Jump to content


Popular Content

Showing content with the highest reputation since 09/23/2018 in Posts

  1. 8 points
    Steam implements TOTP with a different alphabet. The basic algorithm seems to be the same as usual TOTP, but the representation of the token is different. An example implementation can be found here: https://gist.github.com/mooop12/1af7f0ffc8f28ea76f27abcba1e6da01 It would be cool if Enpass added support for these token types (maybe even as part of Enpass 6? :-) ) To not clutter the UI, maybe you could take the road of Bitwarden which uses a URL scheme to support different token types (no schema = default TOTP token, special token however could be steam://xyz123abc456).
  2. 8 points
    There are too many universally experienced bugs for a small support / development team to chase in an organized fashion that will not result in a much degraded product that will be much harder to maintain and upgrade going forward. Many of the bugs create security issues (e.g. the failure of Enpass browser extensions to block access to web login sites until the Enpass master password is entered, then subsequent failure to load the info from the vault for the page with the login controls (UID, password). A number of bugs impact stored data integrity and reliability. E.g., browser extensions seem to "forget" Enpass has been installed and working fine in with a particular "Master Password" in the past, and reports it has not completed set-up, needs a master password to be created, or previous data restored. However, despite selecting auto-backup creation in version 6, no backups get created, and attempts to restore from the local computer lead to a Google login page. (?!?) Further, the database form, format and location used to store the "vault" has changed from v 5 so that the process of "rolling back" will be tedious with many manual actions required by the user while understanding it is highly likely that v5 will not be able to use a v6 vault for its data. Version 6 install / uninstall make a mess of the Windows registry leaving multiple entries with duplicate information that is incorrect. For example, after installing v 6.0.2 the registry contains no entries referencing this version but does have entries referencing the previously installed 6.0.1 (239) referenced as There are multiple keys in HKCR that contain the exact same info. HKCR\.enpass_card should reference one of the subsequent classes in HKCR from its "OpenWithProgids" key, but there are at least EIGHT OTHER Progids in HKCR all for same "@{SinewSoftwareSystems.EnpassPasswordManager_6.1.239.0_x86__fwdy0m65qb6h2?ms-resource:...". Thus the uninstaller needs to be fixed so that it cleans up all the entries it leaves behind when the software is uninstalled since this splattering of multiple keys with duplicate data may be at the source of some worsening issues each time a new v6 install / uninstall / re-install is attempted. Although I haven't attempted it, I believe this shotgun blast of Enpass version 6 registry entries left behind after its uninstall will make a rollback to version 5 problematic especially for Windows users not versed in registry editing and the subtleties of changes in Enpass database form, format and location. For these reasons the Enpass development team needs to withdraw all version 6 releases and provide A FULLY TESTED UTILITY TO COMPLETELY REMOVE TRACES OF VERSION 6 FROM THE REGISTRY / SYSTEM FILE STORES, AND CONVERT THE V 6 DATABASE BACK TO A VERSION 5 COMPATIBLE "WALLET" SO USER CAN THEN SUCCESSFULLY RE-INSTALL AND OPERATE WITH VERSION 5. This will then give the developers and Enpas QC engineers time to re-engineer v6 from top to bottom with REAL unit testing AND REAL THOROUGH in-house use case testing BEFORE releasing to beta testing or the "stable release" channel.
  3. 7 points
    Hi! I was using Enpass UWP for Windows 10 with full-time Windows Hello enabled, because my computer fulfills all necessary requirements (TPM 2.0, UEFI Secure Boot). So Enpass UWP successfully detected that the machine is secure enough to store the keys in hardware/TPM and use Windows Hello directly on the first launch even after a computer restart or when Enpass UWP was completely closed. Now with Enpass 6, it is only using the fallback solution of asking for the master password the first time after restart, and using Windows Hello only for subsequent unlocks. I think Enpass 6 is great and a big improvement in many things, but in this particular aspect it feels like kind of a stepback. So my question is: Will full-time Windows Hello be supported in Enpass 6 again like it was in Enpass UWP for computers which fulfill the necessary requirements for hardware/TPM-based security?
  4. 5 points
    I understand that you do not wish to open-source your product, but I am reluctant to use it because of the fact it is closed-source, the company is based in India (yes, this matters) and there is no information about the development team. Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? Thanks, Gili
  5. 5 points
    What's up everyone. So, I've just installed version 6 on all my devices. I understand it's a first release after major rewrite, although it's slightly shameful there are so many issues which could've been addressed in beta. First of all - Folders. I'm not gonna join the "bRinG FOLdErs BaCK REEEEE" circlejerk. I honestly like the concept of tags. Assuming it's well implemented. Which it isn't. It took me at least 15 minutes to figure out how to use subtags. The "Parent tag:Sub tag:Secondary subtag" syntax is so random and un-intuitive I would've never guessed it, have there not been for previously converted subfolders, now subtags. I'd still be trying adding 3 separate tags for each level or just trying stuff like "Parent tag/Sub tag/Secondary subtag" or whatever. This issue however lies more deeply. Tag cloud is in no way supported by autocomplete. Simply adding suggestions like when I type "devel", it'd suggest tag "Development" would save the situation. You know, like tags work EVERYWHERE on the internet. I have around 20 tags set up, each one had to be manually written in the input field. There's no freakin' drag'n'drop functionality to drop a single or multiple items to attach a tag. This really needs to be addressed. Then there's a random list of bugs I've also encountered: 1) macOS - the app keeps randomly resizing to default window size (which is freakishly small) 2) the all items list (or any other list) keeps randomly refreshing. I have a suspicion this is related to syncing (I'm using WebDAV). I'm scrolling down the list of about 100 entries and the list randomly refreshes, returning back to the top of the list.This is on macOS too. 3) overall lack of drag'n'drop - this was summarized in the "tags" rant at the beginning of this post, but it just feels weird. I've trashed several of my entries by accident (used to "backspace" being an archive shortcut, not trash). I honestly thought "iz okay Numline1, you'll just select them all and drag and drop them into the archive folder". Well, fuck me, that's not happening. Some folders seem to be able to do drag and drop, but it's so random. Now, just so I don't seem like "random bitchy internet user", I have to say, there are some bright sides. The new UI is lovely and a welcome change. The WebDAV sync with Nextcloud finally works (although it's sad we had to wait until next major release for that). The multiple vault feature is nice as well. Anyway, thanks for reading this, I really hope some of this stuff gets fixed and improved in upcoming weeks!
