Jump to content
Enpass Discussion Forum

Hitman

Members
  • Posts

    44
  • Joined

  • Last visited

  • Days Won

    9

Posts posted by Hitman

  1. Maybe even better: introduce a specific kind of entry that is recognized as a vault (containing password, webdav/dropbox/etc. settings) and can be mounted/restored with one click.

    It should not be attached/restored automatically, though. But it would be nice if you can easily pick an already saved vault "reference" entry and just say "restore". (Or the other way around: when selecting to add an existing  vault, allow picking an entry from one of the already opened vaults that is then used to fill in the to be restored vaults.)

  2. 17 hours ago, Frosty said:

    The way Enpass works, is a slightly different way than many other passwordmanagers like for example 1Password. I like the idea of Enpass, but I think I also missing some features that the others have:

    - I will get noticed when (one of) my Vaults is (tried to) opened by another location

    - I will have the ability to disconnect my device from the Vault(s) when it's lost/stolen > now the vault is stored on the device. And I know it's hard to hack the vault, but it's not a safe idea that I don't have any control when my device is lost. The only way to handle this is to erase my whole iPhone with the 'find my iPhone'-app or in the Apple iCloud.

     

    I think you can counter that by using WebDAV for sync. There you can track from where the access comes when syncing. Also you can change the WebDAV credentials when a device is stolen.

    When a device is stolen with a vault on it (which is always available offline), you have to consider the content compromised (unless you really trust your master password and didn't store it using fingerprints). So if you change all your passwords and the one of your vault, the old information on the stolen device is useless. Triggering a remote wipe (via iOS or Android) is probably a better choice, though.

    • Like 1
  3. On 6/10/2020 at 8:48 AM, Mateusz said:

    Hi @Pratyush Sharma and sorry for late answer.

     

    Some of the websites (most are financial services like banks) use masked password entry on login. It means you have to enter only some of the password signs, e.g. first, third and the last.

    If you password is 12345qwerty (hope it's not ;) ) and you get this input:

    image.png.5deb671cf593a113ea9126b8564d473d.png

    then you have to enter: 1,2,4 and y.

     

    Which password sign you need to enter is randomize by the bank on each login.

     

    Supporting this by Enpass means recognize which fields need to be filled with corresponding sign from stored password and autofill.

     

    I hope it's now more clear to you.

    Wow that is creepy. That implies that they store the plaintext password somewhere. Urgh.

  4. On 5/18/2020 at 9:56 AM, Garima Singh said:

    Hey @bartelsphoto

    Welcome to the forum!

    Thanks for letting us know that you would like to see this feature. Significant user demand is a big factor that determines our priorities for new features.  We really appreciate you for exploring the app and giving time in finding this valuable suggestion. The suggestion has been noted and forwarded to the development team.

    Thanks.

    Interesting point. Is there some way to see and vote feature requests? (like aha.io or within this forum?)

  5. 15 minutes ago, Dion said:

    Hey @Kashish,

    I would really like this so that I can use enpass as the storage backend for a secret manager and otp source for my work credentials. In particular, we have a VPN that requires the password appended with the related OTP for the password field to connect. The client I would add would poll enpass to request the secrets, and when enpass has been unlocked then use them to set up the vpn connection.

    An enpass api is the only thing that has come close to making this secure to implement. And I don't need a full management api for it, just to be able to request credentials based on id/name once the db has been unlocked. Perhaps you could document/publish the api that is used by the browser plugins?

    Best,

    Dion

    Since you seem to be technically versed, you can already do what you want, since Enpass uses the opensource library sqlcipher for storage.

    See also:

     

  6. 4 hours ago, Matthieu said:

    Multiple vault sync in same cloud or at lease webdav folders would be a key feature for most of us.

     

    currently using 1password. Thinking to migrate to enpass (due to 1passwor new sibscription policy) as soon as multiple vault in same cloud will be available.

     

    thanks

    With WebDAV it's still doable. Just add the same account with different directories. As long as you don't have to rotate your WebDAV credentials (too often), it should not be that much of a problem.

  7. 1 hour ago, xinterceptorx said:

    Nothing has happened regarding this matter of properly implementing Multi-Vaul support? I need this feature as well for enpass to remain viable for me!

    What do you mean? With WebDAV it works fine. I have multiple vaults, all synchronized via WebDAV.

  8. On 10/22/2019 at 4:03 PM, seventhose said:

    2FA like fido2 can prevent from a keylogger virus/attack and I think you have to consider it.

