Jump to content
Enpass Discussion Forum

Ankur Gupta

Enpass team member
  • Posts

    98
  • Joined

  • Days Won

    2

Posts posted by Ankur Gupta

  1. Hey@AdvancedFabian

    Thanks for writing in!

    Your worries about security of your passwords from key-loggers is absolutely justified. Autofilling your passwords—rather than typing—definitely adds another line of defense against them.

    Now getting to your queries.

    On 2/8/2021 at 4:04 PM, AdvancedFabian said:

    - Is adding 2FA a good idea? Feels like that is destroying the 2FA, because with one password you get access to the password and also 2FA.. Maybe I should leave that in the google-authenticator?

    You're right that saving one-time codes and passwords at same place is not a good idea as it defeats the purpose of having 2FA. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case (convenience).

    On 2/8/2021 at 4:04 PM, AdvancedFabian said:

    - How can I protect my masterpassword any-better? Is there maybe also a possibility for a 2FA, protect it with another OTP or 2FA or Finger-print? I have no problem to buy a sensor for my computer.

    For better safeguarding of your Enpass data you can also add a Keyfile along with the master password which becomes an additional requirement along with your master password to unlock Enpass app. 

    Adding 2FA for unlocking Enpass won't be a genuine solution because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. Neither it can contribute any way into encryption/decryption of local Enpass vault. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other unauthorized devices. 

    Let me know if you have any queries.

  2. Hi @Grunt Futuk,

    Thanks for your feedback.

    We agree with you that a security-audit plays an important role for a password manager application, and we have planned one very soon down the line with the release of some exciting features.

    To protect the integrity and sanctity of source code, its access is restricted and controlled by Gitlab. Not everyone can push any code in the production branch directly. Every merge request, comprising changes is closely reviewed to keep a check on bad practices and malicious activities. The critical security module is additionally reviewed by the senior team and CTO itself for security.

    From the architecture ground, let me assure you that codebase is fully modularized. GUI specific code doesn't perform any cryptographic operations and acts as a client of our core-module which performs all the security-related operations and consists of various parts i.e. database, cryptography-module, network, etc. Our cryptography module is based on open-source SQlCipher and has not changed a bit from the last audit, even after the addition of the subscription model. The core-module is written in c++ and is shared by all platforms.


    The request to add the second factor in authentication is something that is not required for Enpass because of its offline nature. Since the data is not saved on our servers, there is no requirement of the second factor for its release. However, the users who store their data on their cloud accounts (iCloud, Google Drive, OneDrive, Dropbox, Box and WebDAV), usually enable 2FA on their cloud-accounts, protecting them from unauthorized downloading of Enpass data on other, unauthorized devices. Also, the users who want to add an additional layer with the master password can use a KeyFile which is required for unlocking Enpass.


    We understand your concerns and always take them very seriously. Feedback of our beloved users is what keeps us motivated to make Enpass better every day.

    Thanks!

  3. Hi @MarkV,

    51 minutes ago, MarkV said:

    There is a box to check/un-check "Autosubmit Login" feature. The way I imagine it should work, is when the box is un-checked, and when I click a link to a website, then Enpass simply opens link in a web browser without appending login details to URL, right?

    Sorry to say but this checkbox doesn't function as you imagined. It is option to choose if login/sign-in button will be clicked automatically after filling username and password on webpage.

    Thanks.

  4. Hi @spike,

    We are sorry for the bad experience. Can you please try by restarting the app (after force stop)? The issue has been fixed in the latest 6.3 which is on the way. With v6.3, you would be able to restore your purchase on other devices too. Let us know if that works.

    Thanks.

  5. Hi @Adam DZ,

    Sorry for the inconvenience caused to you. Please let us know your Device OS and Enpass version.

    Meanwhile you can try the workaround while setting up sync. When you get the 'Authorization Finished' message in your browser, copy the url from browser and open up the Enpass app. It will be a manual redirection from browser to app.

    Thanks.

  6. Hi @MarkV,

    We are extremely sorry for the trouble you have been facing from a long time. 

