Jump to content
Enpass Discussion Forum


  • Posts

  • Joined

  • Last visited

  • Days Won


Ivarson last won the day on November 20

Ivarson had the most liked content!

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Ivarson's Achievements


Collaborator (7/14)

  • Reacting Well Rare
  • Conversation Starter
  • First Post
  • Collaborator Rare
  • Dedicated Rare

Recent Badges



  1. I agree with @sbstnzmr here. It's one thing to utilize SSL pinning, but a completely different thing to force lockout with the 'local' architecture in mind. At the very least there has to be an official, completely offline method for airgap-activating and maintaining licensing. Especially in the Enterprise-segment this is always an option. The very same audience would most likely expect Enpass with its nature to have and honor a switch in Settings->Advanced that disables Enpass from initiating outbound network requests to public internet. Staying local with Enpass should be possible.
  2. Confirmed working in chrome for me. Thanks. Notably, the option below; "Enabled for 3rd party passkeys" does NOT work
  3. Just tried Github, same issue, using latest Chrome for Android with passkey-support activated. Passkey creation/login works on Desktop but not on Android.. Button triggers Google Password Manager only, which is empty and not chosen at all in Settings --> Passwords
  4. Was logging in to file the very same glitch 'til I saw this. Got the same device, same Android- and Enpass-version, tried the same site.
  5. I actually don't understand if the auto-fill vulnerability applies to the Firefox-extension. Today i noticed via the appmanifest-checkup that you have Firefox-extension 6.8.8 published and available on dl.enpass.io. It is however not covered on your Download-site. I installed it and it works. Is it going to be properly published?
  6. In Enpass 6.9.0 stable builds, the websites favicon doesnt show anymore within inline autofill. This applies to both Windows (UWP) and Linux (RPM) and both extension versions 6.8.3 and 6.8.6 Tried with Chome, Firefox and Edge. Enpass extension 6.8.3 on Firefox and 6.8.6 in Chrome. Tried to disable and re-enable 'website icons' in Enpass and relaunch with no avail
  7. Why is the extensions for Firefox still at 6.8.3 while all other browser has 6.8.6 6.8.6 - Changelog Auto-fill vulnerability related to embedded iframes when “Autofill on page load” is enabled in extension settings. Auto-fill problem on Synology reported by a few of you. Inline menu showing password generator when trying to autofill. https://www.enpass.io/release-notes/enpass-browser-extensions/
  8. The portable versions lags behind even more..
  9. The TOTP-functionality isn't just for Premium is it? it's the Audit-stuff including 2FA that is preserved for Premium.
  10. TOTP is calculated based on the local time on each device. Please check and adjust and make sure they're the same
  11. Obviously? that's why merging 5 vaults into 1 is an option if it is sufficent measures for op.
  12. If you really want to keep those vaults independent and on separate cloudstorages, webdav is the only method working since it allows you to specify the path. This would be possible in the oath2-provider situation aswell, but Enpass has for some reason chosen to used fixed paths. what you could do, i guess, is to use Folder as the prefered synchronization method. As you probably understand you'd have to use another sync-mechanism such as OneDrive, Google Drive (or whatever they call 'em now) and sync the target folders to the cloudstorage that way, but many people already have them installed anyway. I don't recall Folder being an option in the Android app previously, but it is present in Android (6.9.0). So by using something like https://foldersync.io/ on android, you should be able to have as many vaults as needed on one cloudaccount. While it is a positive thing securitywise to separate the dutys for local decryption from cloud synchronization (and holder of the oath2-keys), it is slightly more complex and possibly carries higher risk of incidents, such as corruption, missed-out sync-intervals having your latest update being written over. Like @AnakinCaesar mentioned, merging your 5 vaults is alot easier if it's sufficent to store them under one cloudaccount. For instance vault-items previously being stored separately could after the merge be tagged respectively.
  13. I'd say either your time on the device is off, or your network has SSL inspection.
  14. Fixed in version 6.9.0 beta Thank you!
  • Create New...