-
Posts
98 -
Joined
-
Days Won
2
Everything posted by Ankur Gupta
-
How can I secure my password-database better?
Ankur Gupta replied to AdvancedFabian's topic in Data Security
Hey@AdvancedFabian Thanks for writing in! Your worries about security of your passwords from key-loggers is absolutely justified. Autofilling your passwords—rather than typing—definitely adds another line of defense against them. Now getting to your queries. You're right that saving one-time codes and passwords at same place is not a good idea as it defeats the purpose of having 2FA. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case (convenience). For better safeguarding of your Enpass data you can also add a Keyfile along with the master password which becomes an additional requirement along with your master password to unlock Enpass app. Adding 2FA for unlocking Enpass won't be a genuine solution because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. Neither it can contribute any way into encryption/decryption of local Enpass vault. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other unauthorized devices. Let me know if you have any queries. -
Hi @Merlin There is already a forum post where we have explained about this. Thanks.
-
Hi @Grunt Futuk, Thanks for your feedback. We agree with you that a security-audit plays an important role for a password manager application, and we have planned one very soon down the line with the release of some exciting features. To protect the integrity and sanctity of source code, its access is restricted and controlled by Gitlab. Not everyone can push any code in the production branch directly. Every merge request, comprising changes is closely reviewed to keep a check on bad practices and malicious activities. The critical security module is additionally reviewed by the senior team and CTO itself for security. From the architecture ground, let me assure you that codebase is fully modularized. GUI specific code doesn't perform any cryptographic operations and acts as a client of our core-module which performs all the security-related operations and consists of various parts i.e. database, cryptography-module, network, etc. Our cryptography module is based on open-source SQlCipher and has not changed a bit from the last audit, even after the addition of the subscription model. The core-module is written in c++ and is shared by all platforms. The request to add the second factor in authentication is something that is not required for Enpass because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other, unauthorized devices. Also, the users who want to add an additional layer with the master password can use a KeyFile which is required for unlocking Enpass. We understand your concerns and always take them very seriously. Feedback of our beloved users is what keeps us motivated to make Enpass better every day. Thanks!
-
Hi @RHPT, Thanks for being a long time user of Enpass. Using different email to register shouldn't be an issue of not getting Pro. Please drop us an email on support@enpass.io in order to assist you better.
-
Hi @Mije, You must get the Pro version. Please update to latest version 6.3.0 on all of your devices and use the same Email with which your purchase has been bound. If you are having any issue please drop us an email on support@enpass.io.
-
BUG [6.0.0 - 6.3.0]: Cannot turn off "Autosubmit Login" option
Ankur Gupta replied to MarkV's topic in Mac
Hi @MarkV, Sorry to say but this checkbox doesn't function as you imagined. It is option to choose if login/sign-in button will be clicked automatically after filling username and password on webpage. Thanks. -
Hi @spike, We are sorry for the bad experience. Can you please try by restarting the app (after force stop)? The issue has been fixed in the latest 6.3 which is on the way. With v6.3, you would be able to restore your purchase on other devices too. Let us know if that works. Thanks.
-
Hi @blikksem, I am glad to hear that you issue has been resolved. Thanks.
-
Hi @Adam DZ, Sorry for the inconvenience caused to you. Please let us know your Device OS and Enpass version. Meanwhile you can try the workaround while setting up sync. When you get the 'Authorization Finished' message in your browser, copy the url from browser and open up the Enpass app. It will be a manual redirection from browser to app. Thanks.
-
Hi guys, The newest update that is version 6.3 for Android is still on its way. The app shall be available in a few hours and then you can register your Pro version. Thanks.
-
Hi @Javier, Sorry for the inconvenience caused to you. We will fix this issue in next update. For now you can resume the installation of .pkg file from the macOS Preferences -> Security & Privacy. There you'll see an option to Open Anyway for Enpass.pkg. Thanks!
-
Hi @John Doe, Thanks for using Enpass. We have fixed some UI issues in our latest update so please try it. If issue still persists, then revert us with your device model and iOS version.
