Peter Wang

Hi Support,

With the most recent firefox 57 release. Enpass Add-on has been disabled by Firefox due to being legacy and unsupported.

Please update the firefox add-on to support the latest firefox 57.

Many thanks

On 08/07/2016 at 3:51 AM, Michael said:

Your two statements seem contradictory to me. If the pin code is supposed to have the same access as the master password, how is making your master password the pin any less secure than having a pin in the first place?

On 08/07/2016 at 3:51 AM, Michael said:

You're essentially saying "I want two passwords to unlock Enpass, a secure one and a less secure one." Having two passwords doesn't make the app any more secure than using only the less secure one.

Because the master password is also used on a desktop. when I'm using desktop I don't mind typing in the longer, more protective password because I have a keyboard. While on my mobile device, I do wish to set a pin which is equivalent to my master password for the sake of convenience. 

So from what you are trying to say, yes, it will be easier to compromise enpass on my phone with a shorter pin, however, that's a personal choice to make, and you will have to steal my phone, crack my phone lockscreen before I remote wipe my phone, and then guess my pin for enpass before accessing my password library.

I don't believe this is a new practice that you have never heard before, a few banking apps that I'm aware of in Australia and New Zealand (which is where I am) are also using this practice on their app.

On 20/06/2016 at 3:51 AM, Michael said:

That sounds like a security risk because it gives your pin the same access level as the master password. -- Why not make your master password the pin. 

The pin is supposed to have the same access level as the master password. This is the practice for even some internet banking app. Ultimately a pin is a security <-> convenience trade-off. And therefore the user should have a choice in the options to use the pin as master password replacement for mobile app only. This should satisfy both parties.

As for making master password the pin... No! That's a real security risk.

Hi I'm a new user, I found out from this post while trying to figure out why my app always asks for master password when I have setup a PIN for it. Below is a quote I found from the post:

Quote

After setting PIN, Enpass asks for master password if the App has been freshly started

Now I realise this is a 'feature' but I think this 'feature' defeats the purpose of the pin due to the fact that I don't constantly keep the enpass app running so mostly of the time I don't get to use my pin. I setup a pin for convenience and I have a complex master password for security. Entering my master password with a little android phone keyboard is a pain.

Please create an option in setting -> security, something like "always use PIN" so some of us can choose to always use a PIN if there is one set.

Regards,

Peter W