Jump to content
Enpass Discussion Forum


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by paulsiu

  1. I have to complain that while I generally like enpass, the issue with TPM is the most annoying. I have two different computers with TPM 2.0. One is using real tpm 2.0, the other is using Intel PTT. In both cases, enpass did not save the master password, so when I restart the machine, I have to enter the super long master password. I have to reenter the password when the client crashes, which is more often than I like.

    Your competitor Bitwarden do not have this issue. I am able to start the bitwarden desktop client by using windows hello. Does enpass ever plan to fix the issue? If it's a hardware issue, your competitor does not appear to have an issue getting around it.


  2. So whenever I start enpass after restarting the computer, I have to re-enter the master password. When it crashes, I have do the same thing. Enpass stores items in TPM, but it has to be TPM 2.0. I imagine it doesn't matter if it's firmware TPM or hardware TPM, as long as shows up as TPM 2.0 in tpm.msc?

    I have TPM 2.0 on my computer, but it still does not store the master password in the TPM. In other post, it said it was because a certain API must run for enpass to work. Is there a powershell script to test this out?


  3. Thanks for your help.  Out of curiosity, when you say that it is store in the database but is not accessible from the UI, you mean the local database file on my drive and not some centralize database at enpass?

    I think you misunderstood what I mean about adding additional website to password entries. When I associate a site to my password, I can see a list of websites associated to the site. For example, Bank of America may be boa.com and mbna.com. I wanted to know if there is a way to manually edit the URL? On some password manager, you would see a list of URL that you can then modify. What you are saying is that it's impossible to do that at the moment using enpass?

    This brings up another point. Suppose I accidentally associate the wrong site to the password. For example, I mistakenly associated mybank.com with yourbank.com. How do I remove the association? I supposed one work around would be to copy out all of the info and delete the and re-enter it.



  4. Thanks for the info. What you are saying is that if Enpass can see that the app supports autofill, it will use autofill over the other method. Is there a workaround that can be coded. For example, I notice that the Bitwarden app can autofill the bank of america password field if the accessibility is turned on (but won't work if it's turned off), so the are working around it somehow. Perhaps they if the field allows autofill and switch to accessibility when it is not?


  5. I am having problems using enpass with Bank of America mobiile Android App. Here's what I am doing.

    1. Open Bank of America App. It prompts me for password.

    2. I select Autofill, which fills the user name and not the password.

    3. I can go to enpass and copy the password and then paste it into the passcode field. This does work but enpass doesn't offer to save the password or anything.

    Note that enpass works fine with the bank of america website on windows.

    I am wondering if there is an issue with the field name. Perhaps field name on the app is not the same as the website.


    Phone: Pixel 3axl

    Android Version: Android 11 Buuild number RQ1A.210205.004

    Enpass version:



  6. Hi I currently use enpass but have also use Last Pass in the past. Before you switch, evaluate what you are looking for. If you want something that works exactly like last pass, Enpass is not going to work. However, if you want something that serve the same set of requirements but works differently, then let's continue.

    The main difference between Last Pass and Enpass is the way it stores the passwords. Last pass password is stored in the cloud on the Last Pass servers. Enpass are stored either locally. If you have multiple devices a cloud drive like google drive can be setup to sync the password file across the different devices. Note that the setting up your own cloud drive can be an extra step that some people do not like. However, the chief reason to do this is to be more secure. Hackers can't hack Last Pass to get to your password, they can't do it with enpass because it's not store on their server.

    Both product will serve your needs for most password. Both Last Pass and Enpass have support for windows, IOS, and Android. The UI is significantly different and will take getting used to. Last pass has a lot of granular feature like ability to lock based on which field in the vault, etc that are very specific to last pass. Last pass also allow you to store things like credit card info, etc. I have not use those feature and so don't know if they exists in enpass. If you are a heavy user of last pass specific feature, you will either need to buy last pass or give up on them. I notice many of the other password managers don't have them.

    What enpass does have is TOTP integration. The way this works is that you can add TOTP to an account. Lets say when you log into amazon and is set up with 2FA. On last pass, you will have to login then look up the code in last pass authenticator and then manually enter the number into the site. On enpass, when you enter the user name and password, the 2fa code will be place in the clipboard so all you need to do is hit paste. This is a feature currently available for the Enterprise version of last pass, but not the consumer version.

