Jump to content
Enpass Discussion Forum


  • Posts

  • Joined

  • Last visited

Everything posted by Fadi

  1. Well since past 2 years i have been using enpass and it worked as expected but some how it was lack in security of data as i described it few months ago in this thread below I have been waiting for Enpass team to get it done but it seems there is no chance of getting 2FA any sooner and i have ended up deciding to stop using enpass until it gets this feature as there is no point is using something what it is supposed to do at it's best but this issue regarding stealing data and password from enpass using malware is scaring me. Thank you enpass team for listening to my requests. Even though I am a lifetime subscriber I am going to stop using it. Sad to leave enpass and moving to other much secure option as i am a security freak and my 20 years of online experience dosn't allow me to use something unsecure as enpass. Have a great future and will see if enpass gets much more secure than maybe some day i will move back to it but until than BYE BYE
  2. Thank you @stefman and @Abhishek Dewan i hope this will be implemented very soon.
  3. +1 must have this feature.
  4. @Abhishek DewanThank you for your concern but once a system is hacked and hacker got all files of enpass and he keylog that system there is no point in bruteforcing as he already have password and can unlock vault. Adding 2FA to secure it more will be a better way even if a hacker got keyfile, vault and password he still must need 2FA code to access that vault.
  5. As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share. 1: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key. There is no option to set or change default primary vault if i want to. 2: Even if you have created primary vault with enpass key it can be hacked very easily. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. So when a hacker have access to a pc having enpass keyfile does not make it secure. I am a security researcher and i know what i am talking about. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it. even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives. Also please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault. I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know.
  6. i also requested this a long time ago but i was being told to create tag in enpass and save websites using that instead of having a simple button in enpass option to bookmark a page with just a single click.
  7. @Abhishek Dewan I have 2 vaults in macbook app and i have created keyfile for secondary vault. Yes i know when we restore vault it requires keyfile and password but every time i try to restore vault it says keyfile and password does not match. i have tried this 3 times as i have described in details above. I never ever tried to restore vault without keyfile or even with wrong keyfile. after first time i thought i have made mistake and keyfile is wrong but after testing this 2 more times very carefully generating key file and loading it again to restore i always get error that keyfile and password does not match. i have even tried ti note down my password and generated keyfile in separate folder but still error was same.
  8. @hyoungx https://stacksocial.com/sales/enpass-plan-lifetime-subscriptions Here is your discount.
  9. @AnthonyBMaybe you are looking it the other way. Enpass may not have yubikey support which i think it must have but moving to lastpass is not a good move. i have been using password managers since last 14 years and i have used all major of them but before enpass i ended up using roboform. Then i found enpass and it was one time payment and all data is holded in my personal cloud. now if we come into dept of cloud lastpass has faced damage in past and from that time people have stopped trusting it. They are maybe promoting better then enpass by giving free subscriptions to YouTubers but they are not what you think. I even right now have lastpass subscription valid until 2023 but trust me that will be your worst decision. everyone has own opinion but i must say when it comes to security lastpass is not the end. If you just want to move because you need yubikey support then i must say you should go for bitwarden rather then paying lastpass for their shady past. I have bitwarden also and it works perfectly with yubikey. It's way much cheaper, better and stronger then lastpass. I am way too much conscious about my security and i use every possible encryption where ever i can even with enpass. My enpass database is encrypted with cryptomator even database itself is already encrypted but to keep my brain satisfied i used cryptomator. Then instead of using dropbox, box, google or any thing like those who can view my data even it is encrypted twice i use icedrive.net webdav as they also have encrypted storage. As it is about security yubikey is not the end for enpass. You can enable keyfile in your database to activate 2FA in enpass database and secure that with yubikey,pgp or cryptomator. When does your data gets leaked, or hacked? When you become lazy and you think a single security layer can save you from leaking your passwords. i am myself big fan of yubikey but instead of yubikey features in enpass there are many other options but if you are looking for easy solution to add security layer then easy solutions comes with great risks. i have lost 13 gmail account just because i mistakenly reset my yubikey. So in the end the thing is before choosing your options do some research instead of following others footsteps and be creative with your security of your data and Yes yubikey is a must have feature when it comes to security but until we do not have that in enpass we just need to be creative.
  10. I am 24/7 enpass user and while reading white paper one enpass today i found out about key file to make my database more secure as keyfile works as 2FA for database. First i created a database with keyfile and copied my primary vault data to the new vault. Then i connected my new vault to webdav on icedrive.net after syncing everything to my cloud storage i wanted to remove primary vault and keep using the new vault with keyfile. I removed all databases from my enpass and started restoring new vault from icedrive.net once i came to the step where is asks for password and keyfile it gave me error that my keyfile and password does not match. I was bit curious that i have made a mistake somewhere and hopefully i have my primary vault backup so let's do it again but after doing it second time and writing down my password just to make sure i am typing the right password it gave me same error. Then i removed new vault again and created another vault. I connected that new vault to dropbox but guess what? keyfile and password did not matched again. Now this cannot be coincidence as i can be wrong once or twice but not thrice. Then i created a new vault with new key and copied my primary vault to new Database but this time i did not connected to cloud and kept it offline. I took and backup of my new vault and removed all vaults from my enpass. Uninstalled enpass from my mac and after reinstalling i tried to restore from backup but again keyfile and password did not match. Is there anyone who can tell me what exactly is doing on and where am i wrong? Keyfile is same and password is 10000% correct but still enpass did not match my keyfile and password. I really want to use keyfile system to secure my database but as far as i have tested it is not working for me. My Mac and OS used Macbook Pro 15 (2015) OS: macOS Monterey 12.3.1 Thank you
