Ankur Gupta

Hey@AdvancedFabian Thanks for writing in! Your worries about security of your passwords from key-loggers is absolutely justified. Autofilling your passwords—rather than typing—definitely adds another line of defense against them. Now getting to your queries. You're right that saving one-time codes and passwords at same place is not a good idea as it defeats the purpose of having 2FA. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case (convenience). For better safeguarding of your Enpass data you can also add a Keyfile along with the master password which becomes an additional requirement along with your master password to unlock Enpass app. Adding 2FA for unlocking Enpass won't be a genuine solution because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. Neither it can contribute any way into encryption/decryption of local Enpass vault. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other unauthorized devices. Let me know if you have any queries.

Hi @Merlin There is already a forum post where we have explained about this. Thanks.

Hi @Grunt Futuk, Thanks for your feedback. We agree with you that a security-audit plays an important role for a password manager application, and we have planned one very soon down the line with the release of some exciting features. To protect the integrity and sanctity of source code, its access is restricted and controlled by Gitlab. Not everyone can push any code in the production branch directly. Every merge request, comprising changes is closely reviewed to keep a check on bad practices and malicious activities. The critical security module is additionally reviewed by the senior team and CTO itself for security. From the architecture ground, let me assure you that codebase is fully modularized. GUI specific code doesn't perform any cryptographic operations and acts as a client of our core-module which performs all the security-related operations and consists of various parts i.e. database, cryptography-module, network, etc. Our cryptography module is based on open-source SQlCipher and has not changed a bit from the last audit, even after the addition of the subscription model. The core-module is written in c++ and is shared by all platforms. The request to add the second factor in authentication is something that is not required for Enpass because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other, unauthorized devices. Also, the users who want to add an additional layer with the master password can use a KeyFile which is required for unlocking Enpass. We understand your concerns and always take them very seriously. Feedback of our beloved users is what keeps us motivated to make Enpass better every day. Thanks!

Hi @RHPT, Thanks for being a long time user of Enpass. Using different email to register shouldn't be an issue of not getting Pro. Please drop us an email on support@enpass.io in order to assist you better.

Hi @Mije, You must get the Pro version. Please update to latest version 6.3.0 on all of your devices and use the same Email with which your purchase has been bound. If you are having any issue please drop us an email on support@enpass.io.

Hi @MarkV, Sorry to say but this checkbox doesn't function as you imagined. It is option to choose if login/sign-in button will be clicked automatically after filling username and password on webpage. Thanks.

Hi @spike, We are sorry for the bad experience. Can you please try by restarting the app (after force stop)? The issue has been fixed in the latest 6.3 which is on the way. With v6.3, you would be able to restore your purchase on other devices too. Let us know if that works. Thanks.

Hi @blikksem, I am glad to hear that you issue has been resolved. Thanks.

Hi @Adam DZ, Sorry for the inconvenience caused to you. Please let us know your Device OS and Enpass version. Meanwhile you can try the workaround while setting up sync. When you get the 'Authorization Finished' message in your browser, copy the url from browser and open up the Enpass app. It will be a manual redirection from browser to app. Thanks.

Hi guys, The newest update that is version 6.3 for Android is still on its way. The app shall be available in a few hours and then you can register your Pro version. Thanks.

Hi @Javier, Sorry for the inconvenience caused to you. We will fix this issue in next update. For now you can resume the installation of .pkg file from the macOS Preferences -> Security & Privacy. There you'll see an option to Open Anyway for Enpass.pkg. Thanks!

Hi @John Doe, Thanks for using Enpass. We have fixed some UI issues in our latest update so please try it. If issue still persists, then revert us with your device model and iOS version.

Hi @MarkV, We are extremely sorry for the trouble you have been facing from a long time. The last revert to you regarding the confirmation of getting the issue fixed was actually a misunderstanding from our side. That fix was related to some other issue in the UI but not exactly what you have been asking for. Coming to your point now. Actually Enpass has to append "Enpass6AutoFill=[CENSORED]=" in the URL as a message to extension to continue with autofill, so we can't decide to append or not based on the autosubmit selection. That's a different thing. But what you're asking is also a niche but genuine requirement. We can fix it with a workaround like 'shift+click' on link to open that link without appending anything to URL. Is that OK for you if that goes this way? Thanks.

Hi @Mije, Thanks for being an Enpass user. If you were using the Pro version before, you can certainly unlock all the features by registering with an email. On which platform are you using the Pro version? And how many platforms are you using now? Thanks

Hi @blikksem, Sorry for the inconvenience caused to you. Please try the latest version 6.3.0 from here and revert us if issue still persists. Make sure you do not have installed two Enpass version from website and store. Thanks.