Jump to content
Enpass Discussion Forum


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Ivarson

  1. @ng4ever if you've set up the same cloud account for that vault on all your devices, then yes. When syncing, Enpass compares contents within the local and "remote" database. A missing item will be added and the latest modifications will within items will be applied. As always when you're utilizing Synchronization in any context, the time-settings on all involved devices are crucial. Luckily, that's rarely something one has issues with today since most devices syncs it time from the internet by default.
  2. When experienced users share items between one another with a PSK, The added instructions how to add the vault becomes tedious and stops the receiver from selecting "everything" > copy. Suggestion: add a toggle in all apps in the sharing section where users can turn off "Add instructions". Also the Warning-text could about sharing in general could be opted out from once this toggle has been used.
  3. That's a very nice suggestion imho. I actually had a similar idea only yesterday, where I was thinking of suggesting an additional Field-type of type "Link", where I'd point out vault>item>field. That way I could share passwords or other attributes of an item for multiple entries, or have a Website login in one item, and refer the TOTP to another item, in another vault (to store them separately in the cloud) There would also be a big difference between links and copies /sync, and also in the ways secondary vaults are used: in a case where one has multiple vaults for himself, both links and syncs of items/fields would work, where in the case of a vault shared between users, the primary vault with the source-item might not be present, hence a sync process would work, but not links. Maybe only a two-way sync is needed. If you share a vault and item with someone, you trust them with the content if you're create a linked item. Otherwise you'd share it normally to the shared vault or via a PSK which the receiver adds to his primary vault If you're having all the vaults for your own use, it wouldn't add much with a one-way AND two-way Anyway, good idea, your idea is probably more realistic to implement.
  4. Also, again, * allow dark theme for the Wearos-devices * copy cached favicons from mobile Enpass over to WearOS-device * allow Notes to be visible in WearOS app, currently a custom field has to be added for that
  5. Not sure how steam otp works, but customizable totp is actually in the 6.8 beta of Enpass which is public for mac/windows
  6. https://www.enpass.io/docs/manual-desktop/security.html#clear-clipboard
  7. Like in this instance, what's the cause and what's the purpose of suspending sync demanding "approval" hidden in the vaults settings. The same amount of items, only that the cloud-vault was changed from another source, which is the whole point of sync. And the same now has to be done on other Enpass-installations sharing that vault. See the "red" ring around the icon next to the vault-name? me neither.
  8. That limit is to support very small dataset for free, it's probably not a priority for Enpass to allow user to provide configuration for that, it would require database-scheme upgrade for all users just to support free users. Having more than 20-25 items is meant to lead to subscription
  9. There's a clear warning when there's no internet access and sync fails, a red banner at the top. But when there's a sync conflict in a vault, there's only a red spinner top left that flashes vaguely in red. In Android app it's even hidden until you use the flyout menu. If I where to get my parents to use Enpass, they would never even notice that and their vaults wouldn't be synced. I don't even understand why the user has to intervene here, and press "Merge" since there are no options. But if it's needed at least make it pop out
  10. There seems to be a glitch in Enpass, where it doesn't lock during System Lock (Win-key + L) even it the setting is applied as shown below. The bug occurs (for me) only if I initially unlock Enpass through the Helper Window in System tray. If I initially unlock via the main Windows, the "System lock" works as expected. Enpass 6.7.4 (934) Windows 11 21H2 Fulltime Windows Hello-activated
  11. Depends on your personal circumstances and preferences, but you won't have to input your password nor have the keyfile persistently available which reduces the risk for keyloggers or exfiltration of the keyfile. But your computer still needs to be secured of course, and while the tpm guarded password would be tied to your one computer, keeping it physically secured and prevent people from looking over the shoulder becomes more important as a simple 6 digit code could log you on to the computer and also access Enpass. Enpass themselves wouldn't "recommend" it, I assume this is because they can't guarantee the functionality for Hello since it's a windows function, Enpass merely uses it. But if your password and keyfile are safely stored you should be fine. But I would recommend that you occasionally try to unlock with password +keyfile to ensure function.