  6. 5 points
    Hi Enpassians! We know our Portable users have been waiting to get the v6 update quite a long time as they are facing compatibility issues with the data on v5 of Portable Apps and v6 of the Stable apps. I am sorry that took it more time than expected as we were busy in improving and stabilizing the v6, but it's finally here! The first beta of Enpass v6 for the Portable apps has been out, and you can get it from the download links given later in the post. The complete changelog for this beta is: What’s New Multiple Vaults: We are very excited to have the support of more than one vault in Enpass to collaborate with our family and team members, keeping our personal data separate in Primary vault. It was one of the most demanded features from you guys. You can share a vault with others by syncing through a common cloud account where each vault need a distinct cloud account to sync. Just go ahead, and give it a try! Secure Sharing: Every single item that you want to share with others can now be encrypted with a passphrase (call it Pre-Shared Key). You can create PSKs from the Advanced Settings of Enpass after which an additional option to Encrypt with PSK will appear while sharing the item. You need to share the PSK prior with the intended recipient to enable them to import in their Enpass. Please use a different medium to share the PSK than you’ll use to share the item. -“Keys are always kept hidden from the locks” ;-). Enpass Assistant: The minified Enpass is now called Enpass Assistant (Formerly Helper). It offers excellent autofilling experience with browser extensions, and you can invoke it from a Keyboard shortcut or System Menu bar. Always run Enpass Assistant in docked mode: From now onwards, you can stick the Enpass Assistant on the screen, and it won’t disappear when you click outside it. You can enable it from Enpass General settings under the Behavior section. Also, once the Enpass Assistant is opened, you can use the Keyboard shortcut Shift+Ctrl+ D to stick it on the screen. Keyfile Support: You want to have a super-duper strong master password, huh! Yeah, but memory has a limit to memorize it. No worries, you can use Enpass 6 to let you use Enpass-Keyfile in addition to your master password as a second factor required to unlock the Enpass on every platform. Custom Icons: Let’s you set any image as an icon for an item. Trash & Archive: You know what to do with Trash. Archive those unwanted items which should be skipped while Searching. Identities: Create identities with personal information for auto-filling long, tedious sign-up forms with a single click. Multi-Line Field: It’s a new field type where you can save data in multiple-lines. History of Every Field: Like password fields, you can now see the history of changes in every kind of fields in an item except Notes. Dark theme: Added support for dark mode on macOS Mojave and Linux. A separate section under the ‘Groups’ tab to have a quick look at all TOTPs & Attachments. Added localization support for Afrikaans, Malay, Croatian, Hungarian, Indonesian, Romanian, Slovak and Swedish. Improvements Improved Security: The real stuff!! Enpass 6 comes with far better protection for your data. Check out more about Security on our website. Browser Extensions: The improved browser extensions now offer better auto-filling, auto-capturing, and security. Enpass extension can now autofill in pages with more than two fields. Also, while setting up the first connection with a browser, you would need to pair that first. Tags: Folders in previous Enpass were more or liked Tags, and so we have renamed them to Tags. And yes, they are nested too. Checking Pwned Passwords for Complete Database: Say goodbye to the hassle of checking every single password for pwnage, now you can review the passwords in your entire database with a single click. Improved Password generator and more brutal strength estimator. Again, Security Matters the most! Password Expiry: From now onwards you can set an expiry date to any password field and check for them from the ‘Audit’ tab when they are going to expire. Eight digits TOTP support. Unlike the older version, Password generator has no limitation of five passwords in history. Known Issues: Remember Location: After every fresh start, the app will ask you to select the data location even if you have previously clicked 'Remember Location.' iCloud Synchronization: The Portable versions are missing the iCloud option for the synchronization. Translations: Some strings might be not be localized in the supported languages. For Linux users running 16.04: The app icon isn't displayed in the launcher. For macOS users: Missing the Categories list, and item's icon: After the initial launch of Enpass Portable, the app may not show the Categories List or item's icon. Workaround: Copy the extracted enpassportable and paste it in a new folder or location. Now open the app and it will show the list and icons as expected. Using Safari 12 or later versions: Unfortunately, the Enpass extension for Safari will not work with the Portable versions. The reason is that the Safari App Extension is bound with the app installation. But for Portable versions, there is no such app installation. Workaround: Use any other supported browsers. Download Links Before installing the Beta version, please read the Enpass Portable User Guide. For Linux (.tar.gz): Enpass Portable Beta v6.0.7 For Windows and macOS (.zip): Enpass Portable Beta v6.0.7 Get your hands on this beta version and share your valuable feedback. If there are other improvements you’d like to see, please leave a comment below. Cheers!
