Leaderboard

Hi @JFS Thank you for sharing the requested details. I have forwarded this concern to our dedicated team and will get back to you soon with an update. We appreciate your patience in the meantime. #SI-3314

I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this: We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager. We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.

Passkeys are foreseen as the future and are meant to end passwords as we know them. Still, they have one major pitfall: cross platform sync. I strongly believe that Enpass should hop on this train and support it asap. Other big names are already hopping in (Passkeys: the future of authentication in 1Password, Passkeys in Dashlane – Dashlane, https://www.reddit.com/r/Bitwarden/comments/xpywl7/comment/iq6lrq2/?utm_source=share&utm_medium=web2x&context=3) and it will be a key differentiator. It does not look good, because Webauthn - one of the foundations of passkeys is (was?) not on the roadmap: Support WebAuthn - Feature requests - Enpass Discussion Forum

You'll be better off just switching to Bitwarden. Come up with a good 20 character master password, you can set key iteration to a high number (Bitwarden has upped the default for new accounts...no ability to do this in Enpass at all), and they have Aargon2id algorithm as well. You can even self-host Bitwarden if you are so inclined. Bitwarden just works. I switched and cancelled Enpass but I get replies to this thread for fun to see if Enpass will ever release a fix. If it were a simple fix they would have already done so.

Hi @french Thank you for sharing the requested details and we greatly appreciate your cooperation in this matter. We have reproduced the bug on our end due to which this issue is occurring. Our dedicated team is now working on resolving it and soon a patch addressing this issue will be released. Thank you for your patience in the interim.

I tried the wifi sync method with no success. I sent you a pm with details of a sample password causing the issue.

Hi @Ivarson We have reproduced the bug on our end due to which this issue is occurring. Our dedicated team is now working on resolving it and soon a patch addressing this issue will be released. Thank you for your patience in the interim.

That's great to hear, Abhishek.

Hi @despecial Thank you for sharing the requested details. I'm discussing this case with our dedicated team and will get back to you soon with an update. Your patience in the meantime is appreciated.

Hi @Abhishek Dewan Using Version 6.8.5 (1238) I have now been able to add and connect to a secondary OneDrive for Business Vault. Also I have sucessfully added the new vault to my mobile version and that is also synching now. Thanks for the help

Hi @Jo Ried Welcome to the Enpass Forums. By enabling 'Show Old Passwords' option, you can view aging passwords under Audit Section. To view the password history of an Item, kindly refer to the steps in our handy guide.

My wife wouldn't deal with it anymore. She is switching to another service which is making my life more difficult. But she has no faith that they are going to fix it given that it has been half a year at this point with nothing. Seriously, what good is a password manager that doesn't fill in passwords?

I can't use autofill since November, and it's almost March now. I've reinstalled maybe 3 or 4 times but I've given up on that, since it's obvious that the problem will keep reappearing (at the very least) until there's a software update of Enpass on iOS. At the same time it seems Enpass isn't even bothering trying to replicate the issue. No one's been asked about which software versions, devices, cloud services... they use. Apart from the obligatory but shallow apologies, we simply haven't heard back. In months. I've been a happy Enpasser since 2016, but I may very well be done with it now and move on. Bitwarden seems appealing.

Hi @Noujin Kindly try the troubleshooting steps I shared in my post. If you already have and you are still facing the issue, please share the requested details and I'll have this further investigated for you.

As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share. 1: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key. There is no option to set or change default primary vault if i want to. 2: Even if you have created primary vault with enpass key it can be hacked very easily. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. So when a hacker have access to a pc having enpass keyfile does not make it secure. I am a security researcher and i know what i am talking about. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it. even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives. Also please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault. I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know.

Hello Fadi - 2FA as in TOTP (authenticator app Authy, Aegis etc.) cannot physically be used to add another protective layer to 'any' offline vault file, physically on your computer. Bitwarden is identical in this regard. If someone stole your computer, and you had Bitwarden desktop installed, providing the computer was kept offline, and the thief knew your e-mail and master password, they could open your Bitwarden vault, even if you had set up 2FA on your account. As mentioned in an earlier comment, encrypting the key file on your computer is a way to add another protective layer. In this situation, the thief would need 5 things. 1 - To know your Enpass e-mail, 2 - master password, 3 - the key file location, 4 - to know that the key file was encrypted and 5 - to know the password used to encrypt the key file. Online or offline, without all that information, the Enpass vault would not open, even if they knew your e-mail and master password. Another alternative is to store your key file on a USB stick. Without the USB, the key file would be inaccessible, making it impossible to open the vault, even with the correct e-mail and master password. 2FA as in TOTP (authenticator app) protects online access to files and information, it's not designed to protect physical files, when offline. Stored in your personal cloud, Dropbox, OneDrive etc. your Enpass vault(s) are protected by 2FA, when enabled in your cloud account. It is purely the offline element of Enpass, that a 2FA authenticator app can't protect. For that to change, Enpass would need to be an online password manager. Which comes with a mixture of advantages, and disadvantages. The key disadvantage being, without access to the internet, or if the company's servers are down, an online-only password manager blocks you from accessing your own passwords. I completely understand your thoughts and concerns, but in order to protect offline physical files, the approach itself needs also to be offline. Encrypting the key file or storing it externally are two such methods, and there are likely others. Whether Enpass might consider a hybrid online approach I don't know, but for myself what I value most about Enpass is having complete control of where my vault(s) are stored, enabling 2FA, in each cloud storage location, having a secure, memorable master password and vitally being able to access critical information regardless whether I'm online or offline or whether Enpass' servers might be down. With every password storage set up, regardless the method, it is ultimately the responsibility of the end user to protect that information. Enpass is built as an offline password manager and why it differs from others. If that approach isn't practical for you, then possibly a different online password manager might be more suitable.

I'm sorry @Fadi but how can 2FA protect a local encrypted file? It's just a fixed key that is used to generate a unique 6-digit number each 30 seconds, there is nothing with 2FA that could possible add any protection to locally encrypted files.

I have been using Enpass for years and have been satisfied. The issue started with the Android 13 upgrade and has been going on for over 2 months now with no updates from the developer. Stock responses don't inspire a lot of faith. It may be time to move to a new product.

I'm having the same problem on Android 13. It has now been months with no fix or ETA of a fix. What good is a password manager that can't autofill? Can we get an update with an expected fix date please? Please don't add another message saying sorry you will escalate. That is not useful. Give us a real status update please.

Searching for my email address takes MORE THAN 15 seconds!!!!!!!!!!! I never saw such slow searching! Database contains 1836 records Completely UNUSABLE in Mac Mac - Core i9 MacBook Pro 16" with NO FREEZEs in other apps

Same thing here (since day one..), currently 6.6.3 (840) MAS running on macOS 11.4 (had this issue with previous versions on Catalina as well) - Sync via Webdav seems to cause extreme lagging when updating/editing and copying entries as syncing seems to "block" the app - VERY slow search in the Main Window - VERY slow search in any Browser Extension - Browser-Extension-Window often needs to be closed and re-opened in order to show matching elements Total number of vaults: 1 Enabled to show all counts for the sidebar: No

One month since the first post …