Leaderboard

Passkeys are foreseen as the future and are meant to end passwords as we know them. Still, they have one major pitfall: cross platform sync. I strongly believe that Enpass should hop on this train and support it asap. Other big names are already hopping in (Passkeys: the future of authentication in 1Password, Passkeys in Dashlane – Dashlane, https://www.reddit.com/r/Bitwarden/comments/xpywl7/comment/iq6lrq2/?utm_source=share&utm_medium=web2x&context=3) and it will be a key differentiator. It does not look good, because Webauthn - one of the foundations of passkeys is (was?) not on the roadmap: Support WebAuthn - Feature requests - Enpass Discussion Forum

Hi @all Our team was successfully able to replicate the glitch due to which this issue is occurring and they are now working on a fix which will be implemented soon in the upcoming version of the app. We appreciate your patience and cooperation while we work on fixing this bug.

Hi @Noah Williams Thank you for sharing your thoughts on the possibility of Enpass supporting PassKey, which is gaining popularity across different platforms. As an FIDO Alliance member, we are dedicated to providing a secure solution for managing passwords, and our team is already aware of the request for this feature, rest assured, Enpass will provide support for PassKeys soon. We also agree with you that supporting a PassKey, will be a logical step for Enpass, given our core focus on providing a secure, cross-platform tool for syncing encrypted vaults. Once again, we thank you for your valuable feedback and for choosing Enpass as your preferred password manager.

If anyone missed this news on Enpass blog - there is another great step announced - full passkeys support on Android! https://www.enpass.io/blog/security/enpass-for-android-now-supports-managing-passkeys/ Since I use iOS for mobile Enpass (which also supports passkeys sync for a few weeks) now the best news for me is: "Enpass for desktop computers already syncs passkeys created on mobile, and will support passkey creation and login within a few weeks." I can't wait to have this functionality too! Great work Enpass Team! Thank you!

Let me say that most of us are quite happy with a working solution that's being maintained. The notion that good things need constant changes is idiotic. What's important are bug fixes and adaption to OS and browser changes. No one needs re-designs which tend to make everything worse and forces the user to change his way of using the app. 1Password might be getting more upgrades but requires a subscription. I'd rather pay just once and use the features I get until I might decide to pay for some upgrade, instead of constant feature creep where most of those features are useless. If this is what suits you better, just do it, instead of coming here to demand Enpass becomming more like it. I switched three years ago and did not regret it. Sadly the thing about bugs and support is true. If something is broken, expect it to stay broken for a loooong time. I experienced this with iCloud sync and WebDAV if the URL contains whitespace, so I'm currently using Google Drive to sync. On the other hand I didn't have to pay another cent in three years, which is totally worth it. But I've also seen bugs being fixed, like the problem where changed passwords could be overwritten with old ones when the item was used on another device before the sync finished. Sure I wish that more bugs were fixed and would be more than happy to pay for an upgrade if it included things like PassKey support, but I don't need constant updates just so see something change. There is no reason to asume anything like that. It has been audited at least once, and if you don't do fundamental changes to the way synchronization and encryption works, that won't change. Fixing bugs and adding features to the GUI won't affect that.

Hi @all A fix has just been released under the new stable Enpass v6.9.3(iOS) which addresses this issue. Please do try updating the app and share your feedback.

I don't think this will be implemented any sooner. Because people have been requesting many useful major features but i have never seen them being implemented. Development in enpass is very very slow. No new features but few bug fixes in every update. I just hope they will listen to us and implement because if they don't it's gonna bad and people will move to other better available options. We love enpass but when it comes to lack of features it hurts us as i have been using almost every available password manager i can see not every password manager is perfect but that's why we are here in first place to suggest and help enpass to become better than all others. I just hope it happens sooner or enpass will lose it's customers.

Wdym? Like OTP, that’s already a feature for a long time…

That worked. Thank you.

We have just released the fix for the repeated issue in our latest update under Windows Version 6.10.1 (1655) and macOS Version 6.10.1 (1655). Requesting you to please try the above build via the link below and do forward your feedback: https://www.enpass.io/beta/ Feel free to provide any additional feedback. We appreciate your cooperation.

