Jump to content
Enpass Discussion Forum

Ivarson

Members
  • Posts

    280
  • Joined

  • Last visited

  • Days Won

    53

Posts posted by Ivarson

  1. I know, it's supposed to :-)

    I was asking about how the shared data _looked_ like, when you could share without AES-256 encrypting it. Pretty sure it was plaintext fields on each row, and a .ENPASSCARD-file with non-encrypted base64.

    anyway, wouldnt a "Copy All"-option sort your needs?

    The clipboard would contain all populated fields in the item, and would be intended for human-to-human sharing or external copying. (base64 is in essenence made for normalized transportation)

    ---

    Title: XCV

    Username: XCV

    Password: XCV

    Website: <URL>

    ---

    i also recall talking to enpass support one or two years ago about a web-based service for external password sharing, and they were "working on it"

    something like Bitwarden Send or Lastpass password sharing where you could have either password- or limited accessattempts on a generated weblink, not sure if that took of or not.

     

  2. 25 minutes ago, Nervier said:

    No... the "Export" does a *full* export of all records, all fields, in plain text, password included (on MacOS). So much worse than exporting a single item in plain text. And then they go on talking about "due to data security reasons" we force you to encrypt with a PSK an individual item. So frustrating...

    Here's a sample screenshot.... (the appliances doesn't exist anymore - it's a 10yr old account)

    2024-05-16_06-24-41.png

    I was asking about the per-item 'Share'-function, not the 'Export' and how the non-PSK shared data looked like

  3. I dont remember what the unprotected sharing looked like, but think it was All fields in plaintext, and a enpasscard in base64?

    @Amandeep Kumar If you want the Share-function to be a secure Enpass-only thing where there are no shared vaults involved, you could instead add a "Copy All Fields" for the items (you already have Copy Username, Copy Password, Copy URL, Copy OTP, Copy Email.. adding a Copy All wouldn't reduce security _that much_, possibly the fact that all fields resides in clipboard at thesame time, but atlest the clipboard would still be protected by the builtin timer that wipes records after some time by default.

    As a sidenote, in the Windows-app, there's a Print function where Enpass generates PDF-files.

    This can be used in some cases, but it's clunky, the content cant be highlighted and copied from and so forth, but if you want to share several fields at once, and the password isn't too long and complex, you can select an item, hit the Burger-menu (not the items three dots) -> File -> Print -> selected items.

    Then make sure that "Microsoft Print to PDF" is selected, which creates a local PDF instead of going to a physical printer.

    Due to a glitch i guess, the "selected items" is only available if you're viewing ONE vault, when All Vaults are selected (i.e you have many vaults) you can only select ALL ITEMS.

    I dont recommend the print-thing as a sharing-concept, just pointing out its there for the Windows Desktop app.

  4. On 1/15/2024 at 10:12 PM, arihuh said:

    I created a Google passkey on my phone before Enpass started supporting passkeys. I have now chosen Enpass to manage my passkeys.

    Can I somehow move my old passkey to Enpass, or should I delete the old passkey and then create a new passkey using Enpass? 

    Old question, but you should setup a new passkey in enpass. 

    The RFC-specifications for import / export of Passkeys aren't out YET.

    (but backup restore in enpass ofc covers the Passkeys) 

  5. On 4/24/2024 at 6:57 AM, Amandeep Kumar said:

    Thank you for reaching out about this issue with Enpass autofill on Firefox Android. To assist you better, could you please provide the URL of the website where you are encountering the autofill issue.

    Any URL

  6. LinkedIn used to provide a link to login with passkeys, worked fine with Enpass.

    Now they (LinkedIn) changed the flow so that a floating popup appears, reading 'login using key', when focusing on the username or password-field.

    That popup however brings up Windows native login-screen (device, pin etc) and bypasses Enpass' Passkey-integration.

    If more sites follow this, you might have a growing issue at hand.

     

    For Edge and Firefox, i dont event get that floating popup at all.

     

    Windows 11, 23H2.

    Google Chrome: 122.0.6261.70

    Enpass (Microsoft Store): 6.9.4 (1630)

    Enpass Chrome-plugin: 6.9.3

    linkedin.thumb.png.f704a7be6ee8dfebcf7fbbf9225d04f4.pngimage.png.03dc196335bd58ca10bea301411be388.png

  7. @Amandeep Kumar

    Any enpass version on any platform. 

    The only possibility to see what category an item belongs to, is to see an item directly from a choosen category. 

     

    If you view an item from the All categories view, there's no field or description to correlate the item back to is category. 

  8. 49 minutes ago, zorixxe said:

    How to I change my primary vault from icloud to google drive?
    As I no longer have any apple products and they refuse to have sms auth I wont be able to even log in to my Icloud when I stop using my last devide, so switching my enpass to google drive would be the best option.

    But how do I switch the primary vault?

    vaults are local-first in Enpass. What you'd do is to remove the data "from cloud" on one of your devices with Enpass, then immediately setup a new sync to Google.

