ttk

@Abhishek Dewan it has been several weeks now...how hard can it be?

@Abhishek Dewan Do you already have some updates? This issue is quite annoying and keeps me from fully rolling out Authentik in my environment. Should i keep an eye on Enpass releases or on Extension releases?

I could not reproduce it reliably. It seems that this occurs when Enpass stays locked for longer periods of time. I have captured one occurence, but apparently the screenrecorder wasnt able to capture the extension overlay as well, so now i'm trying to get a new recording with OBS Studio.

Hey, the software versions are the same as here: Regarding URLs: This happens regardless of which URL i am visiting. This has more to do with how long Enpass has been locked. Since this happens total randomly and not on every login attempt, i have a hard time recording it. I will try to keep an eye on my screen recorder and let it run just in case whenever i execute a login action.

I have the following problem: 1. Enpass is locked. 2. I right-click on a password form in the browser to let it fill the password 3. It shows the vault password prompt which i enter 4. The extension unlocks and briefly shows the entry for the current page, but after half a second "loses focus" and show all entries in the vault 5. Workaround: Hide the extension, and do the procedure again, so that it is opening unlocked, and only showing the entry for the page i want to have my password entered in. What can i do to prevent the behavior in step 4?

Hi, that are good news. I will have an eye on new enpass versions and try it out subsequentially.

Sure. It is on Windows 10 Pro, Patchlevel 19044.2486. However, i think this also happens on a Mac with OS X Ventura. Does not happen on iOS. Enpass is version 6.8.4. Chrome is version 109.0.5414.120 - but this issue occurs on Firefox as well. Enpass Extension is 6.8.0.

I have a setup where i am securing some applications with an Authentik SSO server. It does not work very well with Enpass. This is my problem: 1. I open the URL to the application. It is forwarded to the SSO login form. The form has the callback URL to the application as HTTP GET parameters in the address bar, e.g. "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2Fapplication%2Fo%2Fauthorize%2F%3Fclient_id%3DSCEmh1dhqxFlmPM30asa7dPqxs3dMBskX87Kx8DE%26redirect_uri%3Dhttps%3A%2F%2Fcomics.simonszu.de%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue%26response_type%3Dcode%26scope%3Demail%2Bprofile%2Bak_proxy%2Bopenid%26state%3D1qTRKfZVO07F-Hh7I44_8vaurt9GzaNTETUy1igmH08" 2. I select the Authentik Login item in Enpass via the Chrome extension. The item has "https://authentik.simonszu.de" as the saved URL, since that is the most common denominator between all SSO-secured applications as well as the admin interface of the SSO server. 3. As a result, the Enpass extension causes Chrome to open a new tab, with the address bar containing only "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2F", so, no reference to the callback URL to the actual application any more. 4. If i try to do step 2 again in the new tab, Enpass does not fill the credentials, but rather opens a third tab, containing the same address in the address bar as in step 3. 5. I can repeat step 3 and for for infinite time, causing Enpass and Chrome to open more and more tabs, and not logging in properly. Is there a flag where i can tell Enpass to simply fill in the credentials, and not trying to open the URL it has defined in the login item in a new tab? That would be nice.

If only the big red "YOU HAVE BEEN BREACHED, ACT IMMEDIATELY" alert could be hidden somehow. Since when you click on it, you need to pay. But it cannot be hidden, even if i do not want to use the premium features. Shitty UX is shitty.

I disagree. Github is for distributing source code, and eventually releases made from this source code. Just uploading binary artifacts without the code is not what git and Github was made for. If you need a backup of the installation, download the standalone client, and store it somewhere safe for yourself.

Hi, one of the reasons why i preferred Enpass over other password managers like Lastpass and 1password was that the developers just distribute the binary, and everything else like sync and so on was completely in my own hands. No connections to other servers, nothing. This was great, since i believe a password manager should do as little communication as possible. Until now i was very happy with Enpass. But now i have some serious questions about the new favicon feature. The announcement says that Enpass downloads it from the developer's server, and you need to enable the feature on each client separately, so i assume each client downloads the favicons separately. So, in concern of data security and privacy, i'd like to know why this decision was made. Each website provides its icon as https://url.tld/favicon.ico. Why isn't Enpass able to download this file directly, but instead phoning home with all URLs which are stored in my vault? Why is it dependant on some kind of managed service now? Why aren't the icons stored in the vault in the same way as attachment files are stored? If you guys have a reasonable explanation for this design decision, i'd like to hear it, since a password manager is a tool of high trust. Since Enpass downloads the icons when the vault is unlocked, and sends all the URLs to the developers, what guarantees me that it doen't do the same with all password data? I do not want to audit it's connection attempts with tcpdump every time an update was made. At least the other cloud based password managers do the sync with their servers with the encrypted vault file.

OK, there is an undocumented option. Just start Enpass with the "-minimized" flag.

I have a very stripped-down desktop environment on Linux (i3wm). Therefore i have some issues with the autostart option. At first, the Autostart-checkbox didn't work for me. I have reached out to the twitter support, and they told me what technique they are using for this option: "A file named Enpass.desktop should be created there at /home/.config/autostart." - this helped me to re-create a custom autostart script like i had with Enpass 5. However, i am missing the startWithTray option. Since the Enpass UI lacks the "Start minimized" option on Linux, and i3wm has no support to start applications minimized on its own, i currently get a full Enpass window on every boot plus a systray icon. I have to manually close the main window to have Enpass properly running "in the background". I am disappointed that there is no more option to start Enpass minimized on the command line.

I am using Enpass with a tiling window manager on Linux. Due to the nature of tiling window managers, there is no such concept as "Minimize windows". So after starting Enpass automatically on login, it spawns the systray icon and the main window, and ignores the "Minimze to tray" setting. I have to manually kill the window to persist the systray icon and not having a momentarily useless window on my desktop. I know that my use case (Linux with tiling window manager) is somehow special, but this problem is well-known among the users of tiling WMs. So i am asking for maybe a command line flag which one can pass to the Enpass binary which results in Enpass not drawing its main window, but only the systray icon. If one needs the main window after that, he can still spawn it via a click on the systray icon. Thank you very much.

Hi, this is already a feature request: