Jump to content
Enpass Discussion Forum

paulsiu

Members
  • Posts

    62
  • Joined

  • Last visited

  • Days Won

    5

Posts posted by paulsiu

  1. I have enpass on the same computer split across multiple accounts.I am using the Window 11 Store version so should full time windows hello. Indeed, I have notice that it works with one account. When I log out and log back I am not prompted for the master password.

    However, when I setup the same enpass on a different windows account on the same machine, it does not work. Can enpass only store 1 entry per computer?

  2. I am reporting that the latest extension 6.11.0 fixed the issue on Chrome on ChromeOS, and firefox on MacOS and Linux. What change is when you click on continue to the 2FA prompt, you get a prompt to press the hardware key button. Previously, the popup never appear and you get stuck. I like to thank the enpass team in fixing this issue. I will report this to the firefox forum.

    • Like 1
  3. Update, I replicated this issue under ChromeOS and Chrome browser. Just to make sure the problem is understood. When you log into icloud, a prompt for the hardware key appears and then you press the hardware key to login. When enpass browser extension is enable, the iCloud popup for hardware key will not appear and you won't be able to login. If you disable the enpass extension, the issue goes away. The browser extension appears to prevent the hardware key popup.

  4. To replicate, you must have an icloud account that uses hardware key as 2FA. The following is the expected behavior

    1. Open browser and go to https://icloud.com.
    2. Log into your Apple account.
    3. The site will prompt you to press the button on the hardware key and also prompt you for the hardware key's PIN. 
    4. User enter the PIN and the browser logs you into the apple account.

    However, if the enpass extension is installed, step 3 does not prompt for the pin and there is a spinning progress circle that never goes away. It is definitely the enpass extension, since removing it allows it to work. The following are the configuration

    Platform: Apple M1, MacOS Sonoma 14.5
    Enpass desktop version: 6.11.0
    Enpass Extension version: 6.9.4.1

  5. Note that I am having the same issue on Linux PopOS 22.04. Initially I thought I had to reinstall the enpass and extension, but I have done that 3x already and the issue did not go away. One workaround so far is to make sure tha the enpass desktop is unlock and then disable the extension in firefox and then re-enable it. This seems to fix the issue temporary.

  6. I am having some difficulty with using Enpass with ChromeOS. I have the android app Enpass install and the Enpass extension installed in Chrome.  In the android app, I attempted to do the following:

    1. In the android app's settings -> Autofill -> Android Autofill Service. I toggle it and it and tries to set enpass as the android app. When I tried this, it display a dialogbox saying "Make sure you trust this app". When I press OK, the checkbox is not checked. It only gets check if I set the autofill service to none.

    2. Toggle "autofill in chrome browser". This connects to the chrome extension.

     

    The problem is that connection keeps being loss. what am I doing wrong and why doesn't step #1 work?

     

     

  7. On 11/3/2023 at 5:51 AM, Abhishek Dewan said:

    Hi @paulsiu

    Creating backups and restoring your data will retain all the saved passkeys. However, when exporting your vault to CSV or JSON formats, please note that passkeys will not be included in the export/import process.

    Thanks, have Enpass thought about if they will do this in the future or if you will have ways to import passkeys from other vendors. I imagine that there is no published standard of how to represent passkey in JSON or csv.

  8. I would like to add a warning about windows hello setup. The link you proviced mentioned that Window Hello uses TPM to securely store key values. On older devices without tpm, that is not the case. When you enable windows hello, you are required to create a pin. If you have a Windows computer without TPM, the PIN value are stored in a secure location. The problem is that many of these machine probably also do not have disk encryption. You can buy an utility to bruteforce your pin.

    https://blog.elcomsoft.com/2022/08/windows-hello-no-tpm-no-security/

    I believe Enpass smartly forces you to enter the master password on startup if you don't have a TPM, so fortunately hacking the PIN will not allow them into the vault, but it would allow them to acquire the PIN to login.

    There are two things you can do to mitigate.

    1. Encrypt your drive, which should prevent access to the secure element.

    2. Make a really long pin simialar to a good password using letter, numbers, and special characters. Most people don't know that you can use keys other than numbers. If you are using fingerprint, you would not need to enter the pin often.

  9. Thank you for the clarification.

    I would like to add that despite its lack of use caes for portable usage. It's extremely useful as a backup verification. I like to make backup of the vault, but I also like to test that the backup works. One easy way to do this is to setup Enpass Portable and restore the vault and check if all of the entires are in place.

×
×
  • Create New...