is still safe with this Magellan Vulnerability? Thanks, Binh

The new beta version 6.9.4 for android seems to lock the main app when it is brought to focus (and if the "lock after" has been set), not in the background. I'm seeing my items briefly before enpass lockscreen covers it. So it seems the data is unprotected in the background. The behavior is seen when "Lock on leave" is disabled. If that setting is activated, the locking seems to happen as soon as the app is put to background.

Maybe you read the headlines: There was a massive iPhone hack. A Google team has found that thousands of iPhones were hacked - just by visiting a infected website. This allowed the attackers comprehensive access to the data in the iPhone: WhatsApp, Signal, SMS, gps-location, photos, contacts and - yes - even the keychain with the passwords should have been open. An incredible Bug! My question: Was Enpass also affected? Could attackers - even theoretically - read the passwords from the Enpass database? As far as I know, Enpass uses the iOS keychain to store the masterpassword, if you use biometric unlock. Who knows more?

I was surprised that Enpass showed me a prompt to "re-register" via a TOTP sent to my registeration email. What is going on here? Its not like I am logged in a website

why does enpass connect to the remote computer 54.72.59.199?

i am trying to decide to do my password migration to enpass... Is the following still true? This came from a different website... thank you.. I did another slightly more sophisticated test. I opened the “enpass” process (password manager that I currently use) with HxD ( HxD - Freeware Hex Editor) I copied a password that is this “secret_password” then I blocked enpass and as if by magic the password continues to be stored in the memory of the enpass process even when it is closed. Screenshot 2024-11-25 215729993×561 169 KB After 10 minutes with enpass locked the password continues to remain in unencrypted memory, …

This morning I got a prompt stating that Enpass wants to “control my computer through accessibility”. The prompt led off to the Privacy section of System Preferences (which I have locked, and in which, therefore, Enpass is grayed out). I have NOT enabled computer control through accessibility for Enpass. I would surely like to know what it means, why soever would I want to cede control, and how I may silence such prompts.j

Hello, I just wanted to make a remark (with a little warning sign!) to you about the topic mentioned above: I've recently noticed, that the Enpass app on Android started showing a warning about my device being rooted and how this may cause security issues. As several popular Android apps recently seem to run some sort of campaign against rooted devices, I feel the need to say, that while I'm totally fine with a warning(!) like this, I could certainly not accept any kind of ban or extensive restrictions in functionality for rooted devices on part of Enpass. Should any of these ever occur, you will have lost me as a customer just this moment. So, if your warn…

The Forum is floated by spam messages. If Enpass is not able to add proper spam detection to their forums or at least human supervision that reacts in a time frame distinctly under 24 hours – why should potential customers trust Enpass security if the public representation to user seeking for support is so bad?

Hello, is it possible to describe the format how enpass generates the share link/file (enpasscard://share?data=XY&tag=XY, *.enpasscard) ? I have a tools that generates wordpress instances and then in want to import the login for a generated instance without manually copy and paste user password and url, the best way i found is using the share link. Unfortunatly i dont know how i can generate this link by myself with a custom PSK without using enpass. (The data is base64 encoded and probably aes256-cbc encrypted but where is iv stored or is salt used) thanks

Enpass 6.8.4 (1166) is vulnerable to this: https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x

I've been a happy user of Enpass for years now, but this lastpass debacle has me concerned. My main concern is how Enpass handles the type of user information which lastpass apparently did not encrypt, info like website URLs and other metadata, although I'm not clear if that metadata was part of their vault or just information lastpass had in dealing with customers. I'd like to learn more about how Enpass hands off the password vault to a cloud provider and any inherent risks with that. This would seem like a very valuable discussion with your customers to feel at ease using Enpass going forward. Edit: So from what I've been reading, it looks like part of the U…

Hi All, I have enpass installed on my work computer and it is detecting a program called EnpassBridge.exe that is been classed as Malware with a 73/100 threat score. Can you any shed any light on this?

Why is EnpassPortable permanently trying to reach sites like Amazon or Google on Port 443?

I read the above thread and associated FAQ. But I haven't changed my password! So, make me wonder what is going. How could I get this message? Certainly, I how someone else has not fiddled with my signins, which I doubt, but still.) I use a Windows 10 laptop and a Windows 10 phone, both synced to OneDrive. So, how'd this happen? How do I fix it (same as above Oct 2, 2017 thread). Oh, I love Enpass!!!

I read the above thread and associated FAQ. But I haven't changed my password! So, I wonder what is going on. How could I get this message (see screen shot)? Certainly, I hope someone else has not fiddled with my signins, which I doubt, but still.) I use a Windows 10 laptop and a Windows 10 phone, both synced to OneDrive. So, how'd this happen? How do I fix it (same as above Oct 2, 2017 thread)? Oh, I love Enpass!!!

Dear Enpass Support Team, Thank you for continuously improving Enpass—it's an essential tool I rely on daily. I'd like to suggest adding a feature to disable screenshots and screen recordings in your macOS app by leveraging the NSApplication.shared.isScreenCaptureEnabled property, available since macOS 11 (Big Sur). This feature significantly enhances security and privacy, especially when handling sensitive credentials. Competitors such as Strongbox have already integrated this functionality. Implementing this feature would further strengthen Enpass’s security positioning and offer peace of mind to your users. Thank you very much fo…

I don't know if password versioning actually qualifies as "Security" but it would definitely be a security for the all thumbs users we sometimes are. Password versioning would keep old passwords in case, on an all thumbs day, we copy something irrelevant in the password field, or if changing our password on an account fails and we still need our old password. Like file versioning, it would be configurable in number of versions kept, and/or in age of old versions. It would be combined with a recycle bin if we delete an entry by accident. From a security point of view, I don't believe password versioning poses any risk otherwise a password manager like Keepass wou…