My1

I would be VERY careful with passports and similar gov-issued documents, depending where you live, storing these can be illegal, especially in print-quality. and for other things like a credit card it might be that it's against the contract especially since the check number on the back is supposed to make sure that the card is "present" during the transaction. also you can get an application that's made for storing files, like veracrypt, steganos or similar solutions. Enpass is supposed to be a password manager and not a file safe.

well true, regarding the PS, well total, meaning that it's for all posts, and as far as I know IPBoard correctly this is a shared limit among all users, meang if I would attach 19MB now, you could just attach about half an MB. Forum aside, the intresting part is whether the 200kb limit is total or per file is something I dont know, but if it would be peer file you could archive the file into a split archive.

yes the limitation is artifical but reasonable, as of now, enpass stores the attachments in the same file as the password DB meaning that if you use sync, that the whole files with everything, has to be bounced around all the time as soon as anything changes. If/when they make it so the database and attachments can get split, this problem will solve itself.

it can be quite a real life scenario, especially with the nano-sized yubikeys. also instead of making 2 different passwords and accept both, you could just set whatever you want as the static pass for the yubi and use that as decryption

now we are talking epic stuff. thanks @Hemant Kumar

I think it's rather about importing from ff directly rather than ff sync.

android >=4.2 has multi user support iirc (unless the maker killed it, but it could be revived with mods)

https://github.com/steffen9000/enpass-decryptor

but why does the check fail if the browser is signed? clearly indicated by the error report.

wait a sec, dont google's guidelines Marshmallow iirc enforce the use of the Android native API for fingerprinting on devices with it?

stupid question while we are at it, can enpass sync with self-signed HTTPS webdav on all clients?

shouldnt you be able to get into the enpass upgrade dialog and upon selecting to purchase the upgrade select the account and then it should throw you back with a statement that you already bought it?

small reminder, this is an offline database, you can forget permissions on that. the only Idea would be a hosted server which manages those permissions the only Problem is that if whoever has control of the server has the decryption password they can completely circumvent the permissions. partially a good Idea but throwing out milti-vault because of this is a bad Idea. while it is helpful to say that group PWs and per-user PWs should be split, truly personal passwords should not be stored in the company DB at all. not a good Idea, or at least not a good default, if we have seperate vaults e.g. for coorperate and personal use or whatever there should be seperate passwords, I mean otherwise, what's the point of having multiple vaults?

kinda sad since there's quite little here with just Google Drive, icloud (Apple devices only), Dropbox and box iirc, and EVERY ONE of those is US based. okay we have webdav but there are very few clouds that actually support it (the main I know are owncloud and nextcloud, but these are generally self-hosted)

well I made myself a box account to have my passwords as far away from anything other personal. sadly box doesnt do a standard TOTP 2 factor (well apple doesnt either) they just do SMS but well better then nothing and I prefer having my PWDB somewhere else then my general use cloud.

one of the best things newer windows versions (iirc vista and above) have is the secure desktop, where an application (usually the UAC dialog) can go into its own secure environment where nothing that doesnt have admin rights (especially your average keylogger) can spy in to see any passwords typed in, or interact with it in any way. one feature I really would love would be allowing DB unlock on the secure desktop

I have enpass as auto start on windows and iirc it always goes quietly right into the tray.

I wonder whether this is even possible in chrome, it is fairly locked down, Firefox may have better chances although they are sadly disappearing with then essentially killing their customization features of addons.

the problem of a self-hosted web app is that it's open source, and well enpass surely isnt, but it may be possible to code something yourself. on github there is an enpass opener which could be used to open the DB and then read it somehow.

sync being a canadian company is FAR (well at least from a standpoint of law) away from all those US Cloud Services which have fairly annoying laws regarding surveillance and stuff, it would be really great to add it to the list.

although there is just one problem. if you use enpass with mobile you have the problem that most probably those cant really deal with smartcards. the only way I see this happening is as a possible replacement for the master password with still allowing one to be set and used for mobile usage.

how about you go disable automatic sumbission and check whether anything gets filled in in the first place?

why not just check the signature and be happy in general, although a self-set trust would be epic. but one thing I would really appreciate would be showing it in a better way. i just got the signature error once by random, all the other times it just shows a connection error with no further details as if enpass wouldnt even have been launched.

may I ask why, I mean direct support is one thing but the signature check should work, or maybe at least display that opera doesnt do beta with enpass. also I think I have used enpass with opera dev in the past

but then again iirc the UWP can do Win Hello, iirc.