Fadi

Well I am here just to let enpass team know that we have been waiting for many major features and major release for enpass to keep it self updated to the industry standards. People have been requesting several features to make sure enpass becomes the best password manager in market but I assume enpass does not want any customer base anymore to stick to it since past few years I have been waiting patiently for enpass to work on new features and listen to it's customers but we ended up being told that our request has been forwarded to development team and after that nothing came out with any new features. Enpass v6 was released 5 years ago in 2018 and now it is 2023 in past 5 years things have changed a lot in password manager industry. Enpass maybe unique for it's offline usage but rest assured is not being maintained the way it should be. There is no roadmap no updates about any new features. Every feature request made on forum is being ignored. No implementation of FIDO2. I mean I can go on and on and on with list of the features and options people have been requesting but non of those were implemented. I thought maybe soon they will add all new features with a major release of v7 but that is not happening any sooner. I have been using almost every password manager including Lastpass, Keeper, Bitwarden, Nordpass, Roboform, Stickypassword, passwordboss, dashlane, 1password and few others but now there is a new password manager which checks all the boxes for me and it even provides you temporary emails and passkey support. It might be new and fresh in market but after reviewing and testing it's features I think it is time to say goodbye to enpass and move everything to locker.io password manager. I am glad to be part of enpass for a very long time but enough is enough and I have had enough of this wait. I would like to thank you enpass team for serving us with this great piece of software which I still love to use but I have my own reasons explained. In future I will keep an eye on enpass as I have lifetime subscription and will monitor it's progress but until than I am done with enpass and there are many others like me who stopped using enpass due to its slow development as everyone wants new and better softwares specially when it is about personal security. Password manager being offline is not enough to keep customers engaged as in the end to end up uploading your enpass database somewhere on cloud storage services to use it remotely anywhere in the world. All enpass had to do was listen to us and add features to enpass but you guys did not listened to us. So have a great journey in this competitive and features pack industry. Sooner or later you guys will realize that you need to keep up the pace if you want to keep your customers and trust me just google about enpass and find out how much enpass has disappointed it's customers by just not keeping it self updated. Thank you and good bye.

I don't think this will be implemented any sooner. Because people have been requesting many useful major features but i have never seen them being implemented. Development in enpass is very very slow. No new features but few bug fixes in every update. I just hope they will listen to us and implement because if they don't it's gonna bad and people will move to other better available options. We love enpass but when it comes to lack of features it hurts us as i have been using almost every available password manager i can see not every password manager is perfect but that's why we are here in first place to suggest and help enpass to become better than all others. I just hope it happens sooner or enpass will lose it's customers.

+1 You have not been able to add yubikey or 2FA for encryption to the database as they were also required but I hope Passkey will be implemented sooner.

People expect Enpass to come back with new and improved features, but it's unclear what's happening behind the scenes.No buddy has even a clue if enpass is even planning to release any new version with major upgrades including new features. They have made features request section in forum, but mostly those requests get noted than no buddy knows if anyone is even working on them. The response received only acknowledges that the request has been forwarded and that it will be reviewed. However, there is no indication as to when the requested feature will be implemented.

@Thoughts? The only question I have is how do we make it more secure from unknown access. Storing a security key file in an encrypted vault requires unlocking the vault before accessing the file and unlocking Enpass. Once the volume is unlocked, it becomes vulnerable to RAT attacks and enpass may be subject to key logging. Therefore, it is crucial to find a more robust encryption solution that ensures no unauthorized access to the database. Enpass must be able to access both the database and the security key files simultaneously for maximum security. Storing these files in separate Cryptomator vaults will not suffice as neither vault will function unless both are unlocked. Furthermore, once both vaults are unlocked, anyone could potentially gain access to them, compromising the security of both files. Enpass is maybe not crackable, but it is hackable with much easier tricks than the other password managers.

