BrigoNortensson

If an OTP field is not marked as sensitive, such that the number code is visible without clicking the unhide button... could this number code be displayed next to the account name the same way the username is displayed under it?

Additionally, could a "2FA" icon be placed at the bottom of the iPhone/Android apps, to filter for only those accounts that do have OTP fields? I have probably 250-350 saved passwords and other items, but maybe only 7 or 8 accounts that use 2FA. It would be nice to be able to jump to those quickly.

I have solved my problem, after about a day's worth of troubleshooting.

Enpass 6.x does not handle spaces correctly in the webdav url. Spaces in a url should be encoded as %20, and that's what I tried. It would always fail to sync.

If I put them into a path that had no space, I could get it to sync to any arbitrary folder, so it wasn't a problem with arbitrary paths.

When I however use an actual space character in the url (instead of url encoding) suddenly it started working. I will now begin the process of upgrading to 6.x on all my devices (5.x was getting rather painful at this point, since there haven't been browser plugins in a long time). Mostly I was forced to figure it out, since iOS decided to upgrade my phone without my permission.

I am now using 6.1.0 (390) on a Mac.

It still does not work. I cannot get it to sync, though it did in earlier versions.

At home, I'm still using 5.x ... because 6 is broken in a way that's unacceptable. The only killer feature that Enpass has that other password managers do not is the webdav sync. I will start looking for alternatives, and spend a long weekend laboriously transferring data from one to the other at some point in the future.

If I am willing to dump my passwords into the root directory of Nextcloud, it seems ok with that. But I need to be able to place my documents where they belong, not where software arbitrarily decides it should go.

I am attempting to sync to the url:

URL/remote.php/webdav/Documents/Encrypted%20passwords/

If that ends at "webdav", it will sync. This isn't a viable alternative for me. If I specify the folder to sync to, it fails. It may be an issue with the %20, but I've tried leaving that as a space and as a + character. Neither works.

6.0.7 was waiting for me on my work computer (Macos) this morning.

Fails the same way as 6.0.6 and 6.0.5. 

Thankfully, I haven't upgraded to 6.x on my home computers... they're still usable. But I'm stuck in a position where my work computer only has the old passwords, and none of the new. And if I ever forget and add an account on the work computer, I'm going to have a hell of a time reconciling the two (as yet, the work computer's copy of the vault is some old snapshot).

Please fix this. I cannot wait forever. The only thing preventing me from switching is that I've yet to find another password manager that worked as well as Enpass 5.x for this particular feature. 

Finally got 6.0.6 this morning, still broken.

This is unacceptable. The only feature that Enpass got right that no other password manager did was Webdav syncing. If 1Password had this, I would never have switched to Enpass.

I've been without syncing on my work machine for a month now. Thankfully I still have 5.x at home... but I have to wait until I'm off work to create any new internet accounts which I don't have access to from my work machine. What gives?

Thank you.

Hopefully it is the spaces issue for me as well, and they get a new update out quickly. 

I can't currently change the folder name. It would be strange if whatever library they were using to handle http didn't know how to handle uri-encoded urls. 

Thank you for the suggestion. I appreciate the help.

I've used the following folder for syncing through Enpass 5.x, and until recently in Enpass 6.x (for Mac).

URL/remote.php/webdav/Documents/Encrypted%20passwords/

In the past few days, it auto-updated to 6.0.5, I'm not sure when. And now it refuses to use that folder. If I just use URL/remote.php/webdav that will work, but I don't want this spamming up my root folder. Can this be fixed so that I can use a specific subfolder again? I use Nextcloud for things *other* than Enpass, after all, and this is just very messy. It's actually something that will make me stop using Enpass if it isn't fixed. That's why I stopped using 1Password, they had funny ideas about where I should be able to sync my vault. 

[crickets chirping]

Guess I didn't explain very well... this would let Enpass reset your passwords for you on those systems that require it every few weeks. You'd never even notice, it'd just happen for you. Or it could let it reset passwords for you if there's been a credible report of password databases being stolen.

Why would you use that feature? You're using a password manager now. Compartmentalize your passwords. Use a different password, never the "login with Facebook" feature.

If they do steal a password, they can only get into one site, not two or more.

I have several passwords that I am forced to change much too often because the people in charge don't understand security very well. School, work, government sites/applications... they all do this.

The configuration to store their requirements is somewhat simple, there are only so many features (how often it expires, which patterns are allowed, disallowed, mandatory). It could be in an xml file, and Enpass could have a feature where it stored such a policy with feature.

The policy would explain to and allow Enpass to change the password without user intervention (no more nagging notifications "your password will expire in 11 days, do you wish to change it now"). It might even be the basis for a feature that, when large-scale password/database thefts occur, all Enpass users could have theirs automatically updated before the stolen passwords could be used.

Websites (the savvy ones anyway) might store their own password policy hidden in the markup itself, like so:

Quote

<link href="pw.xml" rel="password policy">

But until that caught on, Enpass users could craft their own. Other password manager software might actually make use of this (though, Enpass would be the first therefor proving itself the most innovative). Users could of course explicitly disable this feature if they did not wish to use it, just in case there's some early adopter website. Or, it could be used partially (since it would include the maximum allowable characters, Enpass could suggest that when registering a new password, or changing one manually).

This is a mockup of a password policy file, and might be missing a few things. It's larger than an actual working policy would be, because I list multiple options when only one would be chosen.

Quote

<password-policy>
    <endpoint>
        <protocol p="http">
            <url>https://somesite/password_change.php</url>
            <methods>
                <method>POST<method>
            </methods>
            <content-type>
                <mime>application/x-www-form-urlencoded</mime>
                <mime>multipart/form-data</mime>
                <mime>application/json</mime>
            </content-type>
            <fields>
                <field type="login">username</field>
                <field type="old">old_password</field>
                <field type="new">new_password</field>
                <field type="custom">some_crap</field>
            </fields>
        </protcol>
        <protocol p="command">
            <command>/bin/something</command>
        </protocol>
    </endpoint>
    <expiration>
        <nagging unit="week">10</nagging>
        <after unit="week">12</after>
    </expiration>
    <requirements>
        <no-captcha/>
        <minimum>
            <characters>8</characters>
            <lowercase>1</lowercase>
            <uppercase>1</uppercase>
            <numerals>1</numerals>
            <from n="1"><![CDATA[?,:;"'\/!@#$]]></from>
        </minimum>
        <maximum>
            <characters>32</characters>
            <change-attempts unit="day">1</change-attempts>
            <changes unit="day">7</changes>
        </maximum>
        <disallowed >
            <characters charset="utf-8"><![CDATA[<>.]]></characters>
            <initial-character charset="utf-8"><![CDATA[0123456789]]></initial-character>
            <terminal-character charset="utf-8"><![CDATA[0123456789]]></initial-character>
            <sequences>
                <sequence charset="utf-8"><![CDATA[word]]></sequence>
                <sequence charset="utf-8"><![CDATA[password]]></sequence>
            </sequences>
            <passwords>
                <login/>
                <dictionary>https://some.wellknown.external.dictionary.com/list.txt</dictionary>
            </passwords>
        </disallowed>
        <reuse>
            <never/>
            <after unit="day">180</after>
            <after unit="year">1</after>
            <after unit="successful-change">8</after>
        </reuse>
    </requirements>
</password-policy>