    No, it can't. 2FA relies on the server side being in control and unmodifyable. Since Enpass works offline, all the necessary data and checks are on your machine. So an attacker can manipulate everything to his liking (system clock, etc.). Whatever second factor you choose, its secrets would have to be stored on your machine (as part of your vault) and would be protected with your password. Once this has been logged and the attacker has access to your files (which in your scenario he has), he can unlock the secrets and simply calculate the second factor. You gain no real security; you simply cost your attacker 5 more minutes of his time.

  9. 2 hours ago, phg said:

    The point is that the user interface really matters on a desktop app, and the Enpass 6 desktop user interface is just horrible and does not work great at all on with mouse and keyboard, because the interface was designed to be used in a tablet with touch as input. 

    Well this is strange ... I use it daily on multiple Linux and Windows Workstations with keyboard and mouse and everything is fine here. I like the look and feel and also the added animations (although I would not need them). So from my perspective it really is a UI polish on top of Enpass 5. Which brings me back to my initial point: it is subjective.

  10. 1 hour ago, mjeshurun said:

    6.0.0.93 didn't solve the cloud sync problem on Meizu Pro 6 running FlymeOS 6.3.0.0G. I still can't restore primary vault from cloud. 

    Has you primary vault been created with a previous Enpass 6 beta version? Because the layout of the folder structure changed (the previous beta versions used a further subdirectory called "Enpass 6 Beta" ... simply move the vault out of that directory then it should work).

  11. 1 hour ago, tentimes said:

    [...]The android version is only compatible with the non-app version of the windows version, [...]

    What do you mean by that? You cannot access the same (shared) vault from Android and the Windows App? Are you sure the versions are identical? There is currently Enpass 5 (stable) and Enpass 6 Beta. They are not compatible (you can only convert from 5 to 6, but not back). Please check that you have Enpass 5 on Android and Windows or use the Beta on both systems (but don't forget that it is a beta ... keep backups!)

    Regarding having to type the master password on desktop: I usually prefer the PIN. i.e. I have to enter the Master Password only when starting Enpass, from then on out it is enough to enter a (relatively) short PIN. Having to enter the Master Password after a reboot (or after restarting Enpass) is something I can live with. At least on a machine with a physical keyboard. So at least for the time being you could look into the PIN feature as alternative to the fingerprint (on Windows).

  12. First of all, you should test before you buy. The free versions do work.

    But regarding your problem: what exactly do you mean by they don't work together? I have enpass running on Mac, Linux, Windows and Android and they all are synced via WebDAV. So I would say they work together pretty good. Also on my Android device the fingerprint unlock works fine .... can you be more specific what doesn't work on android and how that manifests?

  13. 2 hours ago, Ankur Gupta said:

    Hi @Hitman,

    Thanks for trying out the beta. Please make sure you have  "lsof" dependency installed on your system. 

    If the problem persists, please let me know:

    • Are you using multiple user on your linux machine and running the Enpass App on both users?
    • Which Enpass version and Browser extension version you are using?

    Thanks.

    $ lsof -v
    lsof version information:
        revision: 4.91
        latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
        latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
        latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
        constructed: Wed Mar 28 21:26:35 PDT 2018
        constructed by and on: builduser@anatol
        compiler: cc
        compiler version: 7.3.1 20180312 (GCC) 
        compiler flags: -DLINUXV=414008 -DGLIBCV=226 -DHASIPv6 -DNEEDS_NETINET_TCPH -DHASUXSOCKEPT -DHASPTYEPT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DHAS_STRFTIME -DLSOF_VSTR="4.14.8" -O
        loader flags: -L./lib -llsof 
        system info: Linux anatol 4.15.13-1-ARCH #1 SMP PREEMPT Sun Mar 25 11:27:57 UTC 2018 x86_64 GNU/Linux
        Only root can list all files.
        /dev warnings are disabled.
        Kernel ID check is disabled.
    • Enpass claims to be version 6.0.0.197
    • The Browser extension claims to be 6.0.0.56 (Chrome)
    • I have currently only one user session - ("ps ax | grep enpass" only contains one entry)
    • ss -a - l -n -p reports "tcp               LISTEN              0                    128                                                                                          0.0.0.0:10391                                             0.0.0.0:*"

    All my systems are running ArchLinux and I have that problem no matter what desktop environment I tried (gnome, cinnamon, kde/plasma). Is there anything else I can check for?

    Oh and Enpass 5 worked on those systems and as far as I can tell the first beta of Enpass 6 as well.

×
×
  • Create New...