Jump to content
Enpass Discussion Forum

Ivarson

Members
  • Posts

    287
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Ivarson

  1. Not the same, no. Although the differences are indeed being smoothed out with clientside hashing/encryption for lastpass etc. But when using Enpass, even if I use Google Drive, I can rest asure that its just being used as a "dump transport-service", that is, Google never has a clue of the content of the file, but I can be assured that the file is available since the stability of Google's service in general. (i did use a local owncloud-instance first, but it felt overkill to dedicate a virtual owncloud-machine solely to a wallet-file for enpass :-) One thing which indeed is intruging, maybe thats what you meant in the first Place. Wouldn't it be possible for devs here to write an Edge plugin, with the ability to open a wallet directly from a cloud-provider? That is, an Edge-plugin which pretty much acts like a complete Enpass-client itself. In that case, I as an Win10 user and UWP-app customer, would only need the UWP app and the Edge app, not the desktop version.
  2. Read above. Edge, along with its UWP platform does its best to isolate apps from reaching other apps or processes running on the same machine (loopback). for security concerns mainly. Lastpass and others have their users connect to their cloud to access secrets, hence no loopback communication, so no issue with Network Isolation in UWP
  3. +1 If you choose not to share the source, its sorta up to you to pay some third party to review the code with NDA. And as Gili said, no one expects reoccuring audits. Its mostly, or at least about customers needing to know that you've implemented cryptography in a acceptable way and of course that there are no additional ways in to a running process of Enpass.
  4. +1
  5. Along with open sourcing, external audits which has already been asked for, i'd really like to be able to opt out of google analytics and (other?) tracking mechanism. this is a password vault, it feels sorta creepy
  6. Thank you guys for the portable version, great work! Im actually thinking about dropping the desktop-version on my two Win PC's for this one, in additiona to the phone app. Here's my wishlist: 1. In enpass.conf, my webdav url is in cleartext, since I host it at home, id like the url to be encoded if the USB-drive is lost. is that possible? (for now, I enabled bitlocker on the drive to hide such metainfo).. 2. I'd like a fast option to launch enpassportable with my wallet. In most cases, the wallet will reside next to executable on the USB-stick so I'd want to be able to hardcode a path like " .\ " (working directory or execution path). Obviously tried it but there seemed to be a bug: "ChangedLocationPath=".SubtitleVisible=true"" appeard instead :-) edit: That is, id like the working directory to be pre-selected, skipping the "browse" nad "recent"-dialog. thank! edit 2: In addition, the Recent-dialogue won't allow me to use TabStop and select the stored path of the wallet-file, I have to use the mouse to point'n click. I navigate between apps mostly with keyboard and shortcuts and being forced to use the mouse is an exta moment in launching the app :-)
  7. It's not quite up to team Enpass. "network isolation" has been a "feature" of RT/UWP since win 8. The beta version of Enpass and its related plugin for edge works fine, if you create a local exception, but if there is ANY app you wouldn't want to loosen security on, it's a web browser . . The only thing that sorta bugs me is why you (Enpass devs) promised a release. Where you taken by surprise to hear that exceptions for network isolation was meant only for debug and development , or have you heard from ms that had plans to allowing it in production / store apps ?
  8. I like the TOTP feature. For my primary email I only store the TOTP in Enpass,not the password (which is unique from other password but not as complex,so I have no trouble memorizing it. If my email provider didn't support TOTP I'd never store its single factor password in any password manager, "forgot your password" feature on all other accounts would sorta break the security completely IMHO.
  9. +1
×
×
  • Create New...