    The last revert to you regarding the confirmation of getting the issue fixed was actually a misunderstanding from our side. That fix was related to some other issue in the UI but not exactly what you have been asking for.

    Coming to your point now. Actually Enpass has to append "Enpass6AutoFill=[CENSORED]=" in the URL as a message to extension to continue with autofill, so we can't decide to append or not based on the autosubmit selection. That's a different thing. 

    But what you're asking is also a niche but genuine requirement. We can fix it with a workaround like 'shift+click' on link to open that link without appending anything to URL. Is that OK for you if that goes this way?

    Thanks.

  7. Hi guys,

    Sorry for the inconvenience caused to you. We are not able to reproduce the issue.

    Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue.

    Thanks.

  8. Hi @chthonic,

    Sorry for the inconvenience caused to you. Please answer the following questions so that I can help you.

    1. Which Enpass versions you are using on Linux Desktop and Android mobile?

    2. How many vaults you have on your Linux Machine?

    3. Are you trying to restore via wifi on android mobile?

    4. From which option you took the backup on Desktop?

    23 hours ago, chthonic said:

    it also only has one option on the Android: ' I am a new user" - why?  I don't quite understand, since I am not a new user, there ought to be an option for user with an existing vault to restore from.

    You should get the option to restore existing data below the 'I am a new user' option. Please share the screenshot with us to investigate the issue.

    Thanks.

     

  9. Hi @ryan29,

    Thanks for sharing the details. I just checked the video sent by you. 

    Enpass sync depends upon the device Date/Time, If you have a different date and time setting on multiple devices then you can get the sync issues. Also, it's not only with TOTP,  but It may also happen with other details too. In order to solve this issue, please make sure the date and time setting is accurate on all the devices (preferably set to automatic).

    Let me know if you need further assistance.

     

  10. Hi @ryan29,

    Thanks for using Enpass. Sorry for the trouble. Please answer the following so that I can investigate your issue:-

    • Enpass Version on your PC and Android phone?
    • OS Version of phone and PC?
    • Which cloud services are you using to sync?
    • Does the Date and Time setting set to automatic on all devices?

    You can share the video via PM.

    Waiting for your reply.

  11. Hi @DustinDauncey,

    Thanks for using Enpass and writing to us.

    14 hours ago, DustinDauncey said:

     2) What is the official (or even unofficial) way of quickly correcting things like field names in bulk across many items in the vault so they are consistent in their naming conventions, etc.? Really this goes for any data, such as values too.

    Currently, there is no option to edit the field names in bulk. I want to know which field names you found inconsistent so that we can proceed further.

     

    14 hours ago, DustinDauncey said:

    1) Can Enpass export data as JSON and still import that same JSON back again? Because in my tests it seems that is not working.

    Yes, You can export and edit the data in any text editor you like and import back to Enpass. Please do erase everything from Enpass Advanced Settings and then import the exported json file and check if you have all of your new data. (Make sure you have the latest backup before erasing all data)

    Please let me know if it solves your issue.

  12. Hi @mwang,

    I have just checked and found that vault.enpassdb is getting changed every 10 minutes whereas it shouldn't be. We're currently investigating the issue, and if possible we will try to fix it in the upcoming release. We appreciate your patience and co-operation.

    Meanwhile, I suggest you use the folder '~/Documents/Enpass/Backups' for now.

    Thanks.

  13. Hi @mwang,

    Thanks for writing to us.

    Enpass desktop version checks for changes on cloud every 10 minutes and store the sync status in .sync folder in ~/Documents/Enpass. Also Enpass stores some temporary file here used from syncing your vault with cloud vault.

    You can exclude easily exclude the folder "~/Documents/Enpass/.sync" from backups because it is just like caches which will be created next time you will connect to sync. Alternatively you can follow the suggestion

    8 hours ago, abhibeckert said:

    Exclude the Enpass vault from entirely from your QRecall backups and backup the Auto Backups directory (you can find the location in Enpass settings).

     

     

    Please let me know if it solves your issue.

    Thanks.

×
×
  • Create New...