Jump to content
Enpass Discussion Forum

Thoughts?

Members
  • Posts

    36
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by Thoughts?

  1. Hello Gulshan - Thank you for taking the time to reply. Just to clarify, I do understand the cloud is purely the storage medium and not involved in any encryption process, and why my suggestion was that the Enpass app folder, the vault and attachment files be randomly named, before being uploaded to the cloud. As you say, if a hacker gets access to the files, they would still require the master password. My thought is, if a hacker had no idea what the files were, in the first place, they are far more likely to be discarded or ignored. Currently, an Enpass app folder stands out, and its name tells the hacker the software used to create the files inside, making it more of a target. Thanks for your time.
  2. Could Enpass consider modifying the names of the App folder and enpasssync and enpassattach files stored inside a user’s chosen cloud-stored folder? Although the files are encrypted, if a user’s Google, OneDrive etc. cloud account was hacked, an Enpass app folder containing an Enpass vault and attachments, does make it a more obvious target for hackers, than if the folder and files were given more obscure names. Currently, the folder and file names make it obvious which app was used to create the files. My suggestion is not about additional encryption, but purely a ‘masking’ of the folder and file names to better hide them, if a user’s cloud account was hacked. Thank you.
  3. Hello Gulshan Thank you for replying. I was aware of, and use, the PIN feature in Enpass. My suggestion was that, if a user could set the option of needing to enter their Enpass PIN, before an attachment was deleted, it would prevent attachments being accidentally deleted. So my suggested sequence would be, press X, enter PIN, press ok, attachment would then be deleted. Thanks Again
  4. Windows 10 Pro 21H1 - Enpass 6.7.4.919 and 6.7.2.885 When adding or removing attachments, the desktop app doesn't update an entry's last modified date. I'm not sure whether this was intentional, or simply a bug. Also, as a related feature request, it would be helpful if Enpass could provide a confirmation request before deleting an attachment. Currently, pressing the X instantly deletes the attachment without warning. For additional security, the option to request the master password or more usefully the PIN, if set, would also be good. Thank you
  5. Hi Gulshan Thanks for your comment. I'm a donut for overlooking that! Is the autofill of the 2FA code at a fixed time delay, for every entry, or is Enpass analyzing the page to check when the 2FA window is shown? I wasn't sure if it was working 'blind' so to speak, or if it actually knew when the 2FA window appeared. Thanks once again.
  6. Windows 10 Pro 21H1 - Enpass Desktop 6.7.2 (885) - Browser Extensions (Brave & Edge) 6.6.2 When logging in to AnonAddy the 2FA entry is left blank by Enpass, I need to manually copy and paste the 2FA code. The code is correct, but Enpass won't automatically enter the 2FA code. I have enabled both upper Autofill options including Automatically copy and fill one-time code after autofill 2FA code entry works correctly on numerous other websites, but just not AnonAddy for some reason. As a thought, where there are such issues, a feature that would help would be a 2FA button in the browser extension. So rather than having to open the entry and then copy and paste the code, you could simply click a 2FA button and Enpass would paste in the 2FA code. The browser extension has copy username, password and URL as right-click options but not 2FA. But a dedicated 2FA button would be easier and quicker. Thank you for the continued development of Enpass.
  7. Hello Toronto - I don't think it's related. The only issue related to editing I'm aware of in Enpass (I use Windows) is when the app is maximized it will move the highlighted entry to the bottom of the visible list and if editing an item, it will force close the edit screen, but I can still edit any entry. Enpass are aware of that issue and have said they're working on it. It would be worth posting your question in Enpass' iOS forum as other Mac users might be able to help further. Include the exact model of Mac, iOS version and screen resolution in your post. If its screen resolution is different to your other machines, that could be a factor. As a thought, if the issue is specific to one computer, have you tried removing and reinstalling Enpass? You could also copy over the Enpass vault (and key, if used) from another Mac installation. You could also create a new empty vault as a test. Back up everything beforehand, and you can then revert to your current vault.
