Hitman
Members-
Posts
44 -
Joined
-
Last visited
-
Days Won
9
Everything posted by Hitman
-
What would be the advantage over just using Enpass' built in WebDAV, DropBox etc. sync?
-
Feature request: retrieve secondary vault password from Enpass
Hitman replied to FuN_KeY's topic in Windows PC
Maybe even better: introduce a specific kind of entry that is recognized as a vault (containing password, webdav/dropbox/etc. settings) and can be mounted/restored with one click. It should not be attached/restored automatically, though. But it would be nice if you can easily pick an already saved vault "reference" entry and just say "restore". (Or the other way around: when selecting to add an existing vault, allow picking an entry from one of the already opened vaults that is then used to fill in the to be restored vaults.) -
I think you can counter that by using WebDAV for sync. There you can track from where the access comes when syncing. Also you can change the WebDAV credentials when a device is stolen. When a device is stolen with a vault on it (which is always available offline), you have to consider the content compromised (unless you really trust your master password and didn't store it using fingerprints). So if you change all your passwords and the one of your vault, the old information on the stolen device is useless. Triggering a remote wipe (via iOS or Android) is probably a better choice, though.
-
Wow that is creepy. That implies that they store the plaintext password somewhere. Urgh.
-
Interesting point. Is there some way to see and vote feature requests? (like aha.io or within this forum?)
-
You can at least configure Enpass to immediately copy the TOTP code to the clipboard after auto filling the rest. So you could hit auto fill and then right away paste your clipboard content before hitting enter.
-
Since you seem to be technically versed, you can already do what you want, since Enpass uses the opensource library sqlcipher for storage. See also:
-
Sub vault or Multiple vaults in same backup cloud
Hitman replied to nOrphf's topic in Feature requests
With WebDAV it's still doable. Just add the same account with different directories. As long as you don't have to rotate your WebDAV credentials (too often), it should not be that much of a problem. -
Access to multiple vaults with their separate master passwords
Hitman replied to AMK's topic in Feature requests
Erm, having multiple users using the same user account seems to be the real security issue here. That's not how a multi user system is supposed to work. -
What do you mean? With WebDAV it works fine. I have multiple vaults, all synchronized via WebDAV.
-
Bump. Any news if this is gonna be implemented or not? Anything I can do to help or to convince you that it's worth it?
-
No, it can't. 2FA relies on the server side being in control and unmodifyable. Since Enpass works offline, all the necessary data and checks are on your machine. So an attacker can manipulate everything to his liking (system clock, etc.). Whatever second factor you choose, its secrets would have to be stored on your machine (as part of your vault) and would be protected with your password. Once this has been logged and the attacker has access to your files (which in your scenario he has), he can unlock the secrets and simply calculate the second factor. You gain no real security; you simply cost your attacker 5 more minutes of his time.
-
It already does support generating TOTP tokens ... which is what Google Authenticator uses.
-
With $30 you already have the license for all platforms. 10 for iOS, 10 for Android and 10 for Windows. Since they are lifetime and not restricted to the amount of devices (afaik), what more do you want?
-
Currently AutoFill is only available for Browser and Mobile. The Desktop version do not offer Autofill at all (as far as I know). In which of these environments do you use it?
-
Since Enpass is a password manager ... what exactly do you need to SAP Logon that cannot be stored in a password manager? (You know: username + password for example)
-
Too bad this is still not implemented. I cannot fully switch (back) to Enpass :-(
-
Enpass will already create a sub directory called "Enpass". If you want it further down, simply add the directories to that path. (for example https://<your-owncloud-host-domain>/remote.php/webdav/some/more/directories ... you may have to create them in advance, I guess)
-
Well this is strange ... I use it daily on multiple Linux and Windows Workstations with keyboard and mouse and everything is fine here. I like the look and feel and also the added animations (although I would not need them). So from my perspective it really is a UI polish on top of Enpass 5. Which brings me back to my initial point: it is subjective.
-
Has you primary vault been created with a previous Enpass 6 beta version? Because the layout of the folder structure changed (the previous beta versions used a further subdirectory called "Enpass 6 Beta" ... simply move the vault out of that directory then it should work).
-
What do you mean by that? You cannot access the same (shared) vault from Android and the Windows App? Are you sure the versions are identical? There is currently Enpass 5 (stable) and Enpass 6 Beta. They are not compatible (you can only convert from 5 to 6, but not back). Please check that you have Enpass 5 on Android and Windows or use the Beta on both systems (but don't forget that it is a beta ... keep backups!) Regarding having to type the master password on desktop: I usually prefer the PIN. i.e. I have to enter the Master Password only when starting Enpass, from then on out it is enough to enter a (relatively) short PIN. Having to enter the Master Password after a reboot (or after restarting Enpass) is something I can live with. At least on a machine with a physical keyboard. So at least for the time being you could look into the PIN feature as alternative to the fingerprint (on Windows).
-
First of all, you should test before you buy. The free versions do work. But regarding your problem: what exactly do you mean by they don't work together? I have enpass running on Mac, Linux, Windows and Android and they all are synced via WebDAV. So I would say they work together pretty good. Also on my Android device the fingerprint unlock works fine .... can you be more specific what doesn't work on android and how that manifests?
-
Paying for premium features is still far from non-free. You can still manage all passwords without restrictions. As far as I can tell, you don't lose anything in comparison to Enpass 5.
-
Beware that the repo changed. So you may have to update your apt.sources.
-
$ lsof -v lsof version information: revision: 4.91 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man constructed: Wed Mar 28 21:26:35 PDT 2018 constructed by and on: builduser@anatol compiler: cc compiler version: 7.3.1 20180312 (GCC) compiler flags: -DLINUXV=414008 -DGLIBCV=226 -DHASIPv6 -DNEEDS_NETINET_TCPH -DHASUXSOCKEPT -DHASPTYEPT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DHAS_STRFTIME -DLSOF_VSTR="4.14.8" -O loader flags: -L./lib -llsof system info: Linux anatol 4.15.13-1-ARCH #1 SMP PREEMPT Sun Mar 25 11:27:57 UTC 2018 x86_64 GNU/Linux Only root can list all files. /dev warnings are disabled. Kernel ID check is disabled. Enpass claims to be version 6.0.0.197 The Browser extension claims to be 6.0.0.56 (Chrome) I have currently only one user session - ("ps ax | grep enpass" only contains one entry) ss -a - l -n -p reports "tcp LISTEN 0 128 0.0.0.0:10391 0.0.0.0:*" All my systems are running ArchLinux and I have that problem no matter what desktop environment I tried (gnome, cinnamon, kde/plasma). Is there anything else I can check for? Oh and Enpass 5 worked on those systems and as far as I can tell the first beta of Enpass 6 as well.