Have you tried disabling verified code signature check in Enpass itself for its extensions?

While that would definitely be handy, macOS does not yet have the ability to allow third party apps to integrate with the existing password filling function for apps. Enpass would have to write their own separate mechanism to allow for password filling in apps. Hopefully Apple will add support for this in a future OS, because it would make this much easier to implement and use.

Thank you for providing this feedback, and I have forwarded your request to our development team for consideration. If there are any updates on this matter, I will be sure to keep you informed. #SI-3663

We appreciate your suggestion on the USB security key support. This is already in our pipeline and have planned to introduce it support near end of this year. Thanks! jjsploit.click indigocard activate

Thank you very much for the fast feedback (here and also at my support ticket). I hope it will be fixes very fast because it's really a annoying bug.

Hi @MrElectrifyer@david Upon a thorough discussion and investigation, we were able to reproduce the bug. Our development team is now working on fixing it as a priority, and a patch addressing this issue will be released soon. We appreciate your kind patience and cooperation in the interim.

I'm still not totally clear on where passkeys sent to Enpass get stored. I'm assuming it's one of: Are these passkeys stored within your vault, as synced to the cloud location of your choice? - this seems safest and most aligned with Enpass' whole purpose of being a private cloud security option Are they stored within Enpass' own servers? - this seems unaligned with Enpass and I wouldn't be comfortable with this Are they stored only locally on the device you used to create them? - this seems unlikely, as there's too much reliance on a single device, which could get lost any time and lock you out of the account indefinitely.

This is being ignored now since more than 4 years. Any update? Do you have any plans to respect this feedback?

Man, that looks very promissing! I've been hesitant of trusting Passkeys as it wasn't clear where exactly they're being stored on my device and who/what has access to them. with it being part of my offline Enpass vault, I'd most certainly love to take advantage of the added convenience, and really can't wait to see how it gets implemented in Enpass for Windows. Only suggestion I'd have is ability to update our currently saved account credentials with a "Passkey" attachment/section, similar to how we currently can save our 2FA Codes in Enpass under the same credential entry, instead of it saving as a completely separate credential entry. That will really aid in keeping them well organized and keeping track of which accounts support/have Passkeys. Can't wait to see it on Windows :D

Hi @paulsiu To activate passkeys on your iOS device for Enpass, please refer to the below steps - The latest version of Enpass must be installed with iOS ver 17 and autofill with Enpass must also be enabled. Open the particular websites ( which supports passkey )and login with username and password . Go to settings page -> Navigate to login method -> Add passkey. Now Enpass will prompt to save the save passkey. Follow the screen instructions. For a visual guide on how to add a passkey in the iOS version of the app, I recommend checking out this blog, as it includes a helpful video that can assist you in this scenario.

I'm getting this too right now. Guess what - I'm on a plane, on a 14h international flight, and paid for in-flight Wifi, which obvsiouly has strong security measures and sniffers, as expected! According to the Enpass reps in this thread, I should go to the cockpit and ask the pilot to kindly switch off their network security measures. Brilliant! That's not acceptable, and I'm perplexed at the replies from Enpass in this thread. Also unacceptable is the fact that a software which is advertized to work offline (as a big plus to differentiate it from the competition) now refuses to let me access my passwords because it decided to call home and considered it's better to shut down entirely and lock me out ... after paying for a license. This isn't just unreliable, it's downright scary, and in this particular case absolutely detrimental. I guess it's my fault for using and trusting closed source software for mission critical activity. Seems like it's time to finally switch away from Enpass. Enpass -- you should absolutely rethink your strategy and policy on this for those who still continue to use your product.

Hi @all Our development team has already identified this issue and has incorporated a patch in the upcoming version, which will effectively resolve it. We appreciate your patience until the new version becomes available

I finally found the issue! My Firefox was set to delete all cookies after shutdown, so basically a private mode. For the Enpass extension the option "Work with private mode" was disabled, so it couldn't work on my browser. Problem solved, thanks a lot to everyone for the patient help.