  8. Current Desktop Software 6.7.2 (885) Windows 10 It would be helpful if entries, in the desktop software, could be sorted by their new password creation/changed dates. Minor alterations, adding a note etc., moves an item to the top of the last modified list, and it would be helpful if the list could always display in order of newest to oldest passwords. Minor changes could then be made to an entry, but the list would still sort by the age of the password. The password expiry feature is very useful, but ahead of each warning there isn't an indicator of password age. Thank you for taking the time read this and the continued development of Enpass. Thoughts
  9. Hello buyrsr Opening your Enpass vault doesn't require (or even use) access to Enpass's servers or the internet. Install the desktop app or keep a copy of the portable version and you will always be able to open your vault. Simply ensure you keep your account e-mail, master password, and, if used, key file safe. Even if Enpass disappeared overnight you will be able to open your vault. Once your vault has been opened it can be exported as an unencrypted .json or .csv file and be imported into a different password manager. Enpass Desktop Software
  10. Hello Garima Thank you for a very thorough reply. Could I just clarify this sentence "The latest one will be kept" Does this mean that, in my example, the password change made in the first (offline) device would be kept 'and' the note added via the second device would also be kept? So 'both' modifications made to the same website login entry (from two different devices) would be included in the newly synced vault? By the way, I already use the Enpass desktop app, I simply wished to clarify this aspect. Thank you once again Regards.
  11. If I edited a website login via the desktop app when my computer was not connected to the internet, then someone later edited that same website login, via a different 'online' device. What would Enpass do to resolve the differences, between the vault on my computer and the vault in my cloud, when my computer was back online? As the two vaults are now different, does it simply overwrite the entire vault on my computer with the newer 'cloud sync' vault (replacing the changes I made on my computer) or will it merge changes/additions if they are different? E.g. If I changed a login password offline, then later, via a different online device, modified a note (for the same login), what would Enpass do? I'm curious how it might handle offline edits and changes made to the same logins. Thank you in advance for any thoughts.
  12. Hello Pratyush Thank you for the update, that is excellent news. Two related considerations. As a fallback option for automated/scheduled checks; an option to repeat the check the next day if no internet was available at the scheduled time. Pressing the Compromised button on the new Audit panel could also be set to initiate a manual check and display the results on the next screen. Regards
  13. Hello Pratyush Thank you for replying. Is auto-filling of extensions being considered? Regards
  14. Windows 10 Pro 1909 64 Bit / Enpass 6.6.0 (761) MEGA Chrome Extension V3.115.8 / Chrome 88.0.4324 64 Bit Sorry if this has been asked. I did a search but couldn't find anything. Is Enpass able to autofill login pages generated by a Chrome Extension? I tried with the MEGA chrome extension, but Enpass didn't detect the login section. I also modified my existing MEGA entry in Enpass, changing its URL to that of the Chrome Extension and still MEGA didn't detect it. Is this issue specific to the MEGA extension or can Enpass only autofill web pages? Thank you in advance for any assistance.
  15. Hello Garima Just to let you know I recently installed Enpass 6.6.0 (761) and it appears to have resolved the custom window size issue. Now on pressing Exit, with the app full screen, the app will remember its previous manually adjusted app size. The app itself has so far worked without issue. Thank you. As further feedback, the new audit section is a welcome addition. It would be helpful if the audit buttons (Compromised, Identical etc.) were much smaller so more were visible in a resized window. It's not clear why a 'No Entry' sign is displayed when hovering over an Audit button with 0 issues and why the button is deactivated. A 'No Entry' symbol usually implies no access, but in this case any section showing 0 is a good sign so a green tick symbol might be clearer. If all visible audit buttons were left active (including those showing 0) a user could confirm the status of any section. Related to the above, if bright green font was used for every audit item with 0 issues, it would be clearer as to the health of a user’s passwords. Then, if a password was compromised the number would appear as bright red, duplicate or weak passwords would appear in bright orange and expired passwords in blue. So rather than dimmed or bright colors just the color itself would alert to any password issues. As a final thought. I understand how the website breach monitoring would work, but are there any plans for the Compromised Passwords section to be automated in some way? It's easy to forget that the password check is manual and without regular manual checks the audit section could continue to show inaccurate information. If a user could setup a simple weekly or monthly schedule, to run Re-check all passwords, this would ensure this critical information was kept up to date and accurately displayed. Thank you for taking the time to read this. Regards.
  16. Glad it's working again. The issue as I understand it is that Dropbox stops the reconnection because it sees the same Enpass app as already connected/authenticated. So only by disconnecting the app in Dropbox is Enpass then allowed to reconnect to your Dropbox account.
  17. 100 Watt Walrus - I use Windows rather than Mac and Enpass 6.51 (723) and I also sync with Dropbox. I had a similar issue some time ago and found if I logged in to my Dropbox account and disconnected Enpass from the Connected Apps menu, I was then able to set up Dropbox again in Epass and stay logged in. You may have already done this, but thought it worth mentioning.
