Jump to content

jankkm

Members
  • Content Count

    24
  • Joined

  • Last visited

  • Days Won

    3

Posts posted by jankkm


  1. @Anshu kumar This is very important! Please look into it!

    It seems like visual issues get a much higher priority than security problems. I don't get it.

     

    edit: It did some more testing and found out that it does work if I use a certificate that is signed by a ca that is marked as trusted in the keychain. This works for me now but I still think it should work with a self signed certificate that has been marked as trusted.


  2. You can also do this for every entry individually by clicking on the icon in edit mode and select 'use favicon'.

    edit:\ Sorry I was wrong. This can only be done if the global option is enabled.


  3. @Meister ,you can add macOS to the title if possible. Here I have some erratic behaviour as well. It seems like there is an issue if the selected item leaves the window when scrolling up/down, it always switches back to the selected item.

    Another issue with scrolling is in the editor 'window'. When scrolling sometimes all text fields dissappear for a while and I can only scroll to the top of notes field, from there I have to grab the scroll bar with the mouse pointer.

    Actually this happens in every view that is scrollable.

    BUT: All of this only happens when using the scroll wheel on a mouse. On the trackpad there doesn't seem to be an issue.


  4. 5 hours ago, Anshu kumar said:

    Hey @jankkm 

    Thanks for the input.

    I would like to share that Enpass 6 is designed to be used for a single user who is using different vaults to manage his personal and work data. So unlocking of other vaults with the Primary vault makes sense.

    Further, it is only the Primary vault where the passwords of other vaults get stored so that you don't have to remember them, and that goes well with the purpose of Enpass. When you unlock the Primary vault, all other vaults get unlocked by fetching their passwords from the Primary vault. 

    For this, you can create a second vault and keep its sync disabled. You don't need to worry about the storage of its password in the Primary vault as it is encrypted with the master password of your Primary vault and no one can access it without the master password of the primary vault.

    Thanks!

    Thank you @Anshu kumar for clarifying that this is the way you want to go with Enpass.

    I still don't agree that it makes sense in every case and also about not having to worry about security. With this design every vault is only as secure as the primary vault passphrase wise. You are right that I can disable sync for a vault which means it is secure on the storage device/service I am syncing with but on my PC/Mac I have to use a passphrase on the primary vault that is at least as secure as the passphrases of the other vaults if I don't want to sacrifice security.

    I think this doesn't make sense because the passphrase of the primary vault is the one I have to type in very frequently so I don't want it to be too complicated and long but if the more complex passphrase of a separate vault is stored in that primary vault, again, the added security of the separate vault is gone (again, only locally).

    Also I like to use the PIN after typing in the passphrase once which weakens security in favor of convenience. It would be irresponsible to do this if the security of every vault depends on that PIN.

    I think it shouldn't be too hard to allow vaults that have to be unlocked individually and it would help a lot!

    I hope you understand my concerns and think about this again. Especially considering that 1Password has exactly the same weakness and quite a few users who are unhappy with it (https://discussions.agilebits.com/discussion/56271/individual-unlocking-of-secondary-vaults-gone-in-1password-6).

    • Like 2

  5. I like the way you managed to get Enpass6 started by the browser when clicking the extension icon but in most cases the app is started, put into the menu bar but the extension cannot connect to the app. I am using the latest macOS with Firefox 63.0 and the latest beta of Enpass6+Extension.

    Sometimes it does work but that is like 1/10 and seems pretty random.

    If you need any additional information, please let me know.


  6. 4 minutes ago, chiwou said:

    does the other vault also unlocks even with a different password?

    No, only the password of the primary vault is able to unlock everything. The passwords of the other vaults seem to be stored encrypted with the password of the primary vault.

    edit:

    sorry I think I got you wrong but my answer should still help. The vaults have different passwords but if you unlock the primary vault every vault is unlocked.

    • Like 1

  7. This is something I already mentioned on the macOS thread but since it is more about the general design of Enpass I decided to open a new thread about it.

    It seems like with the support of multiple vaults you took the approach that 1password took as well to let the user unlock all his vaults with one master password which is the password of the primary vault. Am I right so far?

    Now, I think for some users this might be a good solution but for me one  reason for using multiple vaults is that I want to have one or more vaults that I only want to unlock very rarely because the passwords are sensitive and/or not often used. The way that Enpass6 works now, it makes it a little better because I can sync my default vault and store the "sensitive" one only locally but I think you should give us, the users, more of a choice here.

    I am very interested how others think about this.

    • Like 1

  8. 20 hours ago, FuN_KeY said:

    First of all, I let’s cheer the team for the auto fill support, it is really a great feature!

    How to reproduce the bug:

    - Using autofill, log in to a website (like the Enpass forum). TouchId will work

    - logout 

    - Login again. Since autofill remembers which password you entered for this site, it proposes a shortcut. When using this shortcut, TouchId will not work and you will have to enter the master password (bug)

    Exactly the same here.


  9. 34 minutes ago, Anshu kumar said:

    Hey guys,

    Sorry for the trouble you're going through.

    It'd be a great help if you can share a demo account of your WebDAV via a PM for us to look into this issue.

    Thanks for your co-operation.

    The server is only reachable from my local network so this is not gonna work, sorry. It is an openmediavault setup.


  10. Hi,thank you for inviting me to the iOS beta programm.

    I just installed the first beta und it seems very stable to me. I haven't tested it a lot but the things I tried all worked smoothly except webdav sync.

    The app did accept my webdav credentials but now it says "Synchronizing..." with the spinning circle on the right. After a while it says "Sync Error" and "Something went wrong while syncing with cloud. Error code: 908056"

    On the webdav server I can see that a folder named "Enpass6-Beta" has been created but without any content. Also there seems to be a difference in how the macOS version and the iOS version do it because the macOS version just creates the file "vault.enpassdbsync" in the webdav root without any subfolder.

    • Thanks 2

  11. First of all, I am really glad to see the new version of Enpass coming and it does seem promising to me. People stated that UI and UX does not feel very macOS native and I agree but it could be so much worse and I dont't think we should focus on that.

    But there is something that seems very wrong to me and this is something 1password does in a similar way if I see it right: The different vaults I set up are always opened by entering one (primary) master password. My use case for multiple vaults is that I have a couple of very sensitive passwords that I rarely need to use stored in one vault and I don't want to expose them every time I open my other vaults that I use on a daily basis. Is there a way to keep a vault closed unless I really want to enter the master password to open it? Otherwise please add that functionality!

    Thanks!


  12. Hi Akash,

    thank you for your response. Unfortunately I cannot confirm it this way because the history only holds 5 passwords and I created some till then. I can only see it in one account where I saved it but when it was shown in the generator the second time I understandably did not save it again. So it's only my word really unless there is some other way to confirm it.

    I am using macOS 10.12.6 with Enpass from the AppStore 5.6.9 (151) 


  13. Today I changed my passwords on a couple of different services and I used the built-in password generator to create them.

    I was really surprised to see the same password again that was generated earlier today after generating a couple of other passwords. How can this happen? There must be something wrong with the randomizer or is there some other possible explanation?

    I am really insecure if I should ditch Enpass altogether as quickly as possible.

×
×
  • Create New...