  7. 5 points
    I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this: We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager. We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.
  8. 5 points
    Hello, I upgraded to 6.0 today and was really looking forward to the vault feature in the hope that one vault would be shared while the other would not. My setup consists of 3 windows devices and 2 android devices (each with their own PRO licence). I managed to generate the new vault but when I come to tell it to sync to the same google drive location I get an error telling me that this is not possible. In my opinion the name of the first vault was system generated while 2nd vault onward require a name. Can't this name be used to generate a unique file name? Thanks and Regards,
  9. 5 points
    Unfortunately the new enpass version brings multiple annoyances, reduced efficiency, and a complete disregard to GUI design rules. The interface is counter intuitive and counter productive. There is no consistency throughout the experience, and my actual work process became much slower, either trying to find the required functionality, or waiting for enpass to perform its tasks. To open the enpass windows app, you have to click on the taskbar icon, click the 3 lines menu, and select open enpass. In the previous version it was a simple double-click on the taskbar icon. When searching for credentials in the enpass windows app, there's a delay of at least 4 seconds before the enpass application responds to any input. After a computer restart I have to wait for at least 10 seconds for the chrome plugin, while it searches for the windows application. In the previous version it was an instant password prompt. There are multiple other minor annoyances which when put together, significantly affect my efficiency when looking for passwords. And even though I paid for the iOS app, today I started searching for a new password manager software. It's a shame really because enpass was amazingly good before this "upgrade". Approving this "upgrade" for public release was not a very good decision. Please take this as constructive feedback, since I'm a fan of enpass and I would love it to succeed. This new version though was a bad decision.
  10. 5 points
    Hi there, I am happy user of Enpass and I have - like many others - recommended it to many of my friends. However I am completely unhappy with: 1- Pro version for Desktop - your main motto is: "desktop version for free" - it is NOT ANYMORE as you have removed few free-till-now features and included them ONLY in Pro version 2- main reason I bought Enpass is its capability of multi OS synchro - I bought iOS version and Android version. Together with MacOS version I am a complete user. The problem remains: I need to pay 3 times now (considering the point above). The answer from the developers that it is IMPOSSIBLE to merge buying from Google Play and Apple Store is just an EXCUSE - the versions on stores could be "light" or "free" while user could have activate Pro versions by using another credentials. All above is making me looking for the alternatives and for sure I will find one soon. Not me only but everybody who is unhappy for this greedy approach. Seeing on this forum (but not only here) how many people realised that version 6.0 brought completely new way of treating the customers it is only a matter of time when someone will come with more user friendly versions. Again: I am not against payment. But I am against paying 3 times for the main feature of Enpass that is: multi OS synchro.
  11. 5 points
    As a former software engineer, technical lead and software architect for major aerospace software systems, I know a thing or two about what happens when proper design, development test and release procedures get short-cutted and this appears to be what happened here. The result is a product which can either go forward with lots of band-aids, bailing wire and spit holding it together (making maintenance a nightmare with limited reliability and success) OR a product that can be withdraw, reworked without the pressure of dealing with multiple daily reports of wide-ranging and serious bugs. I am attempting to be constructive based on my experience with software development in both types of environments - when development followed a sound set procedure through the process from design to release, and when shortcuts were taken to satisfy political, management, or marketing desires. I'm merely asking Sinew Software to withdraw a release that was clearly "not ready for prime time", and redo the effort properly with the technical process, issues and progress dictating release schedules rather than whatever pushed this one out the door before it was finished. Other major software development organizations have done this in the past, and users who see a company ready to admit a mistake then take proper action to fix it generally end up with higher regard and satisfaction with the developer than for those developers who "press on" with a bug-laden product, trying to pretend all is copacetic. In the end, the latter decision hurts the bottom line and ends up defeating whatever management / marketing decision drove the "pre-mature" release. I have downgraded to version 5, turned off auto-update for the extensions in the various browser that allow that, instead of having purchased the prime option on v 6 which was my intention though I did not need the features, but more as a reward for a an application and browser extensions I used and found perfectly met my need. But now, unless they take the proper action to fix ALL the issues in version 6 (withdraw, re-work, re-release being the proper way instead of endless little ad-hoc patches), I will be done with any / all products related to Sinew Software an use one of the password managers built into my internet security suites or available from another vendor at a reasonable price.
  12. 5 points
    Yes! Please bring this back. If Android is safe enough to offer this, then I can't imagine Windows 10 not offering the hooks. Apart from the convenience: I really don't want people to be able read along when I type my master password. So actually one could argue that not offering Windows Hello on the first start-up , could actually be interpreted as a security flaw/risk... (imagine standing in a crowded metro trying to log into something). So please bring full-time Hello back, I had got myself a license for the UWP app just to have this! And @tox1c90 : it's even worse than just after a fresh boot: if you don't leave Enpass running in the task-tray it'll NEVER offer you Windows Hello login
  13. 4 points
    I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot!
  14. 4 points
    Hey @dvdr, The suggested feature is already in our roadmap and will be available with the subsequent update. Cheers!
  15. 4 points
    Hello, I think being able to sync multiple vaults with one cloud would be a big benefit! I love the idea of multiple vaults in Enpass, but having to use different clouds is a bit of a pain - I would like to have them all in one place. Could you please add support of multiple vaults for the same cloud? Thanks!
