Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Hitman last won the day on August 16 2019

Hitman had the most liked content!

Community Reputation

17 Good

About Hitman

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Wow that is creepy. That implies that they store the plaintext password somewhere. Urgh.
  2. Interesting point. Is there some way to see and vote feature requests? (like aha.io or within this forum?)
  3. You can at least configure Enpass to immediately copy the TOTP code to the clipboard after auto filling the rest. So you could hit auto fill and then right away paste your clipboard content before hitting enter.
  4. Since you seem to be technically versed, you can already do what you want, since Enpass uses the opensource library sqlcipher for storage. See also:
  5. With WebDAV it's still doable. Just add the same account with different directories. As long as you don't have to rotate your WebDAV credentials (too often), it should not be that much of a problem.
  6. Erm, having multiple users using the same user account seems to be the real security issue here. That's not how a multi user system is supposed to work.
  7. What do you mean? With WebDAV it works fine. I have multiple vaults, all synchronized via WebDAV.
  8. Bump. Any news if this is gonna be implemented or not? Anything I can do to help or to convince you that it's worth it?
  9. No, it can't. 2FA relies on the server side being in control and unmodifyable. Since Enpass works offline, all the necessary data and checks are on your machine. So an attacker can manipulate everything to his liking (system clock, etc.). Whatever second factor you choose, its secrets would have to be stored on your machine (as part of your vault) and would be protected with your password. Once this has been logged and the attacker has access to your files (which in your scenario he has), he can unlock the secrets and simply calculate the second factor. You gain no real security; you simply cost your attacker 5 more minutes of his time.
  10. It already does support generating TOTP tokens ... which is what Google Authenticator uses.
  11. With $30 you already have the license for all platforms. 10 for iOS, 10 for Android and 10 for Windows. Since they are lifetime and not restricted to the amount of devices (afaik), what more do you want?
  12. Currently AutoFill is only available for Browser and Mobile. The Desktop version do not offer Autofill at all (as far as I know). In which of these environments do you use it?
  13. Since Enpass is a password manager ... what exactly do you need to SAP Logon that cannot be stored in a password manager? (You know: username + password for example)
  14. Too bad this is still not implemented. I cannot fully switch (back) to Enpass :-(
  15. Enpass will already create a sub directory called "Enpass". If you want it further down, simply add the directories to that path. (for example https://<your-owncloud-host-domain>/remote.php/webdav/some/more/directories ... you may have to create them in advance, I guess)
  • Create New...