Ivarson
-
Posts
274 -
Joined
-
Last visited
-
Days Won
53
Posts posted by Ivarson
-
-
It implements the Autofill-API's on iOS and Android, for websites and apps.
But on Desktop OS's there are no generic API's for that, so only autofill in websites via the plugins.
Some password managers like keepass, keepassxc, keeweb have AutoTyping-functionality but this isnt implemented in Enpass which is ashame.
-
1
-
-
If youre used to Enpass and want to pay ahead you should go for https://stacksocial.com/sales/enpass-plan-lifetime-subscriptions which a lifetime premium.
Don't be too stressed about the decrementing timer, the deal seems to reset once expired, but of course you never know.
-
2
-
-
isn't that an inoffical and old packing of Enpass?
-
Enpass isn't associated with the backup-files if you just double click them. And Word can't open them for sure.
You can (and should occasionally) do a restore to verify them.
That could be done either on another device (with no other Enpass data) or by creating a new, empty vault and choose Restore from backup during creation
-
On 8/27/2022 at 8:19 AM, Ludovic said:
Hi,
Thanks for your reply.
The only main difference is : The app does not store user data on its servers, but locally on their own devices in an encrypted format.
In this case, what happens when :
- I am on another PC?
- I am on my cell phone?
How can I access the passwords stored on my PC?What happens if my computer crashes?
I really need to understand what makes me use enpass instead of Google's ability to remember my passwords wherever I am logged in with my Google account.
Thanks
Regards
Ludovic
Quote“Offline” means we don’t store your passwords, credentials or files on our servers. All your passwords, logins and files are stored (encrypted) locally on your device(s). And you can still synchronize everything using your own cloud accounts.
Very few people use Enpass in a strictly offline fashion, it's mostly a slogan to indicate that the user isn't dependent on Enpass to store the items such as many other pwmanagers.
the sellingpoint for Enpass is that, if they where to be breached none of their customers store their data at Enpass, but scattered on various public clouds. And they don't have to provide infrastructure for it.
for the customer, it's also meant to sense of security that the destination of your cloudprovider (google, icloud) is merely a storage facility for your data, it has no idea of it's content or the password.
if you have a laptop or desktop you can also choose to sync internally within you home LAN leaving out public clouds entirely.
-
1
-
-
16 hours ago, Marina said:
Hello dear Community,
Now I want to hear from you, where you save your Passwordfiles on the Computer?
I had a pretty obvious file, where you could assume that it would be there. Which is pretty dumb obviously. Still I'm not sure which way would be smarter. Put in an any "random" file where no one would suspect it? Oder put in a file with countless other files inside?
Do you get what I mean? I'm sorry, if my english is bad ..
Best Regards
It's not clear whether youre referring to the keyfile, the actual vault or the backup-files?
the vault can be moved on some platforms, but should probably only be moved if it's neccesary.
the optional keyfile that complements the password should not be too visible as you state it, for instance should it be placed on your Desktop it could be noticed via "shoulder surfing" and stolen if you left your computer unattended for few seconds. A USB-key in your keychain could be good, as long as you have a copy of the file in case it gets lost.
the location for backup-files can also be moved, a good strategy would be to copy it regularly to safe place, preferable offline media like a USB-drive to safeguard against ransomware, harddrive failures or other thefts.
If you were referring to the keyfile, it's worth mentioning that on some platforms, the keyfile doesn't have to be present during decryption since it's stored in the secure storage, this applies to at least iOS, Android, Windows (not all computers supports that)
-
No, people have been nagging for that for many years (including me).
There's an advanced section for the vault password where you can generate a Keyfile to use in addition to your password.
While that isn't comparable to fido2 / challenge-response using a hardware token, it adds some complexity to your password.
If using a Keyfile you have to both store the file safely but also not to exposed.
-
On 8/22/2022 at 11:15 AM, Gulshan Dogra said:
Hi @Ludovic,
Welcome to the Enpass community.
Enpass is a cross-platform offline password management app to securely store passwords and other credentials in a virtual vault locked with a master password. The app does not store user data on its servers, but locally on their own devices in an encrypted format.
You'll soon have to strike out _offline_ in the description, while you can opt out manually from some if it, Enpass dials out alot to check news, license subscription, favicons.
But essentially one aren't tied to use Google Chrome when using a standalone password manager like Enpass.
-
On a Google Chromebook, when tapping the link next to a URL-field in a Item , the browser isn't launched as in Android
ChromeOS up 2 date and latest beta
-
On ios 15.6.1 using Enpass 6.8.1.
2 vaults.
If you create an item in a custom category in a secondary vault, the category counter is incremented, but the item doesn't show up if one shows all vaults.
If the view is changed to show only the secondary vault the item shows up.
-
Please tell me if you need more data from me regarding the slowness of the Windows apps.
I currently use Portable version 6.6.1 since that's still quick, but it lacks plugin Pop-up support in the browser plugins as well as Windows Hello-support.
I'm surprised there aren't more voices about it. The Linux-app is still quick and responsive so it's nothing in the Core-part of Enpass..
-
On 8/18/2022 at 7:22 AM, Gulshan Dogra said:
The compromised alert popup issue has been reproduced on our end, and our team is working to resolve it. There will be an update to Enpass in the near future that will fix this issue.
For the issue related to icon please provide some information.
- Which vault is selected in “always open to”.
- Are you facing this problem in on each fresh launch the app or only after update the app?
