Jump to content


Popular Content

Showing content with the highest reputation since 01/16/2019 in all areas

  1. 5 points
    Unfortunately the new enpass version brings multiple annoyances, reduced efficiency, and a complete disregard to GUI design rules. The interface is counter intuitive and counter productive. There is no consistency throughout the experience, and my actual work process became much slower, either trying to find the required functionality, or waiting for enpass to perform its tasks. To open the enpass windows app, you have to click on the taskbar icon, click the 3 lines menu, and select open enpass. In the previous version it was a simple double-click on the taskbar icon. When searching for credentials in the enpass windows app, there's a delay of at least 4 seconds before the enpass application responds to any input. After a computer restart I have to wait for at least 10 seconds for the chrome plugin, while it searches for the windows application. In the previous version it was an instant password prompt. There are multiple other minor annoyances which when put together, significantly affect my efficiency when looking for passwords. And even though I paid for the iOS app, today I started searching for a new password manager software. It's a shame really because enpass was amazingly good before this "upgrade". Approving this "upgrade" for public release was not a very good decision. Please take this as constructive feedback, since I'm a fan of enpass and I would love it to succeed. This new version though was a bad decision.
  2. 3 points
    Hello, I upgraded to 6.0 today and was really looking forward to the vault feature in the hope that one vault would be shared while the other would not. My setup consists of 3 windows devices and 2 android devices (each with their own PRO licence). I managed to generate the new vault but when I come to tell it to sync to the same google drive location I get an error telling me that this is not possible. In my opinion the name of the first vault was system generated while 2nd vault onward require a name. Can't this name be used to generate a unique file name? Thanks and Regards,
  3. 3 points
    I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot!
  4. 3 points
    There are too many universally experienced bugs for a small support / development team to chase in an organized fashion that will not result in a much degraded product that will be much harder to maintain and upgrade going forward. Many of the bugs create security issues (e.g. the failure of Enpass browser extensions to block access to web login sites until the Enpass master password is entered, then subsequent failure to load the info from the vault for the page with the login controls (UID, password). A number of bugs impact stored data integrity and reliability. E.g., browser extensions seem to "forget" Enpass has been installed and working fine in with a particular "Master Password" in the past, and reports it has not completed set-up, needs a master password to be created, or previous data restored. However, despite selecting auto-backup creation in version 6, no backups get created, and attempts to restore from the local computer lead to a Google login page. (?!?) Further, the database form, format and location used to store the "vault" has changed from v 5 so that the process of "rolling back" will be tedious with many manual actions required by the user while understanding it is highly likely that v5 will not be able to use a v6 vault for its data. Version 6 install / uninstall make a mess of the Windows registry leaving multiple entries with duplicate information that is incorrect. For example, after installing v 6.0.2 the registry contains no entries referencing this version but does have entries referencing the previously installed 6.0.1 (239) referenced as There are multiple keys in HKCR that contain the exact same info. HKCR\.enpass_card should reference one of the subsequent classes in HKCR from its "OpenWithProgids" key, but there are at least EIGHT OTHER Progids in HKCR all for same "@{SinewSoftwareSystems.EnpassPasswordManager_6.1.239.0_x86__fwdy0m65qb6h2?ms-resource:...". Thus the uninstaller needs to be fixed so that it cleans up all the entries it leaves behind when the software is uninstalled since this splattering of multiple keys with duplicate data may be at the source of some worsening issues each time a new v6 install / uninstall / re-install is attempted. Although I haven't attempted it, I believe this shotgun blast of Enpass version 6 registry entries left behind after its uninstall will make a rollback to version 5 problematic especially for Windows users not versed in registry editing and the subtleties of changes in Enpass database form, format and location. For these reasons the Enpass development team needs to withdraw all version 6 releases and provide A FULLY TESTED UTILITY TO COMPLETELY REMOVE TRACES OF VERSION 6 FROM THE REGISTRY / SYSTEM FILE STORES, AND CONVERT THE V 6 DATABASE BACK TO A VERSION 5 COMPATIBLE "WALLET" SO USER CAN THEN SUCCESSFULLY RE-INSTALL AND OPERATE WITH VERSION 5. This will then give the developers and Enpas QC engineers time to re-engineer v6 from top to bottom with REAL unit testing AND REAL THOROUGH in-house use case testing BEFORE releasing to beta testing or the "stable release" channel.