  16. 4 points
    +1 As a long-time, very satisfied Enpass user, I'd like to echo the sentiments here. To be clear: I'm not upset that you made a major upgrade to V6, I'm upset HOW you did it. Personally, I am tech savvy, so I was able to help myself and my partner to upgrade to V6. However, my partner had NO CHANCE at all to upgrade herself and had already started to panic (passwords missing, devices not syncing), when she asked for help. In short: the upgrade experience was catastrophic. 1. Because I loosely followed the beta program for V6, I remembered reading that V6 vaults aren't compatible with V5 and that the upgrade from V5 to V6 is a "one-way" operation with no backward compatibility to V5. I thought that was a beta-issue only and would be solved in the release. That incompatibility caused my and my partner's devices to literally break apart, because sync just stopped. No message, no error, no warning, no instructions, no announcements. In our case, my partner lost a few passwords during the upgrade and broke sync between her devices. She had added new passwords to her Android V5 over the last couple of days. Then the upgrade automagically happened through Google Play. When she opened the new version, the passwords were imported to V6, breaking backward compat with V5 still on our Windows devices (no auto-upgrade on Windows!). So when she opened Enpass V5 on Windows, the new passwords were missing, because they didn't get moved to V6 on Windows yet. So as far as she could see, passwords were inconsistent at best or lost at worst. 2. We use Windows 10 Pro, Windows 10 Mobile and Android Oreo and Pie in our household. The upgrade experience was different for each platform. I realize you don't control the platforms, but could you at least have provided some clear upgrade guidance for each platform? Android upgraded itself, Windows 10 Pro didn't and had to upgraded/migrated manually, Windows 10 Mobile … just ended without comment. 3. At no time were we made aware of a coming upgrade and/or its consequences - much less an opt out. Microsoft is better at this, and that's saying something! 4. There is no obvious way to roll-back and recover from a failed upgrade. Really?! That is essential! Again, even Microsoft handles their Windows feature upgrades better - the roll-back actually works. If something goes wrong, users MUST be able to roll back. Do you realize that some people have access to their ENTIRE DIGITAL LIVES stored in Enpass? Breaking that could literally ruin someone. Managing passwords and access is more critical than managing data - you have a bigger responsibility than Microsoft or Amazon, who run the world's cloud services. What saved us was that we had all kinds of different platforms and each one failed differently, which luckily meant that at least one Enpass still worked, in order to get at our master passwords. PLEASE DONT DO THAT AGAIN.
  17. 4 points
    Hey, I've signed up here just to reply to this topic. I have the same concerns - I'm very disappointed, because Desktop version was always free with all features included and it was one of the main reason for me to purchase Android app (don't actually need the mobile Enpass, but just wanted to pay for such a great product). Today I noticed that new version of Enpass is available, it looked for me like a great New Year gift. But when I opened the updated app on my MacOS, I realised that some key features which have been always available all the time for free (like Touch ID) - they suddenly became Premium. This is really confusing me. What I need to expect next? Version 7.0.0 will extract Cloud sync feature in some Super Premium plan and I will have to pay again, right? This must not work like this - this is just a cheating, it's not a right way to suddenly make free features non-free and ask user to pay for it to earn more money. This is weird to see that Enpass developers cannot merge purchases from other platforms - this is just another and very convenient reason for them to make people to buy their product again. I can leave without Touch ID on my desktop version, OK. But I cannot trust Enpass like it was before version 6 upgrade, very upset with this situation. Thinking about moving to another password manager Thanks
  18. 4 points
    As mentioned by other users this update is extremely disappointing and is pushing me to look for alternatives for Enpass. Charging for old features such as unlocking with Touch ID is a bad precedent and worries me that Enpass may convert to a subscription model in the future. The Mac version of the app looks unpolished and looks worse than the previous version. It doesn't look like a native Mac app and instead merely a secondhand thought to the Windows version. I beg you guys to improve on the areas mentioned and don't ignore your users. Upgrading to pro is not an issue for me. As a matter of fact, I was more than willing to purchase it and excited to buy new features, but I do not want to spend my money on a product I have no confidence in, and unfortunately, this update has caused me to lose a lot of it.
  19. 4 points
    I'm very disappointed with this update. Sync is broken, browser integration is broken. Everything was almost perfect in the previous version.
  20. 4 points
    It's sad to say but I think you released a poor beta of Enpass. When I follow all the topics in the forum and considering my own experiences, I am not sure If I should trust my Data to Enpass anymore. Let's see what is reported so far - Not working Sync - Not working Pro Upgrade - Not working Browser Extensions - Corrupted databases or missing passwords after upgrade - get charged for features that were free in Version 5 Considering all of this, I ask myself two things 1. Have you tested your Software and Plugins before the release or was it more important for you to get money from your existing users? How can I trust a company that releases a bad beta version an a final realease that handles personal and confidential data? 2. What will come next when now ask for money for old features? What kind of business is that? For new features, ok. I would be willing to pay on order to support you. But not this way. I really thing about to switch to another products now.
  21. 4 points
    Hemant, Thank you for your response. I don't think anyone is expecting frequent audits. Once a year or every 3 years should be enough. As to the cost... that's the cost of doing business. The primary reason I skipped over this product was because it was both close-sourced and unaudited. Otherwise, I would have purchased a copy. Gili
  22. 3 points
    Hey guys, Sorry for the trouble you are going through. Please have a look at the attached image to know how to locate history of each field (except Notes) in Enpass. To see the field history, right-click on the field’s value from the details screen → Click on the History. Thanks!