Well due to this lack of security feature I have started using Bitwarden which seems to be much more secure. @hacked_user I am just in love with enpass, but I cannot risk it for a few accounts including my bank and everything else I have moved those logins to Bitwarden which requires more security. I just hope they will come up with a solution since security key needs to be accessed by enpass to unlock it even if you use cryptomator or any other tool to encrypt it when you want to load it in enpass you have to unlock that encryption for enpass to load that file which also allow remote access to access that mounted drive. So having a security key file is not a reliable solution in my opinion. FIDO2 can be implemented since it is even an offline password manager but still it goes to enpass server or to App Store on Mac and Windows to check and receive updates, so it is not 100% offline. I think if they want to implement this it can be done. I understand @Thoughts? explanation but there are encryption tools who are using Yubikey (Example: HiCrypt.com, Veracrypt.fr) I am not a programmer or don't know much in depth stuff all I need is a much more secure way to encrypt my enpass data with 2FA or security key. I own almost every company: Trezor, Ledger, Yubikey 5, Nitro key 3, Token2, Solo key, Onlykey. I know it is a bit complicated and time-taking process to implement something like this, but this is something which needs serious attention and solution. I saw other people also requesting this from past few years but still it is not developed. I just hope they will get it done some day.

Ok so this happens when you update your macos and in mac there are 2 applications folders. 1 is for default mac apps and second applications folder gets created when you update your macos and second applications folder contains user installed apps. Just move all apps from second applications folder (user installed apps) to first applications folder. Before doing that kill all applications to make sure you don't get any error. This is the only possible solution i found for myself.

@Abhishek Dewan any idea when it will be released? Because this feature is being requested from past several years but it is yet to be implemented.

@Thoughts? So in short 2FA or FIDO2 cannot be implemented with enpass and once your system got hacked and hacker keylogged you and downloaded your database and enpass key file there is nothing you can do to protect yourself? Bitwarden is way better than loosing my all passwords just because enpass is not able to implement 2FA which i am not sure why is not possible to implement even with yubikey. Because no matter where you secure your key file even in cryptomator enpass requires access to that file and once the cryptomator vault is unlocked you can access all files using any RAT. So how come enpass calls it self secure when you have to have access to key file or master password which can be keylogged or even key file can be stolen? Just because enpass is encrypting database is not enough. What enpass is doing to secure that database once key file and database and master password gets stolen?

I don't think they are going to implement any 2FA or FIDO2 in near future not at least for next 5 years as they already spent several years ignoring this feature request.

@Steve Hansen @Thoughts? Well there is another option also which can be implemented which is using hardware security key like yubikey or you can save that 2FA code in encrypted enpass database. This will add security layer because that 6 digit code is not generated on computer instead it will be generated on mobile device. Until we do not enter 2FA or plugin hardware key it will not be unlocked like key file. But keeping key file on same pc even in encrypted cryptomator drive won't work because in the end you have to unlock cryptomator to access key file. But otp gets generated on mobile phone or using yubikey is much more safer way to implement encryption instead of using key file. I am amazed to hear that it cannot be implemented or even will not protect encrypted files if that is the case than why bitwarden has it? If you are not using cloud version and using self hosted version like enpass it still has those security implementations to secure the vault and database. If 2FA or FiDO2 do nothing to secure anything then i think all those giants are dumb who are moving to those options doesn't matter if it is online or offline. Thank you Thoughts? But the approach you have mentioned i have already implemented. The problem is once your cryptomator vault is unlocked it can be access remotely and without unlocking vault no one will be able to access their enpass database and in real world case scenario if your system is hacked by a RAT then cryptomator vault/drive can also be accessed remotely. So in short 2FA or FIDO can be implemented. There is not even a single possible reason or explanation which justifies that it cannot be implemented or implementation of these will not secure your database.

@stefmanWell it sounds like no buddy cares about security. Even after what happened to LastPass Enpass must consider adding security layers for data stored in enpass but no support for hardware keys no support for 2FA. No major new features released since last year, and we do not even know where the roadmap is located, so we can see when it will be implemented and i have no longer any hope for this in near future.

@Pratyush Sharma using key file is not an effective option since it must be stored on same pc we use and once a pc gets hacked keyfile + database + password keystrokes can be stolen from same device so where is that security which stop hackers from getting access to our passwords?

Any news on adding pcloud?

Well since past 2 years i have been using enpass and it worked as expected but some how it was lack in security of data as i described it few months ago in this thread below I have been waiting for Enpass team to get it done but it seems there is no chance of getting 2FA any sooner and i have ended up deciding to stop using enpass until it gets this feature as there is no point is using something what it is supposed to do at it's best but this issue regarding stealing data and password from enpass using malware is scaring me. Thank you enpass team for listening to my requests. Even though I am a lifetime subscriber I am going to stop using it. Sad to leave enpass and moving to other much secure option as i am a security freak and my 20 years of online experience dosn't allow me to use something unsecure as enpass. Have a great future and will see if enpass gets much more secure than maybe some day i will move back to it but until than BYE BYE