Jump to content

OLLI_S

Members
  • Content Count

    118
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by OLLI_S

  1. Hello, I am using Enpass 6 and tomorrow I have to use an other computer (just for this day) where I can not install any applications. Is Enpass 6 also available as portable application? Where can I download it? Best regards OLLI
  2. OLLI_S

    Enpass 6 Portable availanle?

    Hello @Anshu kumar, What do you mean by saying co-operate ? OLLI
  3. Hello, I have a Uservoice account to give Feedback for some apps. Microsoft is using Uservoice to gather User feedback for some of his applications, like: Outlook.com (https://outlook.uservoice.com/forums/284136-outlook-com) Microsoft To-Do (https://todo.uservoice.com/forums/597175-feature-suggestions) I went to https://outlook.uservoice.com/forums/284136-outlook-com and entered my login criteria. Enpass asked me to save them and I accepted. When I go to this site I see only the field E-Mail-Address (the password field is only shown after entering the email address). Then I click on the Enpass icon in the toolbar of the browser and double click on the correct entry. The E-Mail-Address is filled but instead of the password field I see an error message that the email address is invalid (although it is shown correctly). I think that Enpass tries to submit the form without any password filled. This is the reason why I added a small delay of 2 seconds in my old password manager KeePass in the Auto-Type Sequence: {USERNAME}{TAB}{DELAY 2000}{CLEARFIELD}{PASSWORD}{ENTER} Please fix this issue. Uservoice is used by many companies and by many users. Thank you! Best regards OLLI
  4. Hello @Anshu kumar thank you for forwarding this issue. I hope it is fixed soon. Best regards OLLI
  5. Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have an internal database of security breaches (database with information about hacked websites where user-data was stolen). In this database they store the website and also the date of the breach. 1Password stores for password entries two modification dates: modification date of the password modification date of the entry 1Password checks the password entries against this database. When a website was hacked after the password was changed in 1Password, then 1Password recommends to change the password. When the password was changed after the hack of the website, then users get no notification. So when the entry for a page was last changed today (like added some notes), but the password itself was changed 2 years ago, then users get a warning when the website was hacked 2 weeks ago. For the password manager KeePass there is a plugin available called HaveIBeenPwned. The plugin and the source code are available here: https://github.com/andrew-schofield/keepass2-haveibeenpwned This plugin downloads the public breach lists form "'have i been pwned?" and from "Cloudbleed Checker". The plugin checks (on demand) your passwords against these lists. In KeePass there is no modification date of the password. To get the modification date of the password the plugin checks the history of each entry and compares the passwords (to find out the modification date of the password). Suggestion: Please add also such a feature in Enpass in the Password Audits. In my opinion it is OK if you use the public available lists from "'have i been pwned?" and from "Cloudbleed Checker" (like the KeePass Plugin). This requires that you also store the "password modification date". When you import entries from KeePass then you should also determine the password modification date of the entry. In the KeePass XML the complete history is also exported. Regards OLLI
  6. OLLI_S

    Check Entries agains known Breaches

    Hello, today I read in the c't magazine that a new database with 620 million accounts was found: https://www.heise.de/security/meldung/Gehackte-Websites-620-Millionen-Accounts-zum-Verkauf-im-Darknet-4305517.html?wt_mc=rss.security.beitrag.atom They link also to an English article in The Register: https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/ Here the following websites are affected: 8fit (20 million) 500px (15 million) Animoto (25 million) Armor Games (11 million) Artsy (1 million) BookMate (8 million) CoffeeMeetsBagel (6 million) DataCamp (700,000) Dubsmash (162 million) EyeEm (22 million) Fotolog (16 million) HauteLook (28 million) MyFitnessPal (151 million) MyHeritage (92 million) ShareThis (41 million) Whitepages (18 million) It would be very useful if Enpass would alert users that have an account at one of these servers and asks them to change the password. Only if the password change date is newer than the breach of the website, then the account is marked as safe. Best regards OLLI
  7. OLLI_S

    Import .pkpass Files

    Hello, today I bought Cinema tickets online and received an email with the file pass1.pkpass. I did not know what this file is used for (I have an Android phone), so I searched in the web and found a good explanation at https://fileinfo.com/extension/pkpass: If that file can contain tickets, coupons, cards, etc. then it would be useful when Enpass could handle these files. in Enpass for Windows Enpass should import these files when I double click them (or select File -> Import) in Enpass for Android it should be possible to ope these files with Enpass Android So please handle .pkpass files. Best regards OLLI
  8. OLLI_S

    Import .pkpass Files

    Hello @Anshu kumar, a colleague of mine told me that these .pkpass files can be updated remotely (push or manually by the user). If you have a flight ticket and a boarding pass, they can be updated (like when the gate changes). Here you get more details: https://en.wikipedia.org/wiki/Apple_Wallet https://developer.apple.com/wallet/ Best regard OLLI
  9. OLLI_S

    Suggest TOTP

    I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is a list of services that support TOTP: https://twofactorauth.org/ We had a Doxxing scandal in Germany where a young guy published many private information stolen from accounts of German politicians and German celebrities. This guy was able to steal the data because the accounts used very weak passwords (like 123456) and were not secured with TOTP. So this feature increases the security a lot!
  10. OLLI_S