Hi there, I'm a 1Password 7 user and am searching for a replacement solution supporting self-hosting on Webdav. At my work we are using Enpass which is working fine but, for my personal use, I have more and more doubt. Why? I see that Enpass is barely having any update (even minor). It is good the browser plugin got a major update, but that's it in the last few years. There is absolutely no update about any redesign, new feature, nothing that actually indicate Enpass is still actively developed, but rather just maintain to survive. It would be a thing if there were regularly update, but we see that now, there are several months between any minor updates for bug fixes. Bugs which are reported does not seem to be fixed either before months. That's usually either indicate the project is dead or there is a major update being prepared in secret. I see I'm not the only person. So, actually before I actually buy Strongbox (which is actively developed and which would not be a problem if it just dies as it is using an open format), could you hint if Enpass is still developed. And if yes, then why does it seem dead? Changing of Password manager is something not to be taking lightly, so I really want to know in what I invest my money and time. Thank you!

Hi @hicder We are excited to share that we've extended the update to our Linux app, now available as version 6.9.0! Feel free to update your app to the most recent version or alternatively, you can download it directly from here. Concerning the update for the portable version of Enpass, rest assured that our development team is actively engaged in the process. We kindly ask for your understanding and patience as we diligently work on this update.

I don't think this bug will be fixed soon, but I have it too. Just to note that others have this problem as well. Wordy excuses that nothing is done, of course, strengthens a customer loyalty immensely.

Try this?

Hi @AnakinCaesar We have successfully replicated the issue on our side, and we are currently working on a patch to address this bug. We sincerely appreciate your patience during this time.

Thank you @Abhishek Dewan for the update. I'll eagerly await a reply and hope a fix will be found withing a few days!

Funny thing is that they can just programmatically take the datetime of the computer and use the year from that for the copyright notice... They keep saying things are forwarded to the development team. That may be true, even if the development team consists of 0 people

Yes, maybe you're right. I don't think they forgot to update the year because it's almost 2 years. But I'd like an official statement about the development of Enpass, wheter it's being active or dead.

if you take a look at the copyright notice in your app on PC or MAC you can see it's only listed from 2006 - 2021. So I guess that's the point where they officially gave up?

Hi @Schtief Our development team is already aware of this feature request. As soon as I have more information about this features implementation, I will be sure to update this forum. Thank you for your cooperation and support in the meantime. #SI-3376

Failure...

Enpass has golden opportunity to take over 1Password past customers who want local storage + license model not subscription but Enpass development seems very stale and there is a lot of polishing that needs to be done

You can just create your own template from the Desktop-versions. If you want to modify the field-order of a builtin template, say "Login -> Standard", you could create a new template, choose to copy existing (Standard), re-arrange the fields. If you want to rearrange the fields of hundreds of items in a batch, youd have to do a file-export into JSON and do some serious Python-scripting, But if you just want to move all items from the "Login" category to "My reorderd custom category" you just multiselect items from the category you want to hide, then select change category. then you simply click in the left bar of Enpass and choose Edit Categories and untick the "Login". Then for any newly created items, youll choose your custom category and theyll be sorted like you want.

So basically what you‘re saying is that the customer (end-user) should take care about the problems and communication between Enpass developing and Apple iOS system? Customers ain’t part of the developing team either alpha testers. We expect a working product. Instead of identifying the problem, I think most of the users (including me) are more interested in a fix ASAP. Again, it’s absolutely disappointing that the issue still exists after many months.

Don't buy Enpass. This support sucks. They're kidding us. They've been doing that for years. They write that they will fix the problem in the next update. That never happens. They want a demo account that will never be called. They say that they forward the requests to some teams. That doesn't happen. Everything goes straight to the recycle bin. What's more, Enpass has been evasive in answering questions about security for years. We have to assume that Enpass contains very large security vulnerabilities that have not been fixed for years. I strongly advise against using Enpass. Don't buy Enpass.

I understand it's not possible to give precise information. But you must have some information to share. Some new exciting features or whatever may be interesting and show you are really developing it. Users are not necessarily asking for ETA, but just info to know if something is planned somewhere in the near future. Just to know that you are actually really developping Enpass (and not just telling you are without actually doing it) I'm testing several password manager. Some developed by larger companies, other by very small teams. In both cases, they have many more updates. Some even share vague information about what's probably coming up this year. Just to show they hear the users, they are actually working hard. Enpass on the opposite is completely opaque, or deaf. That's actually quite worrying. I noticed I'm not the only person who is wondering what's actually happening. This might definitely cost you users...