    Last pass has more recovery options. If you lock out your account, there are a number of recovery option assuming you set them up ahead of time. For enpass, if you forget your master password, there is no recovery. This isn't necessary bad though. Keep in mind that each recovery is a backdoor to security, but keep this in mind since you may value recovery over security.


  7. When you create an entry for a website, you can enter a URL of the website. When you are adding an android app, how do you add it?  Am I correct to assume that the app is most likely to be associate with the website, so assuming that there is a bank of Springfield app for example, it would be associated with the bank of springfield website.

    However, I have notice that some apps like Bank of America do not appear to be associated with their website. IN fact, I am not even sure it has an associated URL at all. HOw do I link the app to the bank of America website. What if the app has no website at all?




  8. Recently, I have notice that auto-fill no longer works reliably on my Google Pixel 3a XL phone. When I am on an app or a website, sometimes I get a drop down for enpass, somethings it doesn't appear. Often when it does appear, it appears for a second before disappearing. I can't figure out what condition triggers the drop down and what it does not trigger. I am talking about auto-fill using the android autofill framework and not the accessibility.

    I have tried uninstalling Enpass and then reestablishing auto-fill. However, it does not work. I have installed Enpass Beta and it did not work either. It's not that doesn't work at all, but that only some of the time.

    Phone: Google Pixel 3axL
    OS: Android verison 11 Sep 5, 2020
    Enpass version: (I have the paid version)



  9. An update apparently fixed the issue. Now PIN works properly. I have decided to purchased the software for all of the platform. Previously to 6, I was going to pick some other software due to stability issue in Enpass 5.x and that Firefox extension did not work. Now that I tried enpass 6, I notice an improvement in stability, so I decided to purchase it.


  10. To duplicate this issue.

    1. Is IOS enpass, change security setting to use a PIN.
    2. Test the PIN by using it to log into enpass app.
    3. Open a website in the vault and then select the option to populate password.
    4. User is prompted to enter PIN, Entering the PIN set in #1 does not work and will result in invalid PIN. Keep entering the PIN until the prompt for master password appears. When it does, enter the master password, which works fine.



  11. Hi,

    i installed the new enpass 6 on a iphone with the latest IOS. The enpass is setup to pin unlocked. What happens when I click on empass password is that I get a prompt for PIN. When I entered the pin, it always said that the PIN input is incorrect. When I go into the application and try to use the PIN, it works fine. The issue only shows up when I ask Enpass to enter the site password and is prompted to enter the pin. After a few tries, I get a prompt for the master password, which does work.

    The issue only affects IOS. It does not occur for Android or Windows. However, it's preventing me from buying the whole of solutions. My family is on 3 platform and I need one that works on all platforms.


    Also: Why do I keep getting a cleantalk forbidden error. This is my 5th attempt to post.


  12. Hi,

    I am evaluating enpass and was trying it in firefox. I am using firevox 63.03 64-bit and enpass 5.6.19 which I installed from Mcirosoft Store and is probably the Bridged version. I installed the extension from the Enpass website, which shows up as version 5.5.2. When I click on the icon empass, I get the error:

    Enpass extension is not able to connect with the Enpass app.

    I follow the screen instruction and install native app EnpassNMHost.exe 5.5.2. This however did not resolve the issue even after I restart firefox. 

    Note that I do not have this problem in Edge on the same machine.



  13. I did some research on why this may the case. My initial impression was that when  you use the fingerprint reader, you would use that to encrypt the password key file. Essentially, your fingerprint is the master password. Based on your comment, this is not the case. Instead, the fingerprint only allow you to access a stored copy of the master password. Because the master password must be stored, there's no safe way to do this without using something like a TPM, is that correct?



  14. I was afraid of that. The chief reason I wanted to do this is to avoid entering any password. It's for a relative who's like totally terrible with password. She keeps forgetting them or type them incorrectly. Keeping the password shorter helps. If you increase it to a longer length to be secure, she's likely to tape the password on the table or have the same password for every website she uses.

    So TPM isn't something that can be added on to a computer?



  • Create New...