Leaderboard

Hello Enpass! First of all, thanks for updating the browser extension, it's a really amazing tool now! I just have one tiny question, maybe I missed it in my search on Google and around the forums here, maybe I just miss something, I don't know. But I was wondering if it's possible to use wildcards in the Inline Autofill Popup Menu blocklist. Reason being is I also use Enpass for my personal accounts at work (like the password for my business e-mail account), where we also have another password manager for the business wide password credentials (sensitive internal information, internal credentials etc). On our dev environments, I have two passwords managers that would like to be used, the URLs are quite the same, like appXX.dev.domain.tld. In this case, it would be useful to just add *.dev.domain.tld on the blocklist, but it seems it doesn't do anything currently and it would be amazing if it did! Keep up the great work you're doing, I really love using Enpass! Thanks for making me forget my passwords! Kind regards, Mokaraa

Hi @Rafa, Welcome to the Enpass community. I appreciate you taking the time to explore our app and submit this feature request. Your suggestion has been noted and forwarded to the concerned team for further consideration/feasibility. #SI-2587

Hi @Saptak We have reproduced the bug that causes the autofilling issue on Microsoft apps on our end. Our team is now working on a fix (to be implemented in the upcoming versions of Enpass). In the meantime, we greatly appreciate your patience and support. #SI-2555

Hi @Mohammed Anzil, Welcome to the Enpass Community Forum. First of all we are so excited to know that you have opted for Enpass over other Password Managers. Yes, the cloud always contains a copy of the same encrypted data as your device. So first, a copy of your encrypted data is downloaded on your device, where it gets decrypted (locally) for real-time sync operation to merge changes. Afterward, it got encrypted again and uploaded back to the cloud. In a nutshell, your cloud works only as a storage medium. No cryptographic operation (encryption or decryption) is performed there. Instead, all such procedures are performed locally on your device, and your data never leaves your machine in unencrypted format. So somehow, if an attacker gains access to your Enpass data file, he finds it protected with your Master Password and thus making it unuseful for him. For more information about data security and help, please visit our website or send us a mail at support@enpass.io.

Hi @Daniel-san, Thanks for your message. I really appreciate your awareness about the security of your data. In one sentence, I can say that Enpass is not at all affected with this issue. This link states how the passwords from Lastpass were revealed to unknown websites due to logical bug in using regular expressions, while in Enpass we have used proper function provided in SDK to extract the hostname from URL. QString QUrl::host(ComponentFormattingOptions options = FullyDecoded); When you visit any webpage with the URL say http://www.example.com/login/, and click the Enpass extension icon or press the shortcut key for autofilling, the whole URL is passed to main Desktop App which by using the above function extracts the hostname as www.example.com, from which the domain name would be further extracted as example.com. Now the main Enpass App finds the all matching items for example.com and transmits its icon, Title and subtitle to Enpass-Helper (part of Enpass App and not extension). Enpass-Helper display this information to user and waits for user to select the item for autofilling. (This step is bypassed if the user has requested autofill using shortcut key and only single item exists matching for that domain). Upon selection, the information of selected item is passed from Enpass-Helper to Enpass app which further supplies the username and password to Enpass browser extension. All this communication is secure and happens on localhost about which you can read more here in our user manual. As you can see that most of the work is done in Enpass App itself rather than the extension and we keep updating our desktop App on regular basis, so you can confidently use Enpass and its browser extensions. If you still have any doubts, please feel free to share with us. Cheers and have fun with Enpass! Hemant