Hitman

Different problem for me ... the window doesn't even show. (Also I'm usually not using KDE, but tried it there as well without success). Interesting though ... I looked into the chrome debugger and the extension apparently tries ports 10394, 10395, 10392, 10393 and repeats .... it does not however try port 10391, where Enpass actually listens on.

For me it is also still not working (both Enpass and the Chrome extension are up2date).

Backup from old, restore to new. If you synchronize via a cloud provider, you should also be able to manually "update" the file system. The old beta used a subdirectory "Enpass6 Beta", the new one doesn't ... so simply move the vault out of that directory. (Or better yet: copy it out so you have a backup :))

I would actually prefer to simply buy a license key I can use anywhere I use Enpass (which would be multi platform as well). Btw: why don't you have a donate button? Or a feature bounty program? (so I can donate to have a specific feature implemented) That would all be pretty nice ways to support you guys and wouldn't force you to force us to pay ;-)

For consistency with the other releases for OSX and Win32 I would prefer AppImage. Then it's a single downloadable file like for the other operating systems.

Raspi + Nextcloud (or a simple lightweight WebDAV server) could be a good choice. Or any NAS. Direct Device 2 Device would certainly be a cool thing (especially if they can discover each other over your local network), but I think having a little server in the middle should be doable. Or you simply host the WebDAV server on your PC ... many possibilities :-)

Steam implements TOTP with a different alphabet. The basic algorithm seems to be the same as usual TOTP, but the representation of the token is different. An example implementation can be found here: https://gist.github.com/mooop12/1af7f0ffc8f28ea76f27abcba1e6da01 It would be cool if Enpass added support for these token types (maybe even as part of Enpass 6? :-) ) To not clutter the UI, maybe you could take the road of Bitwarden which uses a URL scheme to support different token types (no schema = default TOTP token, special token however could be steam://xyz123abc456).

Well, the online password managers I know (1Password, LastPass, Bitwarden) don't support a higher level of security as well. They use your master password (well, a derivation of it) together with an optional second factor (for example TOTP) to grant you access to the encrypted storage (that is basically the same as the webdav/icloud password in your case) and then the encrypted data gets decrypted locally using your masterpassword. So from that standpoint you should not be more insecure than with these solutions ... only difference being that you have complete control over storage (you ware not forced to use icloud :-)) and that enpass works 100% offline as well. If you simply stop synchronizing with icloud, your local file is still fine. Anyway: Enpass 6 has keyfile support. If you enable that (for a vault), you then need that together with your master password. Is this maybe enough to cover your case(s)? Then give the Enpass 6 beta a shot. For me it works reliably enough already and afaik the final versions should not be that far out. (Plus: I like the multi vault support!)

IMHO it currently already is two-factor. The first factor is access to the (encrypted!) file. So you usually need username/password to even access WebDAV (or whatever cloud storage you use). So an attacker first has to get past that. If he/she manages that, the file is still encrypted with your master password. I handle it via NextCloud. My account there is protected with a second factor and for each individual Enpass installation I generate an application password to use (since I obviously cannot use a TOTP token for sync). I guess you cannot be much safer than that. And that is nothing that Enpass can change.

Tried that, didn't work :'( (Also the other machines use Cinnamon where I do not have that option, afaik).

For me it's even worse. The first click on the Enpass icon does nothing, all further clicks show a "enpass is not running" error (although it is running). I guess some background process dies right after the first try. This happens with Chrome based browsers and Firefox as well. On Windows it works, though. On all my Linux machines it currently doesn't.

Great work picking out the one point of my post that was even marked as being my opinion and completely ignoring all the objective points I listed otherwise. Nice style! I'm talking about User Interface, while you are talking about User Experience. The UI has more features than the Bitwarden UI. It's as simple as that. See examples above.

More locked in? Enpass 6 has an awesome export. You can export your complete vault to a JSON file which contains a lot more information (in a much more structured way) than Enpass 5 did (or a lot other password managers, for that matter). I also tried Bitwarden (simply because it's OpenSource), but it lacks a lot of polish that Enpass has (UI wise, IMHO). I miss custom field reordering, custom field categories, the templates and I cannot edit/add items in Bitwarden while I'm offline. Also Bitwarden "only" encrypts field contents, but not the structure of your vault items. While this is not a huge risk, I still don't like leaking metadata. All in all I feel a lot more safe and in control with Enpass. And thanks to the new multi vault feature I can also cover family or work shared items now.

Same problem(s) here. It is really annoying currently to have to type in the master password that often. Out in the open I have to type a long nasty password on a smartphone display where everyone could watch .... that's exactly something I do NOT want and one of the reasons to use a password manager in the first place. From the way it manifests I can only assume it is a bug (and not by design). Which gives me hope. Otherwise it might become a show stopper for me :-/

I have the same problem with the current beta. With the previous beta it was working flawlessly. (Tried with Firefox and Vivaldi).

Me too, that's why I need a Linux Build. A missing linux build is why I can't use 1Password, for example. Cross-Platform support is important, so I'm very grateful that the Enpass team keeps up their good work. The most important thing is, that the final product works as flawless as possible, and their beta cycle(s) are there to ensure that. (Not to mention that they JUST released a new build for all platforms ;-))

Wow, thanks for being so forthcoming with these information. That really shows that you take security seriously (because obscurity won't work). Enpass rocks!

I certainly would like to have folders (back). Maybe keep Tags separate? I can see a case for each. Folders work better when the hierarchy is relevant while Tags are pretty nice if you want categories (that can overlap). Both combined should work for every use case. Btw just an example from my current KeePass file (which I cannot replace with Enpass under these current circumstances - without Folders): | Root \ Project 1 \ Development | Test | Production | Project 2 \ Development | Test | Production | ... Under each sub folder (Development, Test, Production) I have the necessary SSH keys, passwords, etc. for these environments. I think you get the idea. Yes, I can probably build ugly tag names to "fix" this ("Project1_Development", "Project1_Test", ...). But it is still not as convenient as it could be. Just to be sure: don't throw away tags. They are nice. Add folders (again) and keep these features separate. Folders are used in a different way than tags, but they may certainly be used in conjunction.

Please consider packaging Enpass as AppImage, so it runs distribution independent. (I use neither one of the Debian family nor of the RedHat family.) Positive side effect: you do not have to be administrator/root to install Enpass, since you can simply run an AppImage as user.