  23. 3 points
    Hi, I have been using Enpass for a couple mounth now, after buying the Premium version which is very good. However, I am a bit of a design nerd, and I was quite sad to see that the icon system was not so good, and it seems that I am not the only one: Only a few icons are available by default. Some icons are quite outdated (see the Netflix one). Adding custom icons is long and buggy (the icons size is very messy). We cannot remove custom icons (after trying to add the same icon in various sizes, I got it in almost ten version and found no option to remove them). That is why I have been thinking about the following features, that I think could be good looking and more userfriendly: When new credentials are added, if the field URL is filled, try to catch the favicon and use it as an icon. If the website does not have a favicon, or the URL is not given, just leave the icon empty as it does currently. Added a little "refresh" button when editing a credential, which tries to catch the latest favicon (if the icon was a favicon) For the custom icons, just resize them to the size of the icon displayer. Adding a little cross on our custom icons (so that we can remove them easily) This requires that custom icons ALWAYS have the priority over favicons. I think this is not a huge feature, but it is the kind of details that improves the user experience, even a little (and that design nerdy, like me, will enjoy A LOT). Thanks for reading this!
  24. 3 points
    Hello, I have some improvements for the Password Generator in Enpass. Include Symbols Currently you allow to Exclude certain symbols in the password generator. It would be very helpful when I could include certain symbols (like the _ or the #) because some websites don't accept all symbols. When users include symbols then only those symbols should be used. Allow to adjust generated passwords When I generate a password please allow me to adjust it (in the green heading where I see the generated password). This way I can remove a single character from the password and replace it with an other character. But I also can enter a password and check how secure it is. I have some "special" colleagues and family members that use unsafe passwords and this way I can convince them that they should use Enpass. Best regards OLLI
  25. 3 points
    I'll just bring this up again... Enpass sadly lost it's ability for full-time Windows Hello support with v6. I would really like you bringing this back asap for devices with TPM since it was very convenient. I hope there is no technical limitation because it's now a bridged Win32 app.
  26. 3 points
    Hi, Many apologies for the trouble. We are aware of some issues with the macOS 10.14.4 at the moment. The problem has been identified, and we are working on getting everything back up and running again normally ASAP. We appreciate your patience.
  27. 3 points
  28. 3 points
    Hey guys, The portable version of Enpass is already in the QA phase and we will try to push an update soon. Till then we request you to please co-operate with us.
  29. 3 points
    I've changed about 70 login passwords for services and websites. One thing I noticed: most of them do not say "you must not use THESE characters" when creating a password, but they say "allowed characters", especially in regard to special characters. So I had to fumble quite a bit to enter all special characters to create a password meeting the ever-changing requirements of the websites/services . So, it really would come in handy, if in password options, the option would be "allowed characters" instead of "do not use the following characters" - or we have a choice of both options. So, we could just copy and paste the "allowed characters" description from the website and make it easy to create a password for the websites/services requirements.
  30. 3 points
    I've been following Enpass for a while but have never seen a need to comment on the forum since I was waiting for a security audit before purchasing. I work in this area and I want to clarify a few things on here: First of all, the disclaimer "It is important to note that because of the time constrains naturally involved during a Penetration Test exercise this project should not be considered a full security audit", is standard. You're unlikely to going to find someone who is going to declare something secure and take ownership of any vulnerabilities that are found. By their nature any audits are going to be limited in time and have disclaimers. A two week audit by two people is quite expensive but is still best effort. Windows was audited for years by a multitude of people before being released, yet they still had a bunch of vulnerabilities. That being said, from my experience a two person two-week audit is probably enough for a smaller project like this if you exclude the open source software that it uses - and given the concerns people have being due to the software being closed source, that's probably fair. There's no point in spending two weeks auditing SQLCipher when people are worried about Enpass itself. Now I do have some concerns with respect to the audit. There seems to be very little information about what they tested - if anything - other than trying to extract the master password in a variety of ways. Did they look for potential memory corruption vulnerabilities? Did they test the "password sharing" feature that is new and is an obvious point of attack. Did they test the browser plugins, which are another possible attack vector? They mention looking at restoring databases, that's definitely an area of attack: say you store a less important database in the cloud, could it be used to compromise the application when it opens this database (possibly this vecotr only affects SQLCipher so it may have been out of scope)? Did they consider these attack vectors or were they only looking for master password issues? From their summary and methodology it seems that they would have, but there is too little information on this. Another concern that I have with the audit is the following: How much time was wasted reverse engineering Enpass v 5.6.9 before the source code was provided for 6? This is less of a concern for Android since Java applications are easily reversible, but they were still looking at older code at the time. How quickly did they get access to the Windows source code? There's a big difference between a one-week source code assessment and a two-week source code assessment. Someone mentioned PCI on this forum, that is only done for payment processing (you can tell by the name Payment Card Industry Data Security Standard). As far as I can tell Enpass does not take payments, they only allow purchases via app stores, thus have no need for PCI. In general PCI is a checklist for minimum standards: do you have a firewall, do you encrypt payment card data at rest and in transmission, etc. That checklist is then verified by an auditor, but it's meant to satisfy the payment processors and says nothing about the security of the software that Sinew produces. That being said, I want to applaud Enpass for making the full report accessible, very few companies would provide the report to their customers in full and would simply say "we've been audited by X".
  31. 3 points
    Hey guys, Thanks for your suggestion. I have noted it down and it will be available with the future version of Enpass. Thanks!
