Jump to content

My1

Members
  • Content Count

    87
  • Joined

  • Last visited

  • Days Won

    3

My1 last won the day on September 16

My1 had the most liked content!

Community Reputation

9 Neutral

About My1

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. My1

    Security audit

    you need to read my message entirely, and in the context of enpass being an offline-first password manager. for access to data online 2FA is totally useful and awesome, but if you have the data already like your enpass vault on your computer, TOTP and the likes cannot add to the encryption due to the dynamic nature of the codes. you would need something like a smartcard with encryption keys for proper 2FA on offline data. a code that is dependent on the time like on TOTP, or dependent on several factors on U2F cannot be used to add encryption since you cant get that same code/data later on to add that to decryption. sorry for posting a link to my blog but I explained this in depth over there: https://blog.my1.dev/steganos-privacy-suite-19-is-a-joke TOTP and many other dynamic code formats can literally only be used to allow or deny access to something, however when the data is already sitting there, just encrypted, there's nothing you can allow or deny, as you could just either hotwire the checks in RAM to skip that part or decrypt the wallet yourself outside the password manager
  2. My1

    Security audit

    I wouldnt even say no requirement but most common 2FA used in the web (TOTP, SMS, U2F) would be pure snakeoil as they couldnt contribute to the encryption in any way
  3. you have to say you already have got it and confirm your email address to access the pro ver
  4. couldnt you just use "sign in with apple" and the rest would happen automatically? same as what is possible with google?
  5. they dont ask you to pay again, in fact even people like me who could get the android version for free get full access now on all platforms: basically you just say already registered, sign in, click sign in with google and boom.
  6. in fact, read the email: it says clearly that the code is valid for 5 mins.
  7. well enpass does have a (granted, more expensive if you use less platforms) one time purchase though I mean even though they say and probably do (didnt try yet) make the desktop versions fully featured fully free, you basically pay as if you would buy for all 5 platforms (win, mac, lin, ios, droid)
  8. sure but the reverse isnt true. you cannot install the W10 version (which is the only that can get premium) on WIn7 or 8.
  9. is there a reason why you make the premium features only available on the store version?
  10. well that winstore and win32 are split is understandable because as enpass said they cant access the store stuff from the win32. but maybe the win32 should just get win-hello and stuff, so no winstore is needed for premium and one can instead use the traditional for everything.
  11. @Vinod Kumar why is there no option to buy the normal enpass version? windows <10 users so cannot get premium at all which obviously sux and not everyone likes giving anything into the hands of MS.
  12. My1

    Security audit

    that is intresting and thanks for that also toor thanks for all the other info in this long post. awesome.
  13. My1

    Security audit

    What new pricing model? Did they start using subscriptions or what? I would guess that especially this part stands out a lot:
  14. My1

    Security audit

    true enough, but do mind that when you "only" have about a month and a hacker may go on for YEARS obviously they can potentially find more vulnerabilities and whatnot. and new attack vectors can come all the time but that may not even be the fault of enpass but the underlying OS or whatever as well.
  15. My1

    Security audit

    true enough. although I wouldnt have expected that Sodium gets droppen in v6.
×
×
  • Create New...