    Suggest TOTP

    At the Two Factor Auth List (https://twofactorauth.org/) they have some criteria that describe what websites should be added: https://github.com/2factorauth/twofactorauth/blob/master/CONTRIBUTING.md#site-criteria So they do not add all sites. I suggest that you add a new forum section where users can report website that support 2FA and where Enpass does not yet suggest to use 2FA.
  11. Hello, I read in a computer magazine that there is a new Browser Extension for Google Chrome called Password Checkup https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno When I sign into websites this extensions checks if the password that I have entered is pwned . Then a message box is shown telling me if the password was pwned (message box is red) or if my password is still safe (message box is green). I think it would be useful when Enpass also checks passwords at login. But you should only show a message when the password was pwned. Best regards OLLI
  12. OLLI_S

    Easy Password Sharing

    Hello, I tested Enpass for some weeks now an decided to switch from KeePass to Enpass. Also my family (wife and daughter) should use Enpass, but I want to have separate vaults for each family member (one vault for me, one vault for my daughter and one for my wife). Before I tested Enpass I tested Bitwarden. I will not use Bitwarden because my passwords are stored in the cloud (I know that I can set up my own server, but this is to complicated and too much work). In Bitwarden I can define a group and give this group a name (like "Family"). Then I add users to this group (by email address that they use in their Bitwarden account). Now I can share passwords with them. It would cool when I could add users in Bitwarden. They should be displayed on the left side (below "Tags") in a new group called "Users". To share a password I hust drag it to the user. Now a new dialog opens with the following options Share password read-only This is a switch (on and off), the default setting is "on" When this option is set, the target user can only use the password but not modify it. Hide password This is a switch (on and off), the default setting is "on" When this setting is "on" then the target user can not see the password (to prevent that they read it, go to the website of the service and change it there) This way I can easily share my Amazon account with my wife (but not the daughter), share the school account with both and keep my credit card for me. And when I change a shared password then all target users should automatically get the updated entry. This way is very comfortable and increases the usability a lot! If a password entry is shared, show a little icon at the right side of the password entry (like a little person). It should also be possible to see all shared passwords in one list. Of cause it should be possible to un-share a password that I have shared before. I just select the entry and select "Un-Share" from the menu. Best regards OLLI
  13. Hello, I added a longer note (instructions how to register an applications) to a password entry. After syncing my vault with Android I am only able to see a part of the note in Android. There are also no scroll bars that allow me to scroll down the note. Best regards OLLI
  14. OLLI_S

    Show Full Notes in Android

    I have the Samsung Galaxy Note 8 with Android 8.0.0
  15. Hello, today in the train I thought about changing the passwords of some services. So I had to note it down on my To-Do-Manager. It would be cool when I could add a To-Do to a password entry. Let mt right click on a password entry and select "Add To-Do". Here I could enter any text like "Change Password" or "Add 2FA". Passwords with To-Dos have a special icon on the right side of the name. I also can select "Menu -> View -> To-Dos" to see a list of all passwords that have a To-Do. This way I can note a To-Do on my pone and when I am back home I can see the ToDo and do what I have noted down (like Change the Password, Add 2FA). Best regards OLLI
  16. Hello, I am using Enpass in the German UI. If I go to Einstellungen -> Tresore -> Standard then I see at the field Zuletzt synchronisiert the timestamp in English language (for example: 5 minutes ago). In the English UI this is the field Last Synchronized under Settings -> Vaults -> Primary. Here you should translate the time stamp and write Vor 5 Minuten instead of 5 minutes ago. Please fix this little translation issue. Thank you! Best regards OLLI
  17. OLLI_S

    Timestamp in English Format in German UI

    Thank you @Ankur Gupta for fixing this.
  18. Hello, it would be very useful if you allow to sort the list of Topics in "Manage Followed Content" by title. I added some prefix in front of some topics so this would be really helpful. You also should allow to sort by date (this is the current sort order) so if users sorted by Title they can sort the list by date again. Best regards OLLI
  19. OLLI_S

    Timestamp in English Format in German UI

    I think think that these texts are not yet translated and that the default language in English. So if a text is missing in the translation (like Russian or German) then the English text is sown. So this should be easy to be fixed for the Enpass developers.
  20. Hello, I activated 2FA for my Ubisoft account. Now the 2FA code must be entered when I start the Ubisoft uPlay Client (Windows application). If you implement the Login into Desktop Applications: then Enpass should also copy the 2FA Code into the clipboard after logging me into the application. Best regards OLLI
  21. Hello, also the game Star Citizen allows 2FA codes generated by an Authenticator app. Best regards OLLI
  22. Hello, How can I use TOTP (2FA) within Enpass? Is there somewhere a tutorial available? Thank you! Best regards OLLI
  23. OLLI_S

    [Solved] How does TOTP work in Enpass?

    @xarekate thank you for this information, I did not know that the QR-Code contains these additional information.
  24. OLLI_S

    [Solved] How does TOTP work in Enpass?

    I did not know how to add the 2FA codes but found out that you have to scan the code with the mobile app. And when you log into a website then Enpass fills the username and the password and copies the 2FA code into the clipboard. But I assume you know this already (because it seems to work sometimes). Maybe you have set the time until the clipboard is deleted to short? Go to Settings -> Security -> Clipboard. I have set here 15 seconds, maybe your setting is too short? Does this help? If you like my reply then please give me a "Like" (by clicking on the heart symbol)
  25. Hello @pio93qwertz handling the ToDo with Tags is really a good point. Thank you! I gave you a like for your posting. Best regards OLLI
×