I rather demand that the software is actively developed and good communication. New features are nice, but active maintenance and communication about the current development is an absolute requirement, especially where there are minor updates every 5-6 months only. I will ask again: - Is Enpass still actively developed? (or is it basically dead beside a few rare minor maintenance update solving only the most severe bugs) - If yes, then what is currently going on? Why is there no news for months about what is going on, why does it looks like a dead software? What is the roadmap? Could you communicate a bit more? Thank you.

Hi @Abhishek Dewan, They say Dutch people can be a bit "direct" so in advance don't take this as an attack ;-) But how can it be that a request was posted in may 2020 and now +- 3 years later still is under discussion? In my opinion this cannot be true and/or serious. Don't get me wrong i love Enpass and use it a lot. But please be honest in the feedback and tell the user wat to expect. Just say: No we will not implement this in the coming years because there is to much to do when this is the case. Again no hard feelings ;-) I just like transparent communication With kind regards, Rik

Thanks for shearing that informative article @Jos Berkers. Hopefully the Enpass team offer up a solution ASAP to this concern.

Hello, I read an article that the standard WebAuthn is public now and all websites can offer WebAuthn for users. Users can log in without a password, they need just an other identification (like smart phone or hardware token). This is also relevant for Enpass. It would be cool if I can use Enpass to access websites that offer WebAuthn. Here are some useful links: Official website of WebAuthn: https://www.w3.org/TR/webauthn/ Website wehre you can test WebAuthn: https://webauthn.io/ So is such a feature planned? Best regards OLLI

It would be really much, much better if the Match URL Hostname was NOT a global setting. I often login into work sites on our company's intranet that ALL have the same domain name with different sub-domains, which all have different passwords. Unfortunately, Enpass, like LastPass and other password managers, match only on the domain name, or have a global setting that makes EVERY site match on the entire URL (which screws up other sites, especially ones that get updated and some part of the URL changes) or make you list the sites elsewhere (like LastPass). It is especially irritating when you have to dig through dozens of sites that all look the same (in a dropdown) to try and find the right password for the host you are attempting to log into The flag to indicate to match the "full URL" should really be options, specific to each item/site, on whether to match just on the domain name, the full host name (including sub-domains) or the entire URL. That way you can setup intranet sites accordingly (with sub-domains and/or path specific sites) and yet still have internet sites (such as bank, credit card, etc. sites) that only match the domain name so if the website is updated and the URL changes it doesn't get hosed.

Just bought a Lenovo laptop with a fingerprint reader that works great for logging in. I would love to be able to use it for Enpass! Happy to be a beta tester or work with the engineers to develop the feature (I'm a programmer)

Hi @GeoCrackr Thank you for sharing your valuable suggestion. You will be pleased to know that Enpass developers are aware of this feature request, and they are already working on implementing it. Moreover, I have also shared your comments as feedback with them. I will be unable to share any ETA for the same, but I will be sure to update this forum once it is released. Your support and patience in the meantime are greatly appreciated. #SI-3240

I've just learned that PBKDF2 encryption is outdated and vulnerable, and Argon2 or bcrypt are now the preferred password hashing implementation in modern password managers. When is Enpass going to upgrade or at least provide the option of using a secure password hasher? Raising the bar on security

It's good that current vaults where upgraded to 100K but we do need the ability to set our own iteration count.

Unfortunately, 100,000 iterations is no longer considered sufficient. See: https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ and recent hack at Lastpass! How can I increase this myself in Enpass to 600,000 iterations? Which is currently considered a safe minimum.

Thanks for the answer. I still not know how to secure my vault if I sync it over the net like Dropbox or iCloud. What if they collect my vault? How can I protect it? I somehow think 1 password has higher security because of the secret key feature. Even if they have my vault they need the secret key as second factor. Maybe I'm just too paranoid?