  5. 3 points
    Hey @Kölle We have improved this behavior and fix will be available in the next update. Thanks!
  6. 3 points
    Hey guys, Thanks for your feedback. It's already in our roadmap and will be available with the subsequent update. Cheers!
  7. 3 points
    As a former software engineer, technical lead and software architect for major aerospace software systems, I know a thing or two about what happens when proper design, development test and release procedures get short-cutted and this appears to be what happened here. The result is a product which can either go forward with lots of band-aids, bailing wire and spit holding it together (making maintenance a nightmare with limited reliability and success) OR a product that can be withdraw, reworked without the pressure of dealing with multiple daily reports of wide-ranging and serious bugs. I am attempting to be constructive based on my experience with software development in both types of environments - when development followed a sound set procedure through the process from design to release, and when shortcuts were taken to satisfy political, management, or marketing desires. I'm merely asking Sinew Software to withdraw a release that was clearly "not ready for prime time", and redo the effort properly with the technical process, issues and progress dictating release schedules rather than whatever pushed this one out the door before it was finished. Other major software development organizations have done this in the past, and users who see a company ready to admit a mistake then take proper action to fix it generally end up with higher regard and satisfaction with the developer than for those developers who "press on" with a bug-laden product, trying to pretend all is copacetic. In the end, the latter decision hurts the bottom line and ends up defeating whatever management / marketing decision drove the "pre-mature" release. I have downgraded to version 5, turned off auto-update for the extensions in the various browser that allow that, instead of having purchased the prime option on v 6 which was my intention though I did not need the features, but more as a reward for a an application and browser extensions I used and found perfectly met my need. But now, unless they take the proper action to fix ALL the issues in version 6 (withdraw, re-work, re-release being the proper way instead of endless little ad-hoc patches), I will be done with any / all products related to Sinew Software an use one of the password managers built into my internet security suites or available from another vendor at a reasonable price.
  8. 2 points
    When configuring Enpass to automatically start on login, the Enpass main window is visible. Is there any way to start Enpass just showing the tray icon without showing the main window? I'm using Enpass 6.0.1 on Ubuntu 18.10 with KDE.
  9. 2 points
    I'm going to repeat myself but please support yubikey feature. IT's pretty simple, yubikco is giving all the API we need to do this: We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager. We should never pretend to know better since there are always better version of ourselves and in this case it's also true. If theoreticians of security and cryptology use it then we should too. simple as that.
  10. 2 points
    Steam implements TOTP with a different alphabet. The basic algorithm seems to be the same as usual TOTP, but the representation of the token is different. An example implementation can be found here: https://gist.github.com/mooop12/1af7f0ffc8f28ea76f27abcba1e6da01 It would be cool if Enpass added support for these token types (maybe even as part of Enpass 6? :-) ) To not clutter the UI, maybe you could take the road of Bitwarden which uses a URL scheme to support different token types (no schema = default TOTP token, special token however could be steam://xyz123abc456).
  11. 2 points
    Hello, in Enpass I have created an Identity and also filled many fields. But some fields can not be filled when I select the identity. Suggestion: A very comfortable way would be to right-click in a form field and select "Enpass -> Fill Identity -> " and here a sub-menu with all fields of the identity are shown. So I can for example select “Enpass -> Fill Identity -> Street” and Enpass fills in the street that is stored at the identity. Best regards OLLI
  12. 2 points
    Thanks for the input @OLLI_S. I have noted it down and forwarded to the concerned desk for further consideration. Cheers!
  13. 2 points
    Hey @OLLI_S, Thanks for writing in. You can check the release notes for each platform from our download page. Cheers!
  14. 2 points
    +1 Please add a portable version of Enpass 6!
  15. 2 points
    My personal criticism: No password history Paid Windows Store version need to be paid again to get "Premium" Folders are gone Missing CSV export Search doesn't seem to work on all fields I don't like the new UX of the Windows desktop app... Sadly after 4 years (I started using Enpass on march 2015) and two paid Enpass versions (Windows Store + Android) it's time to search for a new password manager...
  16. 2 points
    Bitwarden, pretty easy to set up the self hosted server and it has all the desktop/mobile/browser apps + the code is also available on Github. I really liked Enpass, but the v6 ruined it for me. It's not trustworthy anymore.
  17. 2 points
    v6 enpass Android webdav sync error code 908401. enpass windwos webdav sync error code 908409. I sent a feedback email 7 days ago, I've been waiting too long.