  18. JJK I have four 'copies' of the vault. The active vault file (used by the Enpass desktop), the cloud stored vault (auto-synced by the Enpass desktop) and the Autobackup file(s) that I also independently sync to a different cloud storage service. The vault is setup with a keyfile which I also back up and independently encrypt, as it is purely a text file. Using a separate keyfile I know the cloud stored backups can't be opened without my email address, master password 'and' the keyfile. I often clear out older backups from the auto-backup folder to limit the folder's size over time. If you wished to keep much older versions of previous backup files you could simply upload those to a separate cloud storage service (dedicated to just those files). If you wished to later free up the space on your computer just go to your cloud and manually move older backups out of the 'sync' folder and into a separate cloud-only 'archive' folder. I would only do that if the vault was secured with a keyfile 'and' the e-mail address used for that cloud account was 'not' the same address as for your Enpass account. With only backup files in the cloud and a different e-mail address; if the account was hacked, the hackers would have no personal information they could use to link the backup files to you. They would simply find multiple encrypted files that couldn't be opened or used.
  19. Dear Enpass Just to add to the conversation, I like the X button working as it currently does. Unlike other software, a password manager requires the app to be both running 'and' logged in for it to function and if pressing X were to shut Enpass down (logging the user out), I suspect many would discover (after a failed website login) they had accidentally shut down Enpass, rather than close it to taskbar. It could lead to more operational inconsistency. If you did decide to make the change, it would be helpful if the user had the 'option' of whether pressing X shut down the app completely or simply continued to close it to the taskbar. Thank you for any future developments.
  20. Hello Garima Thank you for investigating, I'm glad I wasn't going just going bananas! I look forward to future updates.
  21. Hello Garima Thank you for replying. In Enpass two Google entries are shown as: Username: My Screen Name E-Mail: Account E-Mail Password: Password Prior to the issue I've reported; when logging in to Google, Enpass would correctly enter the e-mail and then the password. It would correctly, not use the Username as part of the login. Approximately a week ago, without any change to Enpass software, or to the entries within Enpass, when logging into Google the Username was now pasted into the login window. I've changed nothing at all, but for whatever reason the Username is the first item pasted in, whereas before it was the e-mail. If I modify the above entry so it shows as below the log in process will operate correctly. Username: Account E-Mail E-Mail: Account E-Mail Password: Password If I create a new Google entry with the Username as before, Enpass will again wrongly enter that Username. Your colleagues may wish to try a Google entry with: Username: Your Screen Name E-Mail: Account E-Mail Password: Password And see which information is entered first, it should be the e-mail, but for me at the moment it is now the text from the Username section that is entered. I'm wondering whether Google may have changed the login section and that might now trigger Enpass to enter the Username text rather than the e-mail. As mentioned this is true with all three desktop versions and both Chrome and Firefox extensions. Regards Thoughts?
  22. Hello Garima Just to let you know: 6.5.1 (723), 6.5.2 (725) and 6.5.2 (727) have not resolved the manually adjusted app size error. So pressing Exit with the app full screen will still override any previous manually adjusted app size.
  23. Windows 10 Enpass Desktop 6.5.1 (723) & 6.5.2 (725) & 6.5.2 (727) - Chrome Extension 6.5.1 & Firefox Extension 6.5.1 When trying to login to Google, the User Name (Screen Name) is entered rather than the e-mail address. If I edit the Enpass entry to change the User Name to the e-mail address it functions correctly. The behavior is the same in both Google Chrome 86.0.42 and Firefox 81.02 and is specific to Google (other logins function normally). It seems to be a change 'by' Google because even older versions of Enpass (6.5.1) that previously entered the e-mail address now exhibit the same fault. If I create a new login from a Google template the same thing happens. The entry as mentioned can be modified so it does work correctly, but thought it worth letting you know the error.
  24. Hello Pratyush Windows 10 Pro 1909 / Enpass 6.5..0 (707) With Enpass 6.5.0 installed no ‘rogue’ single duplicate password entries at present, but I had previously cleared those (by restoring my vault from a json file) prior to the installation of 6.5.0 so I’m unable to say if anything has changed in relation to that. If the app is closed while full screen it still overrides the manually adjusted app size, so as before the window size at Exit is the one Enpass stores as its restore down size. Let me know if you require further information. Regards, Thoughts?
×
×
  • Create New...