    If you've got Enpass on more devices still syncing towards apple, youll get a red warning on them saying no data was found on Apple iCloud, ignore and then setup sync to Google on them as well.

    make sure you've got backups when doing this, esp. if you're only using Enpass on one device, either automatic ones or create a manual backup, since you'll remove 

    Working with vaults — Enpass User Manual-Desktop 6.7 documentation

  9. On 12/21/2023 at 4:43 PM, Mohit Thapa said:

    I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

    Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
     

     

     

    Just tell the devs to stop this malarcy with. It's redicioulus esp. with Enpass going Enterprise.

    Pinning was introduced after a security audit you had done prior to Enpass Business, but surely you fixed the real issues that came to light?

    Continuing SSL/TLS-pinning for now is just security by obscurity :-)

  10. The new beta version 6.9.4 for android seems to lock the main app when it is brought to focus (and if the "lock after" has been set), not in the background.

    I'm seeing my items briefly before enpass lockscreen covers it. So it seems the data is unprotected in the background.

    The behavior is seen when "Lock on leave" is disabled.

    If that setting is activated, the locking seems to happen as soon as the app is put to background.

     

  11. Thanks for putting your hands on the WearOS app in enpass beta 6.9.4 for android. 

    Seems that you tried to sort the scrolling out. However now you made the title-header scrollable, so items are hidden. 

     

    Please make it so that there is only one scrollable area in the WearOS app (and also not 50% too long scrollbars

    • Like 1
  12. On 12/13/2023 at 4:26 PM, Mohit Thapa said:

    Hey @Ivarson
    Enpass Technical Team has informed me that the issue is a result of the recent Chrome browser update (version 120.0.6099.43). Indeed, the passkey was functioning correctly until the latest update. Our dedicated team is actively investigating to identify the root cause of the problem. I will keep you informed as soon as a resolution is found.

    Checked again now, and seems that this has been solved by Google with yet another Chrome update: 120.0.6099.115. 

    Enpass now shows up at Passkey-logins like it should. 

    • Like 1
  13. Worked fine the other day, logged on to Nintendo, github, passkeys.io Google, so forth. 

    But now I get a new seemingly Android-native prompt when I try to use passkeys. 

    Chrome://flags still says "Use passkeys for Google Password Manager and third party managers" 

    Reboot didn't help. 

    Google Pixel 7,

    Android 14,

    Chrome 120.0.6099.43

    Enpass 6.9.3.892Screenshot_20231207-195411.thumb.png.b0502b45f5cceff43fc876c2e9ac4d6d.png

    Screenshot_20231207-195508.png

  14. As enpass supports multiple vaults, it would be need if accent colors could be associated with a vault, in the same pane as the name and icon is set.

    Then, in the "All Items" view, when all vaults are selected, the items would have the same accent color as its background.

    Easier to spot which items belongs where

  15. I agree with @sbstnzmr here.

    It's one thing to utilize SSL pinning, but a completely different thing to force lockout with the 'local' architecture in mind.

    At the very least there has to be an official, completely offline method for airgap-activating and maintaining licensing. Especially in the Enterprise-segment this is always an option.

    The very same audience would most likely expect Enpass with its nature to have and honor a switch in Settings->Advanced that disables Enpass from initiating outbound network requests to public internet. Staying local with Enpass should be possible.

  16. 4 hours ago, Abhishek Dewan said:

    Hi @buggystick @Ivarson

    Upon a comprehensive examination of the issue from our end, we would like to share that in the latest chrome browser update, chrome has added 2 new options in the flag pop up. Kindly enable the option which says 'Enabled for Google Password Manager and 3rd party passkeys' in chrome://flags. Enabling this option should resolve this concern.

    image.thumb.jpeg.893786129fc0836f9436815b96d5f4d5.jpeg

    #SI-3542

    Confirmed working in chrome for me.

    Thanks.

    Notably, the option below; "Enabled for 3rd party passkeys" does NOT work

    • Like 1
  17. 9 hours ago, Abhishek Dewan said:

    Hi @buggystick

    Thank you for sharing the requested details.

    Could you please confirm if you are facing this behavior on just the demo site you mentioned or any other webpages as well? If yes, please share their URL too.

    Just tried Github, same issue, using latest Chrome for Android with passkey-support activated.

    Passkey creation/login works on Desktop but not on Android.. Button triggers Google Password Manager only, which is empty and not chosen at all in Settings --> Passwords

  18. On 11/13/2023 at 8:54 PM, buggystick said:

    I recently got a Pixel 8 (Android 14) and wanted to test the new passkey credential storage API with enpass.  I had to modify my chrome://flags for my browser (Brave) to enable the API and was able to successfully create a passkey in enpass for the passkeys.io demo site.  However when I try to login with that passkey, it doesn't give me the option to use enpass and says that my phone doesn't have a passkey for that site as if it's only trying the default google client.  I do have enpass selected as my passkey service in android settings.  Interesting enough, I can use the enpass stored passkey on desktop though.

    2023-11-13 11.52.03.jpg

    Was logging in to file the very same glitch 'til I saw this.

    Got the same device, same Android- and Enpass-version, tried the same site.

     

×
×
  • Create New...