Jump to content
Enpass Discussion Forum

Thoughts?

Members
  • Posts

    48
  • Joined

  • Last visited

  • Days Won

    7

Thoughts? last won the day on July 20

Thoughts? had the most liked content!

1 Follower

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Thoughts?'s Achievements

Apprentice

Apprentice (3/14)

  • Reacting Well Rare
  • First Post
  • Collaborator Rare
  • Conversation Starter
  • Week One Done

Recent Badges

24

Reputation

  1. Hi flyingbirds I sync my main vault with one cloud, via the Enpass app, and the auto-generated backup files to a second cloud simply by syncing a custom backup folder. You mentioned you're using filen. As I understand, filen's desktop sync client is being updated to permit the syncing of custom folders. You will then be able to set up your chosen Enpass backup folder as a dedicated filen sync folder. An encrypted backup vault file, together with e-mail, master password and (key file if used), will allow you to restore your vault if your original vault file isn't available. You import the backup file, when setting up Enpass as a new installation.
  2. I noted a similar question was asked back in 2019, so I thought I'd ask in 2022! Android 12 – Enpass app version 6.8.2.666 Having used various login methods on Android, I find Enpass’ keyboard to be about the most consistent. However, haptic feedback is a strong buzzer that can't be altered. Only by disabling haptic feedback globally, can you stop the keyboard buzzing, as the app overrides the phone's own level controls I’d welcome an updated Enpass Android keyboard, with both control over feedback and a more modern design. The FOSS keyboard, OpenBoard, could be an excellent platform for a revised Enpass keyboard. Button design, layout, size and colour are all configurable, it even includes its own clipboard viewer. If this was controlled by Enpass, a user could more easily copy and paste additional items, simplifying form filling, with Enpass clearing the clipboard, as it currently does, after a specified time. Thank you for taking the time to read this and for Enpass’ continued development.
  3. Ivarson - Thank you for your comment. Yes, as you say, there are various advantages to both approaches. The reason I thought one-way, could be more viable, is it wouldn't necessarily require any syncing, as entries are purely shared with multiple vaults. The other advantage of one-way is in a family set-up, it would ensure there can only be one version of a particular entry, while still allowing secondary vaults to create and control their own unique entries. The absolute ideal would be to also have a master list, collating every entry from every vault, giving the account owner an overview of the entire system. Anyway, thanks for your thoughts and here's hoping.
  4. The ability to create multiple vaults is extremely useful, but maintaining identical entries, across several vaults, is time-consuming and or prone to error. As a feature consideration, if every entry copied from the Primary vault, to a secondary vault, could be internally linked, any update made to that entry would automatically update the matching entry in all other vaults. The most flexible, would be two-way syncing where an entry can be updated via any vault, Primary or Secondary. But possibly a more stable approach, would be to treat the Primary vault as the master, so only when an entry is updated via the Primary vault, would it then synchronize that change with the other vaults. With this one-way master vault approach, an entry copied to a secondary vault could be linked or independent. A linked entry would become read only, while an independent entry would be read and write. This would ensure the Primary vault maintained full control over its own updates, while allowing secondary vaults, full control over entries unique to that specific vault. Every linked entry, copied from the Primary vault, would remain part of the Primary vault, not a separate entry. It's a bit like saying, please allow these Primary vault entries to also appear in these secondary vaults. Such a setup would follow Enpass's offline design, with synchronization being within the app itself, and it would also ensure audits were consistent between the different vaults. I hope I’ve explained this reasonably clearly. Enpass is a really powerful tool and with the increasing number of devices and users, within each account, the ability to maintain control becomes even more important. Thank you, once again, for Enpass’ continued development.
  5. flyingbirds - I wasn't replying to your entire post, just to a question you asked. breach/compromised what's the difference? A breach is where hackers have gained access to a database or similar of a website where you hold an account. So your specific details might not have been compromised, but the website itself was, and there's a risk your details were also stolen. A compromised password is a password known to have been obtained by hackers in a website breach. The password might not have been stolen from your account, it could have been an identical password used elsewhere by someone else. The simpler the password, the greater the chance of that being the case. For both a website breach and a compromised password, the recommendation is to change the affected password to ensure the login details, if stolen, are no longer usable. Personally, I'd also recommend changing the e-mail. Once an e-mail is part of a stolen database, spam/malicious e-mails are more likely. Also, part of any log in using that e-mail is now known to hackers.
  6. Increasingly, web accounts are setting minimum periods of inactivity (often as little as 3 months) before an account is considered abandoned and marked for closure. It would be helpful if Enpass allowed a user to add calendar reminders, for each entry. The existing password expiry period feature is useful, and being able to add more general reminders, with a note, would ensure a user never overlooked infrequently used accounts. Setting specific dates would be the most effective, but using the same approach as the password expiry feature would also be helpful. Thank you for Enpass' continued development
  7. Hello Mohit Thank you for your very thorough reply. I reinstalled 6.8.0 late yesterday, and the rotating blue symbol appeared over the Compromised passwords button. This morning, on opening the app, the button has reverted to show 0 as normal. It would seem an initial auto-check either takes far longer than a manual check, or some other checks are taking place, but the app is currently stable and operational, so I will test further. Thank you for considering the feature requests. I look forward to future updates.
  8. Hello Mohit Thank you for replying. In point 1, when you say ‘pending’, do you mean simply items that have not yet been checked against HIBP's database? In point 2, when an item is added or updated is the auto-check of the entire vault or only for the item(s) added/updated? I.e. does the Enpass app, mark an item as ‘checked’ against the current HIBP database? In point 3, how is the Enpass app notified of a HIBP database update? Is the Enpass app requesting that information direct from HIBP, or is the new database stored on your servers, and you tell the Enpass app that an HIBP update has occurred, and the app needs to run a new full vault check? In reply to the issues I faced with 6.8.0, can I ask, when an item is added or modified, and auto-check is enabled, is there supposed to be any visual indication of an HIBP check taking place? Or is the check silent? An HIBP check of a single item takes a matter of seconds, so if the check is ‘silent’, it would behave as I experienced. Only if a password was found to be compromised would a user know a check had taken place. If the check is silent, it would be helpful if the Compromised window of the Audit section gave the date and time of the most recent HIBP checks. That way, a user would know, their password checks were up-to-date. If you could let me know whether the check is supposed to be silent, and if it is, I will reinstall 6.8.0 and run further tests. Thank you once again
  9. Mohit and team thank you for the update, it's always appreciated. Can you please clarify what happens with the Automatic Compromised Password Check, because there is now no option to manually check the entire vault with a single button press? On installing 6.8.0, I enabled auto check and the Compromised button showed a continuous rotating symbol, but no progress. After leaving it for 5 minutes, the symbol was still rotating. I unticked the auto check option, shut down then restarted Enpass and the Compromised button showed 0 as normal, but on reviewing the Compromised window of the Audit section, there was no option to manually check all passwords. As a final check, I re-enabled auto check, modified a password entry, saved it, but the app gave no indication any auto check had taken place. A few questions if I may 1 - Is an auto check, only checking the HIBP database when a new/modified entry is updated? 2 - Does auto check, check the entire vault, or just the new/modified entry? 3 - Is it correct that the option to manually check all passwords has been removed? If the answers to the first and third questions are yes, this would mean with 6.8.0 a user needs to modify/create an entry to recheck all passwords against the HIBP database, rather than simply pressing the Re-check All button. If, however, an auto check only checks new or modified items, a user must now manually check each individual entry, to check the entire vault 4 - Can you consider, automating vault password checks as, either every time the app is started, or at specific scheduled intervals? This type of automated checking would ensure the Audit was always up-to-date without any user input. Either option would work best in conjunction with the existing manual Re-Check All option. I've currently reinstalled 6.7.4 (933) as the password changes in 6.8.0, make it less usable. I've just noticed your post was in relation to the Windows Store version. My desktop version offered 6.8.0 as a Beta update, which is the one I installed. Do let me know if I should repost this question in that section. Thank you in advance for any information you can provide.
  10. Thoughts?