  11. @Manish Chokwal How do we create a keyfile? Can we generate it for already in-use database? Or do we have to create new database for keyfile to be generated?
  12. @Abhishek Dewan I have resolved this issue and out the reason which i am going to explain for any other client who faces this issue.When we update MacOS after updating and restart it creates 2 applications folders 1 is to keep old apps installed and change application default folder to other new one so when apps gets loaded from old applications folder which macos is considering a backup or old folder and is not default in path Enpass start giving error 403. solution to this is move or remove apps from old applications folder and move them or install apps in new applications folder. This will resolve this issue which i was having and there is no one on internet i can find about this issue which means it was resolved by myself after banging my head for hours.
  13. As far as i know enpass is perfect just without few bugs (if there are any) which enpass team fix but there is a feature which i miss in enpass. Which is PGP Features like few other password managers have. I think adding pgp to enpass will complete it's needs as one stop shop for most required security features. People like me use pgp daily and many people are getting aware of encryption using pgp so i think it is a great feature to have in a great password manager.
  14. I think SSH and PGP both must be implemented in enpass.
  15. Last day i received update on my mac 12.2 and after installing update my chrome extension stopped working even though it is working on safari. I had this issue before on windows so i thought like windows reinstalling it will resolve the issue but it did not. then i removed enpass and restarted my mac and then installed everything again but nothing changed. Anyone else have this issue and anyone know how to resolve it?
  16. I was snooping around and tried to find option to save form filling information. I thought Identity option is for that maybe but after trying everything it seems enpass does not have form filling options in it. We can ignore cloud storage, We can ignore Bookmarks but Form filling? Is this only me or does enpass really do not have that option? If there is then please guide me HOWTO. Even i have tried using my saved credit card to fill on a payment page but it also did not worked. Please help me Here Enpass Team. I just miss Roboform Coming from roboform to Enpass was hard but lack of features is another hurdle. I just wish you guys can help me with this.
  17. I hope this issue is resolved and new update is pushed as i am waiting to move to enpass.
  18. What if my computer and mobile gets reset same time and my cloud password is saved in Enpass. How am i suppose to access my cloud backup? When i think of that situation it scares me badly. Enpass Individual subscription is just fee for the software but there is no ease of mind. I have premium subscription which cost everyone 21.49 Euro yearly which does not have any cloud storage so if we are paying just for an offline password manager with so called security then why don't we just use keepass? it also comes with several plugins to sync with cloud. what makes enpass so special? I am roboform user since last 12 years but now i wanted to move to any other better option but after reviewing all features and situations i have decided to stick with Roboform. Today i installed Enpass on my mobile device and after loading application it gave me option to restore my existing data. It asked me to login to my cloud which login is saved in enpass and my mobile does not have that login saved. i had to access my computer and grab main password for cloud from there then login to mobile and then i was able to login. Really? come on i don't think this password manager worth paying 21.49 Euro for very slow support and no cloud storage. Why you are charging people 21.49 Euro for? I think instead of securing our passwords you are making them too much easy to lose in case of damage to both devices and once you lost your cloud storage access and you don't have password for that then this so called secure password manager is no more use. I think if i will have to go through all this struggle then i would probably use KeePass for free which also has same options or even maybe more. Now i know why people use other password manager which have built-in cloud storage with good encrypion and never been hacked and which costs less then half price of this password manager and not using enpass. i am not going to mention other password manager here but trust paying 21.49 euro for enpass is my worst decision i made 10 days ago.
  19. @Pratyush Sharma Roboform Version Enpass Version 6.6.0 (775) OS: Windows 10 Pro OS Version: 20H2 OS Build: 19042.804 Due to security concerns i am not able to share those websites publicly so i have sent you message in inbox for samle website URL which have more then 2 login fields.
  20. I have been using roboform since last 12 years and i have over 2k+ passwords. I successfully imported my passwords from roboform to Enpass but when i imported my roboform notes to Enpass i got a problem. All notes were imported successfully but enpass did not import all data of notes. Many of them had titles only but no data in notes. I tried exporting and importing CSV also but issue remained. Now i have doubts about logins also and i will have to manually go through all logins to make sure it has imported all if my logins. Second issue i had was. I have websites which have multiple fields more then just Login or password. some have 3 fields some have 4 fields and i never had any issue filling them with roboform but with Enpass even that field is available in Enpass in custom fields Enpass did not filled those fields and i had to manually copy paste that field from Enpass. Is there anyone who can help me importing my exported notes from Roboform to Enpass? I have Enpass lifetime premium but now if these issues do not get resolved i will have to move back to roboform sadly. Just found another issue after posting here i tried to manually copy paste my notes into enpass while i was working on that i tried to paste a note from roboform to enpass which has over 500 lines of bitcoin paper wallets but when i pasted it into enpass it stored 100 lines of those and rest of 400 lines were not copied. I have premium subscription and i am using my own onedrive then why there is limit on this? is there any setting we can remove this limit?
  • Create New...