Ivarson

On 6/26/2024 at 8:14 AM, Amandeep Kumar said:

At this time, we do not have a fixed timeline for the release. Once we have more information, we will provide an update here. You can also check our website for the latest updates and announcements.

That's fine, but can you at least confirm that there _are_ plans to upgrade it? 

Upgrade portable already. It's way behind 

On 5/30/2024 at 8:31 AM, Amandeep Kumar said:

Enabling the Temporarily unexpire M124 flags flag

1. Open Chrome, then type chrome://flags into the address bar
2. In the flags page which opens, tap the search box, then search for M124
3. Tap Default under Temporarily unexpire M124 flags then tap Enabled.
4. Tap the Relaunch button that appears at the bottom of your browser

Enabling Android Credential Management for passkeys flag

1. Open Chrome, then type in chrome://flags into the address bar
2. In the flags page which opens, tap the search box, then search for passkeys
3. Tap Default under the Android Credential Management for passkeys flag, then tap Enable for Google Password Manager and 3rd party passkeys
4. Tap the Relaunch button that appears at the bottom of your browser

Workaround confirmed working. Is this something that can be addressed from Enpass side or do we have to wait for Google to sort Chrome out? 

Only text and images has the open-option in enpass (if I remember correctly) so having only Save for a pdf is expected, should apply whether an item was imported or created originally in Enpass.

The limitation for pictures and text is due to enpass not wanting to dump the file outside the app, since it might be left in a temporary folder or cached in a external application. 

All of a sudden, webauthn (passkeys) requests in Chrome are not being redirected and picked up by enpass. 

Chrome 125.0.6422.72

Enpass 6.10.2.986

Android 14/Samsung a54

Passkeys still works in (the few) native Android apps that supports passkeys. 

I know, it's supposed to :-)

I was asking about how the shared data _looked_ like, when you could share without AES-256 encrypting it. Pretty sure it was plaintext fields on each row, and a .ENPASSCARD-file with non-encrypted base64.

anyway, wouldnt a "Copy All"-option sort your needs?

The clipboard would contain all populated fields in the item, and would be intended for human-to-human sharing or external copying. (base64 is in essenence made for normalized transportation)

---

Title: XCV

Username: XCV

Password: XCV

Website: <URL>

---

i also recall talking to enpass support one or two years ago about a web-based service for external password sharing, and they were "working on it"

something like Bitwarden Send or Lastpass password sharing where you could have either password- or limited accessattempts on a generated weblink, not sure if that took of or not.

25 minutes ago, Nervier said:

No... the "Export" does a *full* export of all records, all fields, in plain text, password included (on MacOS). So much worse than exporting a single item in plain text. And then they go on talking about "due to data security reasons" we force you to encrypt with a PSK an individual item. So frustrating...

Here's a sample screenshot.... (the appliances doesn't exist anymore - it's a 10yr old account)

I was asking about the per-item 'Share'-function, not the 'Export' and how the non-PSK shared data looked like

I dont remember what the unprotected sharing looked like, but think it was All fields in plaintext, and a enpasscard in base64?

@Amandeep Kumar If you want the Share-function to be a secure Enpass-only thing where there are no shared vaults involved, you could instead add a "Copy All Fields" for the items (you already have Copy Username, Copy Password, Copy URL, Copy OTP, Copy Email.. adding a Copy All wouldn't reduce security _that much_, possibly the fact that all fields resides in clipboard at thesame time, but atlest the clipboard would still be protected by the builtin timer that wipes records after some time by default.

As a sidenote, in the Windows-app, there's a Print function where Enpass generates PDF-files.

This can be used in some cases, but it's clunky, the content cant be highlighted and copied from and so forth, but if you want to share several fields at once, and the password isn't too long and complex, you can select an item, hit the Burger-menu (not the items three dots) -> File -> Print -> selected items.

Then make sure that "Microsoft Print to PDF" is selected, which creates a local PDF instead of going to a physical printer.

Due to a glitch i guess, the "selected items" is only available if you're viewing ONE vault, when All Vaults are selected (i.e you have many vaults) you can only select ALL ITEMS.

I dont recommend the print-thing as a sharing-concept, just pointing out its there for the Windows Desktop app.

It's missing from your release notes, but Wear OS companion app has finally got it's facelift in 6.10.2, with way clearer layout and fixed scrolling issues.

well done, but add it do the changelog

On 1/15/2024 at 10:12 PM, arihuh said:

I created a Google passkey on my phone before Enpass started supporting passkeys. I have now chosen Enpass to manage my passkeys.

Can I somehow move my old passkey to Enpass, or should I delete the old passkey and then create a new passkey using Enpass? 

Old question, but you should setup a new passkey in enpass. 

The RFC-specifications for import / export of Passkeys aren't out YET.