  18. 2 points
    I'd really like to see a right-click cut/copy/paste menu in desktop Windows V6. I can kludge it with keyboard shortcuts (ctrl-V, etc.) but someone was asleep at the wheel there. Also, the search function in desktop V6 doesn't search within an entry- it only searches titles, meaning the mobile apps actually have more functionality. Lastly, for those of us with Windows Mobile devices now stuck on v5.x forever, I really wish the V6 updates warned us that V6 and V5 were incompatible. I only discovered that after updating a half dozen Android and iOS devices that are difficult to roll back. Now I can no longer use Enpass on my Windows Mobile devices, and because of this, I'm contemplating switching to a different password manager unless you introduce a legacy compatibility mode that allows V6 to read/write V5 wallets. I really, really regret the V6 upgrade, and would have set up all of my devices *not* to autoupdate if I had known.
  19. 2 points
    This entropy measure assumes that attacker knows I'm using a diceware password (which now thanks to this forum everyone knows that I do). But if you didn't know that i use diceware, throwing random numbers at random locations significantly improves the entropy. Do the math. Finally, it is pretty silly to have a feature that says "digits" in a password generation tool which only inserts one digit at the end of the password. Why include that feature to begin with? It does not hurt to include more random digits (we agree about that), and your only argument is that adding more digits does not improve entropy "too much" (we disagree about that). Unless you can quantify the cost vs benefit in adding digits at random locations in a pronounceable password, then at this point I see Enpass as being nothing but mule stubborn about this. So either remove this half-arsed feature, or add it properly. Z
  20. 2 points
    Hi @Vinod Kumar, Although what you described about sharing vaults with other people totally makes sense, the use case described first by @chribonn and confirmed by @Toby Osborne and @rgsiiiya is quite different! Specifically, it's about syncing several my own vaults using one my own cloud account. To make a dramatic comparison, imagine that you were allowed to have just one google docs document per google drive account. That would be outstandingly inconvenient. But this is exactly what Enpass 6 does! Sharing vaults and having multiple vaults are orthogonal features. I hope you will sort things out at some point. Thank you.
  21. 2 points
    Firstly I love the new look and the new features but like @chribonn I can't use vaults for my use case; from a business perspective, I would like to make a vault for each client; unfortunately, I don't have 30 or so Google accounts to hand. I can understand that the vault name could change and so runs the risk of messing up the sync, perhaps just letting us choose where the file gets stored would work, that way we could just create subdirectories for each vault. Please add multiple vaults to sync with a single account.
  22. 1 point
    After experiencing the Enpass 6.0 upgrade I am out. I already owned B-Folders and it meets my needs for password management. Why I am gone for good: 1) Enpass has always been slow. Slow to load and slow to search, especially on Android. 2) Enpass 6.0 on Linux was a disaster. It is obvious that you don't test on very many Distros. In fact your testing process is severely lacking. 3) You screwed up the search by introducing the different elements to search. You can't search on more than one, and the selection is not "sticky" on Android, so you must always select Fields before you search. I haven't seen many people complaining about this, but it is a big step backwards. 4) The desktop UI looks like a mobile app and is poorly laid out. Edit icon is in the wrong place. Duplicate is buried in some dot dot dot menu where it used to be a right-click away. Why would you take features away that were excellent and make the application ugly? The desktop can do more, so the app should take advantage of that. 5) I'm not sure what Enpass is written in, but it is huge, a memory hog, and slow. Have some pride in your work and write some efficient code. If you keep releasing upgrades that are as poorly tested and buggy as this one, you are going to drive customers away. I can see the review ratings dropping now. Do NOT be a company that shoves the product out the door prematurely and then slowly fixes things, using the customers as beta testers.When Enpass came out it had an unbeatable set of features and wide multi-platform support, which is why I bought it. It still has that advantage, but you screwed me on the 6.0 upgrade and I am not coming back.
  23. 1 point
    *sigh* You could have warned that upgrading to Enpass 6 would not be supported with the portable version. Now I have 2 separate vaults, one for v5 and one for v6, that are out of sync, and no news when the portable version will be up to speed. Poor execution.
  24. 1 point
    Hi @Klaas Vaak, By default Enpass stores its data under /home/<your-username>/Documents/Enpass folder. Thanks.
  25. 1 point
    Good Morning, I have been using EnPass for a while as my primary password manager and love it. One feature that I would really love to see is a way for EnPass to authenticate me to SSH servers