Leaderboard

I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this: We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager. We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.

Steam implements TOTP with a different alphabet. The basic algorithm seems to be the same as usual TOTP, but the representation of the token is different. An example implementation can be found here: https://gist.github.com/mooop12/1af7f0ffc8f28ea76f27abcba1e6da01 It would be cool if Enpass added support for these token types (maybe even as part of Enpass 6? :-) ) To not clutter the UI, maybe you could take the road of Bitwarden which uses a URL scheme to support different token types (no schema = default TOTP token, special token however could be steam://xyz123abc456).

When configuring Enpass to automatically start on login, the Enpass main window is visible. Is there any way to start Enpass just showing the tray icon without showing the main window? I'm using Enpass 6.0.1 on Ubuntu 18.10 with KDE.

Many (most?) software developers eventually get bored with a program and have the 'brilliant' idea of tweaking it. They then tweak, tweak, tweak it to death and to the point that they completely eff it up (FIU), remember Windows 8 and many other programs? Congratulations Enpass, you have reached the ultimate FIU-dom! In that process, you have lost me, and I suspect others, leaving us searching for a replacement---too bad.

I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot!

When i start a search in enpass 6.04 the app hang then it take 10 or more seconds before i see results.

Windows Hello still doesn't work as expected. Every single Enpass launch after a restart requires the Master Password. I got Enpass back in the day so WOULDN'T have to use passwords ever again. It was one of the first (if not the first) to use Windows Hello. Enpass also frequently reverts back to light theme without obvious reasons. Many other issues as well. V6, so far, has had ZERO benefits for me - other than that it is still supported.

I had no really worth issues as well, but there are a lot of small and annoying bugs on all the platforms when you start using the app very actively. I really like the new features and in that way I’m totally disagreeing with the topic starters opinion, but unfortunately Enpass is in my eyes not ready yet that you can call it a stable version and making a forced upgrade to v6 was a big mistake (hopefully the Enpass team learned their lesson). I think at least 2-3 more month of beta testing would eliminate most of the issues and the inconvenience Enpass team caused to their users.

Hey @ReneOtto We are already aware of this issue and our dev team is looking into it. Till then we request you to please co-operate with us.

Hey @THZ , Sorry for the trouble you are going through. If you have already purchased Enpass for Android platform then you need not to purchase it again to use the pro version of Enpass on the same platform. To restore the Pro version on the other Android device, please reinstall Enpass with the same Google Account with which you purchased it earlier. If that doesn't help, please share the purchase receipt at support@enpas.io so that we can help you better.

@Dentonthebear No problem, I'm glad I cloud help. Btw here I described for another user how to setup multiple vaults using Nextcloud.

Just received the latest app. Thank you for restoring this functionality!

Thank you, thank you, thank you. Appreciate you've restored this functionality to the latest stable app. A+

Hey guys, Sorry for the inconvenience. Our QA team is already looking into this issue. Thanks for your co-operation.

Thank you Vinod, it worked. That is helpful, and I confirming, in case someone else had the same problem and comes across this thread.

Just to correct myself: no, even with the latest version (6.0.4) the sync is not working properly and I still get errors and have to manually trigger the merge process.

Hey, thanks. Will test it out soon, appreciated.

Hey @WonderPass, We have already implemented the Box cloud sync and rolled out the update of Enpass desktop version except for the Mac App Store. For Mobile, we have already submitted the update to the respective App Store for review. It's in the queue and hopefully will be available soon. Thanks for your co-operation.

+1

+1 for this feature

+1 Would be nice to use my 2FA security key (yubico) to open/unlock the vaults. Even on mobile with NFC or even if I have more than one 2FA keys. I mean assign more than one yubikey to the vault.

Hi @koenbro, Your browser is not redirecting back to Enpass. It should show Enpass in the first popup to handle enpassauth links. Try logout and login again to your mac session or set a different browser (Safari) as default browser temporarily. Thanks.

Hi @Vinod Kumar, Although what you described about sharing vaults with other people totally makes sense, the use case described first by @chribonn and confirmed by @Toby Osborne and @rgsiiiya is quite different! Specifically, it's about syncing several my own vaults using one my own cloud account. To make a dramatic comparison, imagine that you were allowed to have just one google docs document per google drive account. That would be outstandingly inconvenient. But this is exactly what Enpass 6 does! Sharing vaults and having multiple vaults are orthogonal features. I hope you will sort things out at some point. Thank you.

Hi @Toby Osborne, OAuth tokens can either have access to App folder or the whole drive (which could be more disastrous). Enpass 6 have access to its own folder only and can't touch rest of your data. In other words, there is no provision in API to issue OAuth token for arbitrary folders.

I also agree. YubiKey challenge-response mode can be used as an alternative to master password or pin. Keepass has it.

+1 for this feature

I agree with you. I use enpass for personal usage, but for a professional usage...

Sorry to hear that you have such bad experiences with v6 of Enpass. On upgrading my Linux, Android and Windows installations experienced no issues, also I have upgraded my clients using MacOS, iOS, Windows and Android without issue as well as introducing new users on Mac to v6. Yes there was a learning curve and new ways to accomplish the same task (but that is where the forum came in really handy) and things have been added since the initial release but as yet no problems that actually stopped me or my clients using the programme. There are of course many reasons that developers 'tweak' a programme and I cannot imagine that one of them is that they got bored.