(but backup restore in enpass ofc covers the Passkeys) 

On 4/24/2024 at 6:57 AM, Amandeep Kumar said:

Thank you for reaching out about this issue with Enpass autofill on Firefox Android. To assist you better, could you please provide the URL of the website where you are encountering the autofill issue.

Any URL

With the update enpass 6.10.1. 982, enpass no longer autofills inline in Firefox for Android v. 124.2.0

Chrome and other apps still autofills and the related settings are on 

Android 14

LinkedIn used to provide a link to login with passkeys, worked fine with Enpass.

Now they (LinkedIn) changed the flow so that a floating popup appears, reading 'login using key', when focusing on the username or password-field.

That popup however brings up Windows native login-screen (device, pin etc) and bypasses Enpass' Passkey-integration.

If more sites follow this, you might have a growing issue at hand.

For Edge and Firefox, i dont event get that floating popup at all.

Windows 11, 23H2.

Google Chrome: 122.0.6261.70

Enpass (Microsoft Store): 6.9.4 (1630)

Enpass Chrome-plugin: 6.9.3

@Amandeep Kumar

Any enpass version on any platform. 

The only possibility to see what category an item belongs to, is to see an item directly from a choosen category. 

If you view an item from the All categories view, there's no field or description to correlate the item back to is category. 

You aren't supposed to move the enpassdbsync AFAIK. 

You disconnect your vault from OneDrive A and connect it to OneDrive B-account? 

This isn't an official package, is it?

Try the Deb-packages from Enpass official Ubuntu repo instead 

"KNOWN ISSUES: - Browser extension unable to connect to application with default permissions. - The extensions will open the application, but not establish a connection." 

- https://flathub.org/apps/io.enpass.Enpass

49 minutes ago, zorixxe said:

How to I change my primary vault from icloud to google drive?
As I no longer have any apple products and they refuse to have sms auth I wont be able to even log in to my Icloud when I stop using my last devide, so switching my enpass to google drive would be the best option.

But how do I switch the primary vault?

vaults are local-first in Enpass. What you'd do is to remove the data "from cloud" on one of your devices with Enpass, then immediately setup a new sync to Google.

If you've got Enpass on more devices still syncing towards apple, youll get a red warning on them saying no data was found on Apple iCloud, ignore and then setup sync to Google on them as well.

make sure you've got backups when doing this, esp. if you're only using Enpass on one device, either automatic ones or create a manual backup, since you'll remove 

Working with vaults — Enpass User Manual-Desktop 6.7 documentation

On 12/21/2023 at 4:43 PM, Mohit Thapa said:

I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
 

 

 

Just tell the devs to stop this malarcy with. It's redicioulus esp. with Enpass going Enterprise.

Pinning was introduced after a security audit you had done prior to Enpass Business, but surely you fixed the real issues that came to light?

Continuing SSL/TLS-pinning for now is just security by obscurity :-)

The new beta version 6.9.4 for android seems to lock the main app when it is brought to focus (and if the "lock after" has been set), not in the background.

I'm seeing my items briefly before enpass lockscreen covers it. So it seems the data is unprotected in the background.

The behavior is seen when "Lock on leave" is disabled.

If that setting is activated, the locking seems to happen as soon as the app is put to background.

Thanks for putting your hands on the WearOS app in enpass beta 6.9.4 for android. 

Seems that you tried to sort the scrolling out. However now you made the title-header scrollable, so items are hidden. 

Please make it so that there is only one scrollable area in the WearOS app (and also not 50% too long scrollbars

Are those plans still "current", that is, you're abandoning the portable version? 

Will it receive functional updates at some point, or security updates if needed, or is it left as-is? 

Is it safe to use in a sync-scenario when other enpass versions are years newer? 

On 12/13/2023 at 4:26 PM, Mohit Thapa said:

Hey @Ivarson
Enpass Technical Team has informed me that the issue is a result of the recent Chrome browser update (version 120.0.6099.43). Indeed, the passkey was functioning correctly until the latest update. Our dedicated team is actively investigating to identify the root cause of the problem. I will keep you informed as soon as a resolution is found.

Checked again now, and seems that this has been solved by Google with yet another Chrome update: 120.0.6099.115. 

Enpass now shows up at Passkey-logins like it should. 

Any idea what's going on? 

Worked fine the other day, logged on to Nintendo, github, passkeys.io Google, so forth. 

But now I get a new seemingly Android-native prompt when I try to use passkeys. 

Chrome://flags still says "Use passkeys for Google Password Manager and third party managers" 

Reboot didn't help. 

Google Pixel 7,

Android 14,

Chrome 120.0.6099.43

Enpass 6.9.3.892

As enpass supports multiple vaults, it would be need if accent colors could be associated with a vault, in the same pane as the name and icon is set.

Then, in the "All Items" view, when all vaults are selected, the items would have the same accent color as its background.

Easier to spot which items belongs where