  32. 3 points
    In the new Enpass (6.0.0) for Windows, search is no longer universal--I can't just search for a field or password. Now we have to manually select "Title", "Field", or "Passwords" before searching. Why has the useful functionality of universal search been downgraded? By the way, I have "Search in all items" checked in settings, but that doesn't seem to change anything.
  33. 3 points
    Hey @Kölle We have improved this behavior and fix will be available in the next update. Thanks!
  34. 3 points
    Hey guys, Thanks for your feedback. It's already in our roadmap and will be available with the subsequent update. Cheers!
  35. 3 points
    Go to the downloads page. Near the bottom in smaller type find the link in the line, Looking for an older version of Enpass? Get it from here. That will take you to instructions for downloading the last working version 5.x.x application and extensions. NOTE: you need to follow instructions carefully for the Chrome extension install. And in Firefox you have to, on the "Add-ons Manager" tab (from the "Tools->Add-ons" menu) click on Enpass, and in the resulting pane disable auto-update or it will put you right back at version 6 for the extension. Note also, there appears no way to downgrade the extension in Edge since it relies on Microsoft Store, just one more indication that Sinew Software should withdraw version 6, including extensions available in various vendors app stores. BTW, the Enpass 6 data file is not backward compatible with Enpass 5 and I know of no conversion tool to make it so. However, one thing Enpass 6 appears to have gotten right is that it renamed your last Enpass 5 file "walletx.db.backup" when it replaced it with the "vault.enpassdb" file buried deeper in your Enpass documents folder.
  36. 3 points
    I purchased Enpass UWP with a "lifetime license" so I could use Windows Hello and sync with Windows Mobil. The "lifetime license" lasted 23 months . . . Enpass encouraged me to switch to the bridged version as an interim before Enpass 6 was released. I did . . . Enpass promised me as a former Enpass UWP user that I would not be disappointed when Enpass 6 was released and replaced the bridged version. I believed Enpass . . . Now Enpass 6 has replaced all previous versions of Enpass I installed from the Microsoft Store. Result: I no longer have access to Windows Hello which I had previously paid for in the UWP version without paying again for "premium" features. I can no longer sync with the Enpass UWP version on my Windows Mobil device. Conclusion: The very reasons I paid $10 for the UWP version have now been made void in the update to Enpass 6. Enpass, you did not keep your promise. I am disappointed. I no longer trust you.
  37. 3 points
    I'd really like to see a right-click cut/copy/paste menu in desktop Windows V6. I can kludge it with keyboard shortcuts (ctrl-V, etc.) but someone was asleep at the wheel there. Also, the search function in desktop V6 doesn't search within an entry- it only searches titles, meaning the mobile apps actually have more functionality. Lastly, for those of us with Windows Mobile devices now stuck on v5.x forever, I really wish the V6 updates warned us that V6 and V5 were incompatible. I only discovered that after updating a half dozen Android and iOS devices that are difficult to roll back. Now I can no longer use Enpass on my Windows Mobile devices, and because of this, I'm contemplating switching to a different password manager unless you introduce a legacy compatibility mode that allows V6 to read/write V5 wallets. I really, really regret the V6 upgrade, and would have set up all of my devices *not* to autoupdate if I had known.
  38. 3 points
    I've grown more and more frustrated and disappointed with the Enpass team's cherry-picking only questions they want to answer in the beta threads on these forums, and ignoring real concerns, usability issues and bugs. Now a production release has been announced, and there are a TON of problems that have gone ignored. A week ago I paid for the premium version of Enpass in good faith, on the assumption that the team would fix all these problems before releasing the app publicly, but instead they've released a buggy, incomplete product and have thus far largely ignored all of the following issues, and in some cases removed features instead of fixing them. - Beta 279 and the production release no longer have the favicon-fetching feature. The original version of this feature was passable. The updated version in build 250 was terrible, and after the problems with this feature were pointed out, the Enpass team stopped replying to questions about it, and removed the feature completely without bothering to explain. Other password managers don't have any problems with their favicon feature, so what's the hang-up here? - Not having the favicon feature might not be so bad if the Custom Icon feature wasn't even worse. Despite a lot of great feedback early in the beta process about bugs and missing functionality in this feature, the Enpass team has apparently ignored all these issued, since the production release doesn't address any of them, including the next three bullet points below. - The custom icon feature can't properly scale images at all. This was reported months ago, and it should be a pretty easy problem to fix. And yet, only images exactly 200x200 will display correctly as icons in Enpass. - No. 3 might not be so bad, except that Enpass doesn't bother to tell the user that Custom Icons must be 200x200. Why not at least do this, as I suggested on 2018-12-09? This would take literally 10 seconds of coding. - Worse yet, it's impossible to remove icons from the Custom Icons gallery. So after you've tried several icon sizes before discovering the 200x200 restriction, you're stuck with those failed icons forever. Why isn't there a right-click > Remove? - Full-window version of Enpass doesn't remember its position on screen (originally reported 2018-12-05) Park your Dock on the right edge of the screen instead of the bottom Launch main window Hold down OPT while clicking the green "full screen" button in the red-yellow-green buttons across the top of the window (this make the window take up the whole screen, except for the Menu Bar and Dock) Quit Enpass Relaunch Enpass RESULT: Window is the correct size but it's moved to the right by 30-40px, so it's centered on the screen, which means it's partially underneath the right-edge-anchored Dock (This did not happen in build 220.) - In Menu Bar UI (Enpass Assistant), mousing over sidebar icons (Home, Favorites, etc.) does not show what they do. Only clicking on them displays the description pop-over... - After opening the Menu Bar UI, the only way to close it is to click somewhere else on the screen or use the ESC key (reported in the very first beta forum) Standard UX for Menu Bar items is that you should be able to close them via clicking the Menu Bar icon again - CMD+E from Enpass Assistant no longer launches main-window Enpass (reported in the very first beta forum) You now have to click the "hamburger" menu in the lower left corner of the dropdown This was a feature in Enpass 5 that has been removed from Enpass 6 There is now no way to open the full Enpass window with a keyboard shortcut - The system-wide hotkey for Enpass Assistant is not adequately customizable (this was reported a couple months ago) The user should be able to chose the entire key combination, like every app that allow the creation of custom universal keyboard