Jump to content
Enpass Discussion Forum

Ivarson

Members
  • Posts

    173
  • Joined

  • Last visited

  • Days Won

    36

Everything posted by Ivarson

  1. You're using the Free version of the IOS app, which entitles you; Stores up to 20 items Single vault See pricing
  2. I dont think Enpass was targeted, there where easier, standardized targets with APi's like you mentioned. They also stole oath tokens meaning that no matter how you store your password, the resulting granting "ticket" for e.g Google or Microsoft Live was passed on. But of course Enpass wouldnt sustain a root-level threat like that if being targeted. The security of an individual app cant hold up if security of underlying operating system is broken.
  3. You have to use the same account for iTunes /App Store. If the records are limited you're probably not doing that
  4. Good respone @Hemant Kumar, but I think another thing is the sellingpoint of Enpass. While some other password manager have their sourcecode opened, they offer subscriptions, onlinestorage and/or sync of the vaults. Enpass moto is "No subscription" and "...nothing is stored on our servers". What enpass has is a good piece of software especially considering the cross-plattform UXP with clients for a broad range of operating systems. While it still lacks autotype, it's still unbeatable at being everywhere; from Linux desktop all the way to my wrist. Opening up the code completely would lead to numeruos forks on Github in no time, and the golden egg wouldn't..well there would be more eggs.. And, sure the third fork could have a oneliner backdoor implemented, but that applies to all software on github. IMHO it's fully understandable if Enpass having 25 employees with paychecks working hard on numeruos platforms wants to keep an ace in their sleeve, it's just happens to be one of the _worst_ software categories to keep behind closed bars nowadays :-) While I was one of those asking for an audit, which you did (kudos again), perhaps you could still conscider opening parts up in a distant future. For instance, in version 6, core and UI is written separately, perhaps you could open up the core code, leaving GUI propriertary? Or, open up core+UI but leverage some extra parts only through licensed stores which you're already doing (Pro). E.g Enpass could be available FOSS on Github, but the cloudsync would only be available on your site, (still free for desktops)
  5. Because there are two different platforms. Since there's no subscription for enpass they charge you per platform
  6. I had this issue too, probably something with play store or play services. Had to clear data for play store to solve it. Surely the database itself isn't truncated just because it you're back to eval, it's just the view on the mobile devices that's being limited. So you can always view it on a desktop
  7. No more dark mode in classic theme :-(
  8. I filed a bug report too in SR ECS-682, without noticing it actually worked after entering master password two times
  9. Do you have access to the server-side logs like /var/logs/apache2 (tail -f logfile) or the nextcloud log if that's what you're using
  10. I filed a bug report regarding this too. Hope it wasn't intentional
  11. This is a major thing I miss too. It's been in the roadmap for Enpass since 2017 when v6 started being crafted but no news about it last couple of months.. This is the last missing cornerstone missing for me.
  12. How do you get Enpass to open a beer for you? Not sure if you're referring to WebApp-version of Excel or fat client, but im guessing an locally installed app. What you're after is AutoType, something i miss very much in Enpass and hence do not use enpass as my daily driver. AutoType like applied in Keepass,keepassxc or Keeweb doesn't rely on any extra plugins to autofill but simplified acts like a keyboard and types the value in the textbox in focus atm. Enpass can't do that now so you'll have to rely on the Clipboard-feature. Watch out for clipboardhistory though.
  13. For anyone who does have local admin privs and can install systemwide applications, I got it working using https://www.microsoft.com/en-us/download/confirmation.aspx?id=52685 (x86, not x64). Obivously not desireable procedure for portable mode, but remember this is beta.
  14. I´d like to opt for a better looking Android Wear app. At least for the situations where only TOTP is synced to the Wear-device, I'd want bigger digits and also a more graphical counter for the validity. As a (crappy) mockup attached for round watches..
  15. I´m upping this. Except for TOTP, i don't need to autofill web-forms nowadays since I like most others since the sessions are cached. I do on the other hand have password protections on many applications, like a dozen Cryptomator-vaults. Autotype and being able to set a custom sequence for those records is mandatory for me, hence I use KeeWeb atm. But I'll switch right back to enpass once autotype is implemented cause it awesome otherwise
  16. If you didn't enter your masterpassword, the passwords isn't readable, even if the wallet was downloaded and passed to a third party. You should probably check https://www.dropbox.com/account/security to review past events
  17. Might I ask what the webDAV fix is about specifically? My wallet resides on self-hosted nextcloud
  18. Is it possible to have Enpass launch a file using the OS default application for ut? Instead of an URL, I'd like to enter "file://C/temp/secret.zip" and just click it, instead of copying it.
  19. Just remember that storing your first factor along with your second isn't conscidered good practise. The shared key for generating TOTPs is reversible to cleartext to (be able to sync ofc.). One could argue that its overkill to protect it further since its already within the vault which already is protected. But still, having your one-factor vault compromised would result in breach for your two-factor logins, if stored together :-)
  20. There already is? Add a field to existing item and choose TOTP
  21. I did step 1 the first time (wiping data +cache) which didn't help. When I tried reinstalling again it seems to work without any further actions. What differs is that might had multiple db-files in /data last time since I switched from Google to dav-sync (and the sync-db seems to be left when switching provider) OR its related to that I changed master password in Android app prior to reinstall. None of this applied to the reinstall today which went smoothly. Thanks for you great work and effort!
  22. I removed the current beta version (via androids uninstall feature /dragndrop icon to trashcan on nova launcher) and reinstalled the beta from Play store. Upon launching enpass for the first time I wasn't facing the first time slides, but an Master Password screen, where my password wasn't valid. I uninstalled from Play store and installed once again with the same result. After leaving beta program, the stable version of enpass behaved correctly and gave me the first time slides and I was then able to restore my backup and get up and running. Just FYI.
  23. https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/ Another one bites the dust ☺️
  24. Bug / workaround. When I launch Enpassportable.exe I get "LIBEAY32.DLL missing" and main window won't launch. Second time I launch the same exe however the message won't appear and main window launches. LIBEAY32.dll was there and valid. When I renamed from using lowercase to uppercase the error went away completely. Windows 10 1703. Portable beta 5.5.4
  25. Nice update, i especially like that you got rid of the "browse"-dialogue if one choose to remember last path. Too bad we can't opt out from update- tracking- and analytics-mechanisms like on Desktop Beta 5.5.4 though. I'll probably stick with the "installed" version and just let my wallet reside on a removable drive.
×
×
  • Create New...