jdelic

This is NOT about just turning off Enpass for passkey support in the browser. I would like the option to make Enpass always answer any request for Passkey creation with a negative response. That way I hope to be never asked again whether I want to create a Passkey. The background here is that Passkeys are an improvement for people who otherwise reuse insecure passwords, but are a net-negative security tradeoff for everyone else. Many jurisdictions (the US, UK, and Germany for example) have exempted "taking biometrics by force" from constitutional protection against self-incrimination. It's perfectly legal for a US law enforcement agent to use force to unlock your Face ID (by putting your head in an headlock) or forcing your finger onto a fingerprint scanner and then to go fishing through all information that unlocks. Passkeys make this significantly worse by putting your cloud-based information behind biometrics. Hence I will never use Passkeys ever, and would love the option to permanently decline.

come to think of it, updated URLs for auto filling are also not stored from the share sheet. My Enpass is configured to use WebDAV for synching, in case that matters.

Go to a new website When registering, open the Enpass overlay via the share sheet Create a new account / generate a password The account will be registered with iOS (Safari will offer it), but it won't be stored in the Enpass database The created password will not show up in the password history iPhone XS / iOS v13.2.3 Enpass v6.3.1 (410) Enpass is the only enabled password manager on the system This is a very annoying bug and one with data loss.

Hi, I would like to propose the following feature: As a security conscious user who also values convenience I would like to be able to: for N minutes after unlocking the app with my passcode unlock the app again using touch ID This way I would achieve the following goals: Enpass would never be left fully unlocked (i.e. changing into the app via multitasking, activity or tapping the icon should never lead into an unlocked app) Enpass would still regularly require the full passphrase Touch ID would be used as a convenient temporary unlock Thereby, in my opinion, providing a good trade-off between convenience and security. Let's not forget: A fingerprint is a username, not a password.