shortcuts. Plus, CMD+OPT+[key] is a very common combination within other apps, so it's very likely that forcing Enpass users to use CMD+OPT+[key] will cause a conflict in other apps. Example: In Photoshop (at least in an older version I have), CMD+OPT+E is used to merge layers, so I can't use the intuitive CMD+OPT+E (for Enpass) as my shortcut. - The universal keyboard shortcut opens the mini-window in the center of the screen It should open anchored to the Menu Bar icon, just like it does when you click the Menu Bar icon - When in the main window, if you CMD+H to hide, it closes the window instead of just hiding it (reported months ago) This means you have to go back to the Menu Bar, open the mini-window, re-select the Menu button, and choose Open Enpass again to get back to the main window. I'm glad CMD+W was fixed, but CMD+W and CMD+H are not meant to do the same thing. THIS IS A MAJOR BUG AND COUNTER TO HOW THE HIDE FEATURE WORKS FOR LITERALLY EVERY OTHER MAC APP - In the sidebar, if you hide Categories or Tags, when you reveal them again, the item counts are missing - It's possible to create your own Categories, but it's a HUGE hassle to use them because templates aren't universal Every time you create your own category, it's impossible to then create any items within because there are no templates for the category. Templates should be universal — or at least you should be able to start with the universal list of templates and rule OUT templates that don't belong in your new category. Plus, having to duplicate templates for a new category just creates clutter. - When creating a new item from your own custom template, the Add Title field should be blank, not already filled in with the name you gave the template I've created my own template called "(basic)" that I use for everything, but whenever I create a new item with that template, the Add Title field isn't blank. Instead it says "(basic)" and I have to click in that field and replace that text (FYI, Anshu kumar said on 2018-10-11 that this would be fixed in the next build) - Duplicate Item needs to be part of the contextual menu when you right-click on an item in the Items pane I know this can be found in the three-dots menu of the Item Details panel, but that's not as intuitive as right-clicking on the item you want to copy - Tag fields do not recognize and offer to auto-fill existing tags (reported in the first beta forum) The upshot here is that users have to perfectly memorize every tag they've ever created: If you've previously created a tag called "Shopping," then you're adding tags to an item and you type in just "Sho" Enpass should know and start to auto-fill "Shopping" THIS IS A MAJOR PROBLEM: If tags don't offer to up existing tags, you can easily end up with Shop and Shopping, Bills and Billing, Med and Medical, etc. - It's impossible to scroll the sidebar when in Edit Item mode When in the Edit Item screen, everything else is grayed out and cannot be scrolled This means if you need to see all your tags in the sidebar so you can type in the right ones for your new item, you have to remember to scroll down the sidebar before you start creating or editing an Item This goes hand-in-hand with the Tag fields not offering auto-fill, because if you can't scroll the sidebar to see the names of all your tag, and there's no auto-fill for this field, you have to have every one of your tags perfectly memorized in order to add them to any new Item - In Edit Mode, when scrolling through an Item that has a lot of data (i.e., there's a lot to scroll through), scrolling doesn't work properly unless you click and drag the scroll bar When two-finger scrolling on a trackpad, the panel "bounces" back to the top as your scroll. (See this screen recording — in the first half, I'm trying to two-finger scroll down (and failing), then I click and drag the scroll bar to actually get to the bottom, then I try to two-finger scroll back up (and fail that too). - When adding tags to an Item, hitting [Tab] creates a new Tag field (so you can add additional tags), but does not select that new field If you hit [Enter] between tags, a new tag field is created and selected, so you can just type your new tag But if you hit [Tab] between tags, a new field is created but not selected, so you then have to physically click that new field to type your next tag - "Add to Vault" in the right-click menu and Item menu should be available even when in All Vaults It's not that intuitive to have to remember to go to the individual vault where that items lives in order to take this action (although I do understand the logic and that this may not be an easy thing to change) - In the Vault Settings > Change Master Password field, it's not possible to move the cursor at all, either by clicking or by the arrow keys If you make a mistake in the password you're changing, the only way you can edit is by backspacing. UNACKNOWLEDGED FEATURE REQUESTS - Ability to choose your own Default template I have my own template I use for everything, the upshot of which is that it's impossible for me to use the Autosave feature in Enpass Assistant because it cannot use my template. So I'm stuck manually creating new entries for every site and service. - Ability to delete templates There are dozens of templates I will literally never use. They get in the way of quickly accessing my custom templates - When the browser extension offers to save login information on a new site, which template is used by default should be up to the user Enpass Assistant offering to save new logins is useless if the automatically-created item is in the wrong template QUESTIONS THAT WERE NEVER ANSWERED - We were told Enpass 6 was supposed to include the ability to choose the location in your cloud service where Enpass would store its walletx — but that does not appear to be the case. How do I do this? - And where is the backup stored by default? Vault Settings shows "Last Synchronized 4 minutes ago" but Google Drive > Enpass > sync_default.walletx is 4 months old. Another vault syncing to a different Google Drive account doesn't have an Enpass folder at all. AND OF COURSE... - We were told that UI would be made more Mac-like and more user-friendly, but it never was... Broadly, the design of the app is too much like mobile for a desktop UI. Example: navigating the settings is a hassle. There's too much nesting of sub-sections. If the settings opened in their own window (like Enpass 5), they could be much more quickly navigated. Also, there are parts of the UI from which its impossible to reach the settings directly. For example, if you're in the Add Item sidebar, CMD+[comma] does not bring up the settings. Having the "edit" icon (pencil) in the middle of the header is counter-intuitive. It should be on the "card" along with "favorite" and "more." Editing any given Item should take place in the same part of the screen as viewing the item. Having a separate Edit UI roll out from the right is problematic because it becomes impossible to interact at all with the rest of the app. (As mentioned above, while editing it's impossible to scroll the sidebar to see your tags) In the sidebar, if you mouseover the Categories header, you get a "..." that brings up an "Edit Categories," but if you mouseover the Tags header, you get a "+" that brings up an "Add tag" overlay. Instead Settings > Customize should include a Tags area where you can add, edit, hide, and delete tags — and the sidebar's Tags header should behave the same way as the Categories header. UI consistency.