-
BUG [6.0.0 - 6.3.0]: Cannot turn off "Autosubmit Login" option
Ankur Gupta replied to MarkV's topic in Mac
Hi @MarkV, We are extremely sorry for the trouble you have been facing from a long time. The last revert to you regarding the confirmation of getting the issue fixed was actually a misunderstanding from our side. That fix was related to some other issue in the UI but not exactly what you have been asking for. Coming to your point now. Actually Enpass has to append "Enpass6AutoFill=[CENSORED]=" in the URL as a message to extension to continue with autofill, so we can't decide to append or not based on the autosubmit selection. That's a different thing. But what you're asking is also a niche but genuine requirement. We can fix it with a workaround like 'shift+click' on link to open that link without appending anything to URL. Is that OK for you if that goes this way? Thanks. -
Hi @Mije, Thanks for being an Enpass user. If you were using the Pro version before, you can certainly unlock all the features by registering with an email. On which platform are you using the Pro version? And how many platforms are you using now? Thanks
-
Hi @blikksem, Sorry for the inconvenience caused to you. Please try the latest version 6.3.0 from here and revert us if issue still persists. Make sure you do not have installed two Enpass version from website and store. Thanks.
-
Hi guys, Sorry for the inconvenience caused to you. We are not able to reproduce the issue. Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue. Thanks.
-
android restore does not recognise masterpassword
Ankur Gupta replied to chthonic's topic in Android
Hi @chthonic, Sorry for the inconvenience caused to you. Please answer the following questions so that I can help you. 1. Which Enpass versions you are using on Linux Desktop and Android mobile? 2. How many vaults you have on your Linux Machine? 3. Are you trying to restore via wifi on android mobile? 4. From which option you took the backup on Desktop? You should get the option to restore existing data below the 'I am a new user' option. Please share the screenshot with us to investigate the issue. Thanks. -
Tag tree on the left collapses every time
Ankur Gupta replied to savanervi's topic in Feature requests
Hi @savanervi, We have already fixed the issue an update will be available soon. Thanks. -
Hi @ryan29, Thanks for sharing the details. I just checked the video sent by you. Enpass sync depends upon the device Date/Time, If you have a different date and time setting on multiple devices then you can get the sync issues. Also, it's not only with TOTP, but It may also happen with other details too. In order to solve this issue, please make sure the date and time setting is accurate on all the devices (preferably set to automatic). Let me know if you need further assistance.
-
Hi @ryan29, Thanks for using Enpass. Sorry for the trouble. Please answer the following so that I can investigate your issue:- Enpass Version on your PC and Android phone? OS Version of phone and PC? Which cloud services are you using to sync? Does the Date and Time setting set to automatic on all devices? You can share the video via PM. Waiting for your reply.
-
Hi @DustinDauncey, Thanks for using Enpass and writing to us. Currently, there is no option to edit the field names in bulk. I want to know which field names you found inconsistent so that we can proceed further. Yes, You can export and edit the data in any text editor you like and import back to Enpass. Please do erase everything from Enpass Advanced Settings and then import the exported json file and check if you have all of your new data. (Make sure you have the latest backup before erasing all data) Please let me know if it solves your issue.
-
Issue with autofill automatically adding new URL entries
Ankur Gupta replied to ChrisSutcliffe's topic in iOS
Hi @ChrisSutcliffe, Thanks for using Enpass. We are already aware with this issue and we will fix it in subsequent updates. Meanwhile you can try disabling the option 'Enpass Settings -> Autofill -> Match URL hostname'. If URL only changes the initial part then it will work for you. Thanks. -
Hi @mwang, I have just checked and found that vault.enpassdb is getting changed every 10 minutes whereas it shouldn't be. We're currently investigating the issue, and if possible we will try to fix it in the upcoming release. We appreciate your patience and co-operation. Meanwhile, I suggest you use the folder '~/Documents/Enpass/Backups' for now. Thanks.
-
Hi @mwang, Thanks for writing to us. Enpass desktop version checks for changes on cloud every 10 minutes and store the sync status in .sync folder in ~/Documents/Enpass. Also Enpass stores some temporary file here used from syncing your vault with cloud vault. You can exclude easily exclude the folder "~/Documents/Enpass/.sync" from backups because it is just like caches which will be created next time you will connect to sync. Alternatively you can follow the suggestion Please let me know if it solves your issue. Thanks.
-
Roboform import - URL missing
Ankur Gupta replied to _olive_'s topic in Importing data from other softwares
Hi @_olive_, Thanks for reporting the issue. We have noted it down. Fix will be available soon.