  12. The keyfile is part of the encryption and decryption of the primary vault, hence it needs to be present all the time. Worth to mention that any additional vault using a keyfile will save that password AND key file in the primary vault. Also, a virus that's gotten foothold in your box means your pretty much toast anyway, but to make it a bit harder you should read my post here Just make sure you still store the key file safely as it will still be needed, it just doesn't need to lay around..
  13. Exports shouldn't be done if you're not switching password manager. I would simply create a new vault, set it up with a dedicated cloud sync, and then copy items from all vaults there. If you've been good and using unique passwords everywhere you'll also be able to spot potential duplicates via Audit > Identical Passwords
  14. On desktops, there's a option to backup vaults automatically. So if you're a mobile + desktop user you're covered. However in the mobile apps there's only possibility to backup manually. Phone-only users therefore has an increasing risk of non-recoverable situations if something happens, could be them doing stuff wrong or you end up scrambling the vaults. Synchronization is not a backup. Please add scheduled /auto-backup in mobile apps
  15. I understand this, what I'm saying is that you're missing a point with what Hello can achieve. Conscider this; I am an 'advanced' user on Windows-device. I set whatever security i can for my Enpass, a master password with fairly high entropy and a Key-file. I activate Windows Hello with full compatibility (TPM 2.0). I make sure to have a second copy of the keyfile stored safely (maybe on a USB-drive locked into a safe, or whatever) as well as remembering the master password. I make sure any local copies of the keyfile is deleted. Now Enpass is limited to Windows Hello's framework and the 'masterpassword' is safely stored in the computers TPM and can't be extracted. Anything above everyday operations, like changing passwords, exporting vaults would indeed require that keyfile + masterpassword. The keyfile on the other hand would have much higher risk of being compromised, copied or stolen etc. It's not a revelation, i just think people should be aware that the keyfile shouldn't be needed atrest permanently on a Windows-device as long as you have it stored safely somewhere else. This is a upside especially until you've implemented Yubikey-support (a real secure element), if that's still on the roadmap..
  16. When on a Windows-device with compatible TPM and the Hello-integration is turned on, it is possible to delete the Keyfile with the effect that only Windows Hello authentication will be possible. I am positive by that finding, and believe it could be highlighted in the manual or something (couldn't find it in https://www.enpass.io/docs/manual-desktop/Enpass-Desktop.pdf, it only seem to reflect quick unlock with TPM) The keyfile of course still has to be stored somewhere safe, but it doesn't have to reside or be visible to the target machine during everyday usage. that's a huge security benefit if you're using Hello anyway IMHO.
  17. Keepassxc-style HMAC1 challenge/response for the win!
  18. I don't get why this hasn't been done way back. Especially for a software being developed behind closed curtains this is the only way to keep users up2date with expectations as well as letting them steer direction. I've suggested this over two years back and it's probably in the forums here as well
  19. What Enpass Beta are you after? From what I can see, there's no beta version newer than the Stable enpass release (Stable 6.7.4, Beta 6.7.2) Not using that repo myself, are they not up to date? https://www.enpass.io/support/kb/general/how-to-install-enpass-on-linux/
  20. The version available on Microsoft Store uses a modernized icon, should you be able to use that.
  21. Totally off-topic, but what are those applets called showing your network\cpu\mem-stats in system tray?
  22. That feature has been in Enpass for quite some time.. https://www.enpass.io/docs/manual-desktop/share.html
  23. I know. But still.. it worked without any noticeable glitch when I used it (before it was completely disabled). It would be one thing if only provided UWP /Modern theme for windows but since your shipping Enpass with classic and modern theme engine, I'd be thrilled if you could provide light /dark color schemes for both. Thanks
  • Create New...