#27801. Always open to: All vaults
2. Facing problem during fresh launch off app (the icon is incorrect before the sync starts or completes, and continues to be wrong after, until one re-selects All vaults). However it's not happening every time and I don't know how to reproduce it
-
Implement a new fieldtype checkbox ✅. It can be checked or unchecked (directly from the item view, not in the edit items view.
This simple field would greatly enhance the use of Enpass, like shopping lists or todos. Not at least for shared vaults.
-
I thnk the way those stealers operate is that they steal the tokens that various apps and extensions have stored locally.
Even if Enpass extension even stores a token somewhere once being authorized, the vault is local (loopback).
in that sense it's not vulnerable.
if the stealer were to steal files in general in the OS (extensions are heaviliy sandboxed), reaching for the walletx/db-files of Enpass, they would never be in a decrypted / plaintext state like @Redeemer said.
-
1
-
-
On all platforms, Enpass has a setting that's on by default, that copies and maintains the TOTP if the corresponding item has been chosen for autofill.
So you should never have to copy, only paste, which isn't that time consuming.
if you're into fiddeling (and depending on the platform) you can also setup different shortcuts to the Paste command, like the middle button of the mouse..
having that said, I don't if the developers actively try to improve autofill for TOTP as the do with username+password.
They'll have to answer for that.
frankly i just wish they implemented Autotype-functionality as an option which would make Enpass be able to autofill native applications and break the dependency of a browser plugin all in all. but thats another fairytale..
(your question is a bit misplaced though, it belong in this category)
-
On 7/4/2022 at 12:32 PM, Manish Chokwal said:
Hi @Ivarson,
I appreciate your response. We have recently released another version 6.8.2 for Windows. Please try that and let me know if that works fine. Otherwise, please help me with the following details:
- Share the number of items, vaults, and attachments in your Enpass.
- Help me with the cloud sync accounts.
- Please confirm if you are using Windows 10 or 11.
Any response from them devs for Windows?
-
On 7/7/2022 at 7:23 AM, finswim01 said:
Just wondering what the enpass team doing to their security to prepare for quantum computing risks for breaking existing encryption systems.
Thanks
Enpass should be farely safe in a quantum computing era as it uses SQLCipher with AES.
As long as you use atleast 256 of keysize which is the informal industry standard which Enpass also does.
Cryptos that are at risk are RSA and with that public key implementations
-
Used 6.8.2 build 1084 from Microsoft Store for a while and it's still slow.
Since you claim that Enpass shares the same core across OS:es, and the Linux nor Mac-versions aren't slugish, It has to be something in the GUI.. although there's no difference for me in modern versus classic theme.
I've got 4 vaults atm. with 408 items in total.
Windows 11 21h2.
Further more, I have credential guard, bitlocker and a EDR running.
Never the less, prior to 6.8 the performance was way better and Enpass Portable still runs smothly.
Now when I launch the Enpass Helper from systray or a browser plugin, it takes between 1-3 seconds to load the list, and also general navigation within Enpass mainwindow takes noticable time.
Unless you've intentionally put lots of extra checks in for Windows, it feels like your codelogic does something too many times in the app's Eventhandlers..
-
When a vault is being changed from another device and hence reloaded on the phone in question; categories, tags and 'others'-sections in the "Browse"-view are being duplicated.
That is, Creditcard, Misc appears twice etc.
The duplicates disappear when one switches views between All items, browse and audit
It doesnt affect items so just a gui glitch during reload after a database merge has occured.
Enpass: 6.8.2.666
Device: OnePlus 7T
Android: 11
-
4 hours ago, Mohit Thapa said:
Hello all,
I am excited to share that recently Enpass has been audited for security of the Windows App. The complete audit report is available here on our website. Soon we’ll be starting the process for rest of the platforms.
Thanks for your patience.
Excellent. Well done!
Glad to see that few remarks.
The HTTP-service mentioned I presume is the WiFi-Sync-part, which isn't utilized if one doesnt use wifi sync nor start the Service?
-
Did it spill any details if run from a terminal?
Ran enpass on mint 20.3 only two days ago, albeit the Edge iso which uses kernel 5.13 but shouldn't matter
-
9 hours ago, John Doe said:
What you are asking for is one of the core reasons people use Enpass for. Building a web version (like LastPass or 1Password) would mean that there needs to be a back end server where Enpass can “in theory” have access to your usernames/passwords to display them to you on your web browser. Many customers are not comfortable with that. In the current device model of Enpass, the passwords/keys don’t leave your device and Enpass can’t access them. I consider this the strongest security feature of Enpass over 1Password/LastPass etc.
For your use case - try using the portable apps that Enpass has made available. You can save it on your USB stick or your email as an attachement, just click and run that file when you are on a 3rd party computer. No need to install and uninstall
The request @Lonelobo0070made might not suite you nor some other users, nonetheless it is a request he's entitled to make.
When Enpass launched it's WiFi sync-feature it got a "backend" feature.
The point of Enpass is about not being forced to store vaults at the pm-vendor in the cloud. That would still apply here. (local network)
-
is there anything I can contribute with, or..?
There is no change after update to build 1084 from Microsoft Store yesterday.
It feels like, from 6.8, the complete vault isn't loaded in RAM after decryption but every view is loaded ondemand since there is a 1-2 second delay when navigating around. Or some added memory cleaning has been added?
I have a pretty new and speedy HP DragonFly with a Intel i5-8265U..
-
From an interview here, Hemant states that it is planned for a "a password-less authentication with FIDO2" later this year.
Mobile only ? Possible?
in Android
Posted
If you only need the passwords on your phone, there's no point involving another pc or phone.
You install Enpass where ever you need it?