Leaderboard

The old version of extension demands that I upgrade when I try to use it. You people need to give us the old version. My workflow has become dependent on Enpass and your asinine decision to upgrade to what is the equivalent of Window ME has completely destroyed my productivity.

Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have an internal database of security breaches (database with information about hacked websites where user-data was stolen). In this database they store the website and also the date of the breach. 1Password stores for password entries two modification dates: modification date of the password modification date of the entry 1Password checks the password entries against this database. When a website was hacked after the password was changed in 1Password, then 1Password recommends to change the password. When the password was changed after the hack of the website, then users get no notification. So when the entry for a page was last changed today (like added some notes), but the password itself was changed 2 years ago, then users get a warning when the website was hacked 2 weeks ago. For the password manager KeePass there is a plugin available called HaveIBeenPwned. The plugin and the source code are available here: https://github.com/andrew-schofield/keepass2-haveibeenpwned This plugin downloads the public breach lists form "'have i been pwned?" and from "Cloudbleed Checker". The plugin checks (on demand) your passwords against these lists. In KeePass there is no modification date of the password. To get the modification date of the password the plugin checks the history of each entry and compares the passwords (to find out the modification date of the password). Suggestion: Please add also such a feature in Enpass in the Password Audits. In my opinion it is OK if you use the public available lists from "'have i been pwned?" and from "Cloudbleed Checker" (like the KeePass Plugin). This requires that you also store the "password modification date". When you import entries from KeePass then you should also determine the password modification date of the entry. In the KeePass XML the complete history is also exported. Regards OLLI

I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot!

I appreciate the new "Expire After ..." field when editing passwords. However, please show the expiration date/time as one of the attributes of the password. I can go to the "Audit" area and see if a password is expired, but that's not what I'm looking for. What I need is to see the password expiration date/time when I call up the entry. Make sure you're handling time zones correctly by either showing the time zone, or at least making sure the time is displayed in the time zone of the device. I regularly maintain passwords that expire after 72 hours, and knowing the exact time that a password will expire is useful. Currently I'm still resorting to a manually created and maintained field where I type in the expiration date/time each time I edit a new one of these passwords. Also, it would useful, when specifying the password expiration, to be able to specify more than just the number of days. If the actual password expiration date/time was presented as a date/time field that could be edited, that would satisfy this need. Again, make sure time zones are handled properly. I sync across several devices of different operating systems, and those devices operate in different time zones. As a quick partial solution maybe the "History" of a field could show the current value and the date that value was set, as well as showing all the field's historical values. Then, if I know that, for example, this password expires every three days, a quick mental calculation while viewing the date that I set the current value will tell me if I need to reset my password soon.

Dear Enpass, in your blog post "Introducing Enpass" you said "beloved Enpassians" would be "blowing you kisses". Do you read these forums? Why has there been no response to the multiple issues pointed out and complaints made: Misleading price policy: cancelling features in Enpass 6 which were purchased in Enpass 5 with a "lifetime license" (ex.: Windows Mobile sync) Recharging for "Premium features" in Enpass 6 which were previously purchased in Enpass 5 /UWP with a "one time payment" (ex: Windows Hello) Claiming that Enpass 6 and 5 are "completely different products" as the reason for new purchase price, and yet not letting us choose between them Forced/automatic upgrade without asking permission and with almost no way to downgrade No clear warning that the database from Enpass 5 would be overwritten and changed in Enpass 6, rendering it useless for those who find a way to reinstall Enpass 5 Those selling such high impact security software must be trustworthy themselves . . . you have lost that in my eyes. What do you plan to do to try and win it back?

I agree with wmc. Enpass is an excellent product, but the 6 release has been non functional for me. Step back and try again.

+1 Please add a portable version of Enpass 6!

Thanks for this - working for me now . Glad I found this. I thinking the search dropdown options could be slightly clearer, perhaps something like: 'Titles only' and 'All fields except passwords'. Perhaps 'All fields except passwords' could be the default too!

+1 As a long-time, very satisfied Enpass user, I'd like to echo the sentiments here. To be clear: I'm not upset that you made a major upgrade to V6, I'm upset HOW you did it. Personally, I am tech savvy, so I was able to help myself and my partner to upgrade to V6. However, my partner had NO CHANCE at all to upgrade herself and had already started to panic (passwords missing, devices not syncing), when she asked for help. In short: the upgrade experience was catastrophic. 1. Because I loosely followed the beta program for V6, I remembered reading that V6 vaults aren't compatible with V5 and that the upgrade from V5 to V6 is a "one-way" operation with no backward compatibility to V5. I thought that was a beta-issue only and would be solved in the release. That incompatibility caused my and my partner's devices to literally break apart, because sync just stopped. No message, no error, no warning, no instructions, no announcements. In our case, my partner lost a few passwords during the upgrade and broke sync between her devices. She had added new passwords to her Android V5 over the last couple of days. Then the upgrade automagically happened through Google Play. When she opened the new version, the passwords were imported to V6, breaking backward compat with V5 still on our Windows devices (no auto-upgrade on Windows!). So when she opened Enpass V5 on Windows, the new passwords were missing, because they didn't get moved to V6 on Windows yet. So as far as she could see, passwords were inconsistent at best or lost at worst. 2. We use Windows 10 Pro, Windows 10 Mobile and Android Oreo and Pie in our household. The upgrade experience was different for each platform. I realize you don't control the platforms, but could you at least have provided some clear upgrade guidance for each platform? Android upgraded itself, Windows 10 Pro didn't and had to upgraded/migrated manually, Windows 10 Mobile … just ended without comment. 3. At no time were we made aware of a coming upgrade and/or its consequences - much less an opt out. Microsoft is better at this, and that's saying something! 4. There is no obvious way to roll-back and recover from a failed upgrade. Really?! That is essential! Again, even Microsoft handles their Windows feature upgrades better - the roll-back actually works. If something goes wrong, users MUST be able to roll back. Do you realize that some people have access to their ENTIRE DIGITAL LIVES stored in Enpass? Breaking that could literally ruin someone. Managing passwords and access is more critical than managing data - you have a bigger responsibility than Microsoft or Amazon, who run the world's cloud services. What saved us was that we had all kinds of different platforms and each one failed differently, which luckily meant that at least one Enpass still worked, in order to get at our master passwords. PLEASE DONT DO THAT AGAIN.

If Windows Hello is enabled, please use Hello as the default authentication method. Currently, I need to tap the little face icon first - one step too many. Thanks!

*sigh* You could have warned that upgrading to Enpass 6 would not be supported with the portable version. Now I have 2 separate vaults, one for v5 and one for v6, that are out of sync, and no news when the portable version will be up to speed. Poor execution.