Jump to content
Enpass Discussion Forum

Vinod Kumar

Enpass team member
  • Content Count

    492
  • Joined

  • Days Won

    34

Everything posted by Vinod Kumar

  1. Yes. That is right. To have more information you can refer to this page. Cheers :)
  2. HI @chrismin13, Thanks again for your efforts and sharing stats with us. Both issues need to be fixed from our end in the software. We will share an internal build with you soon.
  3. Hi @Fab8 Unlocking via PIN is more of a convenience feature rather than security. In case of PIN, Enpass restricts access to data through User Interface without locking down the database. After three failed attempts, the database will be closed and a master password will be required next time. Your master password does not remain in memory any time after initial unlock of database. However, running sophisticated attacks with administrative privileges are still possible. We recommend against using PIN in such environments. :)
  4. Hi all, We have identified an issue with our handling of Dropbox Api. Upstream have made some changes and Dropbox sync is broken for iOS and Mac. We are on it and will issue an update as soon as possible. Thanks for your patience.
  5. Hi @chrismin13, Thanks for your efforts to bundle Enpass for snap store. We are a short on team to handle all kind of packaging. We will give you explicit permission to redistribute our software for snap store. Please share your email id in PM. As about other bugs, issue 1 can be resolved from our side by checking a Environment variable set by snap. Browser extension connection requires permissions to require system commands like readlink/netstat/lsof and a port open on localhost. Team is investigating the issues and possible fixes. Thanks, Vinod
  6. Hi @Trendsetter, Noted. It will be implemented soon. Thanks.
  7. Hi @Trendsetter, Password strength in Enpass is calculated using zxcvbn algorithm. Calculation by this method not solely rely based on length but depends upon different kind of patterns too. An additional character introduction may not necessarily result in increased strength if it introduces a pattern match according to algorithm. Please visit following link for more info. https://www.enpass.io/docs/security-whitepaper-enpass/miscellaneous.html#password-strength-estimation https://github.com/dropbox/zxcvbn Thanks.
  8. Hi @mschuppx1, You have mistakenly stored signing verification key file in apt sources directory. Remove invalid files with these commands on terminal and run apt update thereafter: sudo rm /etc/apt/sources.list.d/enpass-linux.key sudo rm /etc/apt/sources.list.d/wget-log Cheers:)
  9. Hi all, Thanks for your inputs. Let us first have a look how biometric unlock in Enpass works, straight from our docs: The invalidation of keys is done by OS itself and there little Enpass can do. Certain custom ROMs and variants of Android OS invalidate TEE keys on reboot. On some devices you will not be able to turn on Biometeric setting in Enpass. Some ROMs also let you Enable biometrics without setting a Device PIN/Passcode first and that makes the TEE unprotected. If this the case with your device, please enable Device PIN/Passcode from device settings and share results.
  10. Hi @Jakob, Whenever we add a permission to extension , Chrome shows the permission dialog with all permissions regardless of they are granted previously. There seems to be lot of confusion with our users on various support channels. So, we have taken back this fix (Chrome default autofill/autosave popup suppression) and released a new version without the fix. If this fix was important for you, please disable chrome built-in password manager manually. Thanks.
  11. Hi @MisterD and @RomanZ, This is the old permission you already provided to Enpass extension and is a must requirement. Enpass extension will now suppress the annoying chrome save password popup if you are using Enpass extension for autofilling and saving your passwords. Hence, this permission is required. Cheers:)
  12. Hi all, Very important discussion going on here. We had this feature once in Enpass as a mandatory setting and we remove it after backlash from users (convenience wins over security). Meanwhile, I have prioritize this feature request and it will be available as an advance option just like 1password. Cheers:)
  13. Evidence is not required in this case. Keylogging, memory reading, screenshots and video recording are very much possible for a process with root privileges. Enpass throws master password after using it but how does UI TextField handles memory internally, is outside of Enpass scope. This is an area we are dependent upon iOS security architecture. In future, we plan to use custom UI elements for text entry of master password as well just like we do it in Desktop versions.
  14. Hi @Fabian1, As stated by @Ivarson, Absolute security of an app is dependent on the OS itself. If integrity of operating system is broken and a adversary is able to run arbitrary code with root privileges, there is little Enpass can do to protect itself. However I would like to summarize, how Enpass stores its data and what happens if your use PIN or bio-metrics to unlock Enpass. All of your data is stored in a database encrypted using your master password. None of your sensitive data is decrypted and stored in any of temporary file, except when you need to export an attachment to
  15. Hi @qalisto, Thanks for bringing this up. With our current portable offering, situation is no better than what has been reported in said news article. While the master password is correctly wiped but other credentials do show up in memory. Blame the old architecture and choices we have made in past. In an ideal world, we would have released portable version alongwith regular version of Enpass 6. Due to resource constraints, we were unable to do so. Good news is that, portable version has been merged with latest stable version and QA has been started. Thanks.
  16. Hi @Phylum, Sorry for the late response. Let me assert that, severity of this kind of attack is low, given the nature of the permissions, attacker requires to exploit it. This attack is only possible on a compromised system where an arbitrary process can read other process' memory and process memory protection is operating system's responsibility. A password manager or another user-space process can't defend against such attacks. However, we have taken some steps to mitigate this kind of attack. This was one of the reasons to rewrite Enpass 6 entirely with a new, robust architecture
  17. @balticsailor Next update should fix this. Beta is already out.
  18. Hi @EdF, Sorry for trouble. Please let me know the version of Enpass you currently have. You can get it from Help->About. Thanks.
  19. Hi @jibba, These files are not meant to be restore directly but here is a workaround. Take backup of your current Enpass. Uninstall and install again from windows store. Create a new vault with any password. Goto Settings->Advance Settings->Click on your data location. This data location will be having a vault.enpassdb and vault.json. Quit Enpass and replace these two files with files you want to restore. Restart Enpass and you should be able to login into restored vault. Cheers.
  20. Hi all, Sorry for inconvenience. This error means unauthorized access error from OneDrive. Somehow authorization token for OneDrive is revoked. Are you changing/adjusting your system time manually? Is it happening on your other devices too? A quick fix is to disconnect and sync again. Thanks.
  21. Hi @servilianus, I have filed a bug report. We will release a fix soon. Thanks.
  22. Hi @Dentonthebear, Sorry for late reply. We have no restriction on size when you choose custom icon. We resize an provided image to 200x200 pixels, after resizing if its size is less than 100KB, it is used as custom icon otherwise not. So, a Custom icon with 200X200 pixel and less than 100KB will always be accepted. Also, favicon support is coming soon and it will save your time from adding custom icon for every website. Thanks.
  23. Hi @Jay Mobile, There is an option to add "Software License" in Enpass under "License" category. Go to Add(+)->License->Software License. Thanks.
  24. Hi @kkupe, Sorry for inconvenience. The reason could be items does not have URLs fields or wrongly imported. Please let me know the 1Password version & format you have exported the file. Thanks.
×
×
  • Create New...