Peter Wang

Hi Support, With the most recent firefox 57 release. Enpass Add-on has been disabled by Firefox due to being legacy and unsupported. Please update the firefox add-on to support the latest firefox 57. Many thanks

Because the master password is also used on a desktop. when I'm using desktop I don't mind typing in the longer, more protective password because I have a keyboard. While on my mobile device, I do wish to set a pin which is equivalent to my master password for the sake of convenience. So from what you are trying to say, yes, it will be easier to compromise enpass on my phone with a shorter pin, however, that's a personal choice to make, and you will have to steal my phone, crack my phone lockscreen before I remote wipe my phone, and then guess my pin for enpass before accessing my password library. I don't believe this is a new practice that you have never heard before, a few banking apps that I'm aware of in Australia and New Zealand (which is where I am) are also using this practice on their app.

The pin is supposed to have the same access level as the master password. This is the practice for even some internet banking app. Ultimately a pin is a security <-> convenience trade-off. And therefore the user should have a choice in the options to use the pin as master password replacement for mobile app only. This should satisfy both parties. As for making master password the pin... No! That's a real security risk.

Hi I'm a new user, I found out from this post while trying to figure out why my app always asks for master password when I have setup a PIN for it. Below is a quote I found from the post: Now I realise this is a 'feature' but I think this 'feature' defeats the purpose of the pin due to the fact that I don't constantly keep the enpass app running so mostly of the time I don't get to use my pin. I setup a pin for convenience and I have a complex master password for security. Entering my master password with a little android phone keyboard is a pain. Please create an option in setting -> security, something like "always use PIN" so some of us can choose to always use a PIN if there is one set. Regards, Peter W