Jump to content
Enpass Discussion Forum

Anonym Potato

  • Posts

  • Joined

  • Last visited

Posts posted by Anonym Potato

  1. Retaining the master password in memory, like on desktops???

    My whole problem is, that the password is stored permanent on the Flash memory. If you turn off your phone, the master password can still be recovered.

    All the other password managers do it like this. Why does Enpass thinks, the user is unable to enter the master password on device restart? I would even say, that this makes it much more probable to forget your password, if you never have to retype it.

  2. The Security Whitepaper says: „Enpass stores an obfuscated version of your master password in iOS Keychain that can only be accessed by Enpass“

    I don‘t understand why the masterkey needs to be stored on the flash memory. Even if this protects the key against other apps. It don‘t protects the key from being physically retrieved.

    I don‘t get why this risk is even necessary. Why can we not get the same security like 1Password users, by simply entering the key on every startup.

  3. I just moved to MiniKeePass.

    This app is a bit outdated, but because of a working security model still a much more secure alternative.

    It is really sad, but Enpass give no f** about security. Still no security audit for iOS, master keys stored on the flash memory, secondary keys stored in primary database.

  4. Why don't you open source your code? Open source don't mean free, and I don't think that a lot of people would build the software from the source code. Nobody is wasting so much time, to save 12€. Enpass is cheap as hell, and no one, would pirate it.

  5. Hello, I am relatively new to Enpass,

    I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure?
    This means that the Masterpassword is stored locally on the flash memory.

    This and the fact, that there have never been an security audit for iOS really worries me.

    Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit.

    • Like 1
  6. Hello, I just managed to enable webdav, but it still won't sync. I entered the right url username and password.

    I get an message:
    "Sync Error      Password of data on WebDAV is required"

    When I tap on Resolve, I can enter the webdav  password again.

    Afterwards it gives me an weird message:
    "Please note that after the sync, the password of data on WebDAV will be changed to password of "Tresor-Name" vault."

    What does this mean? What can I do?

    I am using an iPhone XR on the latest iOS version.

  7. Ok. I just bought the App vor MacOS and iOS. I hope Sinew will fix this soon. Until then, I will have to continue paying for 1Password.
    Why not add an feature like this as en add-on? I am sure there are a lot of people filling to pay 5€ to get more security.

    It is really sad, because this might be such an ideal way to get away from this multiple password manager work around.

  8. Because this adds an single point of failure. If the primary password is leaked, everything is leaked. Because there is information with different kind of security levels, this is essential.

    An other problem is, that in my company the use of PIN-codes and Biometric authentication like Touch-ID, is against the compliance we ensure customers. Also it is unsure if this is compliant with GDPR (because encryption keys are insufficient secured), which might result in fines up to 10.000.000 EUR (about 11.000.000 USD).

    It is the same Problem with 1Password. I don't get why this is still a thing. At the moment I am simply using multiple password managers.

    I hoped to be able to store everything in the same place. This features should not be so difficult to implement!
    Why is this no problem for everyone?

    • Like 1
  9. This is so bad, because secondary faults would be ideal to store crypto seeds. Client information... so information that is extremely critical.

    When its key is stored in the primary vault, this means, it can be accessed with PIN or Touch-ID. Witch is not secure (and in a lot of cases, infringe compliance rules like ISO-norms and GDPR)

  10. Hello, I want to buy Enpass Premium, to be able to have multiple faults.

    My Question is, is it possible, not to store the password of the secondary vault in the primary vault?
    I don't need any auto unlock features. Entering the password every time, is perfectly fine.

    This page indicates this is default:

    "When you create multiple vaults, the passwords of other vaults are stored securely in the Primary vault and are removed when you delete the vault. That’s why when you unlock Enpass, all the vaults get unlocked automatically." - https://www.enpass.io/docs/manual-desktop/vault.html#vaults-in-enpass

    Can this be changed?

    I need different faults for work and private. I don't want any auto-unlock features or stored passwords for my work-data.

  • Create New...