  39. 3 points
    Same here. I need the Enpass sync on Windows Mobile. Otherwise it is totally useless and I have thow the money for the Win Mobile license and Enpass 6 premium out of the window.
  40. 3 points
    I am baffled by the discussions above on free Vs paid features. I was glad to pay for the Windows Hello integration and the templates. It is a one time charge of 6 USD. Almost all the other services are subscription and require much more than the 6 USD per year. For me, Enpass provides the best solution both technically and financially. Thanks
  41. 3 points
    OK, I discovered that this apparently impacts everyone - and might even be by design. That is NOT GOOD. Please change this behavior asap. Because right now, I need to get my Android Enpass to get my Enpass Master Password to get my Windows Enpass EVERY TIME I restart my PC. That can't be intentional, can it?
  42. 3 points
    If Windows Hello is enabled, please use Hello as the default authentication method. Currently, I need to tap the little face icon first - one step too many. Thanks!
  43. 3 points
    Sorry, but this is utter BS. Blaming Microsoft for being "limited by technology and restrictions" is a pretty bad excuse for screwing over your valued customers, who have paid for the now worthless lifetime license. YOU chose to create a new product, not Microsoft. You could have easily kept the app on the UWP platform and update 5.x to 6.x without making your customers pay again. But no, YOU chose to create version 6.0 with a different underlying platform, so of course it's considered a new/different product. Regardless, you could have worked out something to let users upgrade for free, but again YOU chose this path deliberately in order to create a new stream of revenue. I'd be totally fine paying for an upgrade hadn't you advertised and sold the previous version with a "lifetime license". The current situation is simply NOT ACCEPTABLE and should be considered SCAM.
  44. 3 points
    Hello, I have been using enpass for a long time and paid for the full ios/android clients. Since upgrade to 6 I miss a portable version which I can use on me business notebook on which I do not have the rights to install software. I have all my passwords in enpass so a portable version ist mandatory for me, otherwise I can not access my passwords on my company notebook. Will there be a portable version soon ? If no portable version will be available, I have to say goodbye to enpass. Thank you
  45. 3 points
    Who thinks of such things? Making people pay for their old experience? Ransom is the absolute correct word here. I have recommended Enpass A LOT in the past. Almost as if I'm getting paid for recommendations. But it's business models like this that make me stop recommending and using software. I have ditched 1Password for their subscription and account-model. I am seriously thinking of doing the same with Enoass. This is not about the price. It's about principle! If I would get the absolute best experience overall, I MAY purchase the premium package. I don't know about the Windows-version of EP6, but on Mac I have a for worse experience than before. A lot of this has been pointed out by a lot of users during beta-phase. Some was "acknowledged", nothing of that has been changed. Most has been ignored.
  46. 3 points
    If you had trouble updating the Enpass version from 5.6 to 6.0, follow these steps. Download version 5.6, if you do not have the installer, in this link (Softpedia). Synchronize with your previous backup in Dropbox, Google Drive or another Cloud. Click File, and then click Backup. Save the file in a safe place (remember the place). Close the old Enpass 5.6. Open the new Enpass 6. Click on Import Backup Locate the backup made in Enpass 5.6 Type Master Password and enjoy it!
  47. 3 points
    Would like to see native cli access for Enpass on Linux and macOS. Opening an application, searching for content and copy it takes too much time instead of: (ep alias enpass): $> ep get $foo
  48. 3 points
    Hi @KMTSTUDIO, Please quit app from main menu (hamburger menu from right) and start again. It should work.
  49. 3 points
    Firstly I love the new look and the new features but like @chribonn I can't use vaults for my use case; from a business perspective, I would like to make a vault for each client; unfortunately, I don't have 30 or so Google accounts to hand. I can understand that the vault name could change and so runs the risk of messing up the sync, perhaps just letting us choose where the file gets stored would work, that way we could just create subdirectories for each vault. Please add multiple vaults to sync with a single account.
  50. 3 points
    Good Morning everyone Almost four months without any update on this thread. So whats the status about the Security Audit? Cheers SwissIndoor
  • Create New...