Jump to content
Enpass Discussion Forum

Vinod Kumar

Enpass team member
  • Content Count

    492
  • Joined

  • Days Won

    34

Vinod Kumar last won the day on February 22

Vinod Kumar had the most liked content!

Community Reputation

118 Excellent

About Vinod Kumar

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yes. That is right. To have more information you can refer to this page. Cheers :)
  2. HI @chrismin13, Thanks again for your efforts and sharing stats with us. Both issues need to be fixed from our end in the software. We will share an internal build with you soon.
  3. Hi @Fab8 Unlocking via PIN is more of a convenience feature rather than security. In case of PIN, Enpass restricts access to data through User Interface without locking down the database. After three failed attempts, the database will be closed and a master password will be required next time. Your master password does not remain in memory any time after initial unlock of database. However, running sophisticated attacks with administrative privileges are still possible. We recommend against using PIN in such environments. :)
  4. Hi all, We have identified an issue with our handling of Dropbox Api. Upstream have made some changes and Dropbox sync is broken for iOS and Mac. We are on it and will issue an update as soon as possible. Thanks for your patience.
  5. Hi @chrismin13, Thanks for your efforts to bundle Enpass for snap store. We are a short on team to handle all kind of packaging. We will give you explicit permission to redistribute our software for snap store. Please share your email id in PM. As about other bugs, issue 1 can be resolved from our side by checking a Environment variable set by snap. Browser extension connection requires permissions to require system commands like readlink/netstat/lsof and a port open on localhost. Team is investigating the issues and possible fixes. Thanks, Vinod
  6. Hi @Trendsetter, Noted. It will be implemented soon. Thanks.
  7. Hi @Trendsetter, Password strength in Enpass is calculated using zxcvbn algorithm. Calculation by this method not solely rely based on length but depends upon different kind of patterns too. An additional character introduction may not necessarily result in increased strength if it introduces a pattern match according to algorithm. Please visit following link for more info. https://www.enpass.io/docs/security-whitepaper-enpass/miscellaneous.html#password-strength-estimation https://github.com/dropbox/zxcvbn Thanks.
  8. Hi @mschuppx1, You have mistakenly stored signing verification key file in apt sources directory. Remove invalid files with these commands on terminal and run apt update thereafter: sudo rm /etc/apt/sources.list.d/enpass-linux.key sudo rm /etc/apt/sources.list.d/wget-log Cheers:)
  9. Hi all, Thanks for your inputs. Let us first have a look how biometric unlock in Enpass works, straight from our docs: The invalidation of keys is done by OS itself and there little Enpass can do. Certain custom ROMs and variants of Android OS invalidate TEE keys on reboot. On some devices you will not be able to turn on Biometeric setting in Enpass. Some ROMs also let you Enable biometrics without setting a Device PIN/Passcode first and that makes the TEE unprotected. If this the case with your device, please enable Device PIN/Passcode from device settings and share results.
  10. Hi @Jakob, Whenever we add a permission to extension , Chrome shows the permission dialog with all permissions regardless of they are granted previously. There seems to be lot of confusion with our users on various support channels. So, we have taken back this fix (Chrome default autofill/autosave popup suppression) and released a new version without the fix. If this fix was important for you, please disable chrome built-in password manager manually. Thanks.
  11. Hi @MisterD and @RomanZ, This is the old permission you already provided to Enpass extension and is a must requirement. Enpass extension will now suppress the annoying chrome save password popup if you are using Enpass extension for autofilling and saving your passwords. Hence, this permission is required. Cheers:)
  12. Hi all, Very important discussion going on here. We had this feature once in Enpass as a mandatory setting and we remove it after backlash from users (convenience wins over security). Meanwhile, I have prioritize this feature request and it will be available as an advance option just like 1password. Cheers:)
  13. Evidence is not required in this case. Keylogging, memory reading, screenshots and video recording are very much possible for a process with root privileges. Enpass throws master password after using it but how does UI TextField handles memory internally, is outside of Enpass scope. This is an area we are dependent upon iOS security architecture. In future, we plan to use custom UI elements for text entry of master password as well just like we do it in Desktop versions.
  14. Hi @Fabian1, As stated by @Ivarson, Absolute security of an app is dependent on the OS itself. If integrity of operating system is broken and a adversary is able to run arbitrary code with root privileges, there is little Enpass can do to protect itself. However I would like to summarize, how Enpass stores its data and what happens if your use PIN or bio-metrics to unlock Enpass. All of your data is stored in a database encrypted using your master password. None of your sensitive data is decrypted and stored in any of temporary file, except when you need to export an attachment to
×
×
  • Create New...