    Catagories

    DenalB, you could also use Tags. Both as a visual identifier, and as a means of further sorting items within the same category. I use tags all the time.
  11. Hello Manish Thank you for responding. The Grammarly software is called Grammarly for Windows, version 1.0.2.130. It's a self-contained desktop application and works without the need for a browser extension. It can be found here, Grammarly for Windows Thanks once again.
  12. Not sure if you were aware, but Grammarly for Windows, a replacement for their desktop editor, is an app that detects and corrects text entries in almost any application. On trying the app, I discovered that entering text into the Enpass desktop software 6.7.4 (935) and browser extension (6.7.4) was detected by Grammarly! While the text I entered into Enpass did not appear in the Grammarly app it certainly recognized I was (A) using an app and (B) was entering text. The unknown is whether the text entered is still registered by Grammarly (i.e. sent to their servers), and simply not displayed, or whether it truly can't 'see' what I'm typing. While a user can manually prevent Grammarly from working with specific apps, that's not its default. To test if other password manager software was also detected, I tried Bitwarden's desktop software, and found entering text did not trigger the Grammarly app. So I'm unsure whether that is purely 'luck', or something Bitwarden has employed in their software. There are other apps I've found that Grammarly doesn't detect, so it's more likely just luck, that Bitwarden isn't detected. I bring this to your attention, so you're aware of a potential security issue raised by anyone considering installing the Grammarly app alongside Enpass. I don't know whether there is anything that can be done, but if you were able to clarify the situation directly with Grammarly, that would be immensely helpful. Thank you.
  13. Hello Gulshan - Thank you for taking the time to reply. Just to clarify, I do understand the cloud is purely the storage medium and not involved in any encryption process, and why my suggestion was that the Enpass app folder, the vault and attachment files be randomly named, before being uploaded to the cloud. As you say, if a hacker gets access to the files, they would still require the master password. My thought is, if a hacker had no idea what the files were, in the first place, they are far more likely to be discarded or ignored. Currently, an Enpass app folder stands out, and its name tells the hacker the software used to create the files inside, making it more of a target. Thanks for your time.
  14. Could Enpass consider modifying the names of the App folder and enpasssync and enpassattach files stored inside a user’s chosen cloud-stored folder? Although the files are encrypted, if a user’s Google, OneDrive etc. cloud account was hacked, an Enpass app folder containing an Enpass vault and attachments, does make it a more obvious target for hackers, than if the folder and files were given more obscure names. Currently, the folder and file names make it obvious which app was used to create the files. My suggestion is not about additional encryption, but purely a ‘masking’ of the folder and file names to better hide them, if a user’s cloud account was hacked. Thank you.
  15. Hello Gulshan Thank you for replying. I was aware of, and use, the PIN feature in Enpass. My suggestion was that, if a user could set the option of needing to enter their Enpass PIN, before an attachment was deleted, it would prevent attachments being accidentally deleted. So my suggested sequence would be, press X, enter PIN, press ok, attachment would then be deleted. Thanks Again
×
×
  • Create New...