Ivarson

On 4/5/2022 at 1:12 PM, Manish Chokwal said:

Hi @Rob3rt,

We appreciate you taking the time to share your feature request with us. I have shared it all with the concerned team for further consideration. In the meantime, we greatly appreciate your patience. 

SI-2721

Also, again,

* allow dark theme for the Wearos-devices 

* copy cached favicons  from mobile Enpass over to WearOS-device

* allow Notes to be visible in WearOS app, currently a custom field has to be added for that 

4 hours ago, SophiaB said:

Adding my vote to this feature. I understand that "we're working on it" means "we'll add it in 2237, perhaps" but eh, its worth a try 

Not sure how steam otp works, but customizable totp is actually in the 6.8 beta of Enpass which is public for mac/windows

25 minutes ago, Maurizio1313 said:

Hello, I would like to know if Enpass automatically deletes the passwords copied in Enpass, if windows 11 and Android keep them memorized it would not be very safe, thanks.

https://www.enpass.io/docs/manual-desktop/security.html#clear-clipboard

Like in this instance, what's the cause and what's the purpose of suspending sync demanding "approval" hidden in the vaults settings. 

The same amount of items, only that the cloud-vault was changed from another source, which is the whole point of sync. 

And the same now has to be done on other Enpass-installations sharing that vault. See the "red" ring around the icon next to the vault-name? me neither.

That limit is to support very small dataset for free, it's probably not a priority for Enpass to allow user to provide configuration for that, it would require database-scheme upgrade for all users just to support free users. Having more than 20-25 items is meant to lead to subscription

There's a clear warning when there's no internet access and sync fails, a red banner at the top. 

But when there's a sync conflict in a vault, there's only a red spinner top left that flashes vaguely in red. 

In Android app it's even hidden until you use the flyout menu. 

If I where to get my parents to use Enpass, they would never even notice that and their vaults wouldn't be synced. 

I don't even understand why the user has to intervene here, and press "Merge" since there are no options. 

But if it's needed at least make it pop out 

There seems to be a glitch in Enpass, where it doesn't lock during System Lock (Win-key + L)  even it the setting is applied as shown below.

The bug occurs (for me) only if I initially unlock Enpass through the Helper Window in System tray.

If I initially unlock via the main Windows, the "System lock" works as expected.

Enpass 6.7.4 (934)

Windows 11 21H2

Fulltime Windows Hello-activated

Depends on your personal circumstances and preferences, but you won't have to input your password nor have the keyfile persistently available which reduces the risk for keyloggers or exfiltration of the keyfile. 

But your computer still needs to be secured of course, and while the tpm guarded password would be tied to your one computer, keeping it physically secured and prevent people from looking over the shoulder becomes more important as a simple 6 digit code could log you on to the computer and also access Enpass. 

Enpass themselves wouldn't "recommend" it, I assume this is because they can't guarantee the functionality for Hello since it's a windows function, Enpass merely uses it. But if your password and keyfile are safely stored you should be fine. But I would recommend that you occasionally try to unlock with password +keyfile to ensure function. 

On 3/22/2022 at 11:38 PM, Maurizio1313 said:

Hello, I am using Enpass with a password and the keyfile, every time I have to enter Enpass I must have the password together with the keyfile, but I have a doubt, it would not be more secure if the keyfile was used only the first time it is installed Enpass? If I have a virus on my computer, it manages to find out the password but does not know the keyfile so enpass cannot be installed on another computer.

The keyfile is part of the encryption and decryption of the primary vault, hence it needs to be present all the time. Worth to mention that any additional vault using a keyfile will save that password AND key file in the primary vault. 

Also, a virus that's gotten foothold in your box means your pretty much toast anyway, but to make it a bit harder you should read my post here 

Just make sure you still store the key file safely as it will still be needed, it just doesn't need to lay around.. 

1 hour ago, bronckhurst said:

Heya,

I’m in the situation with Enpass Vaults across three devices (iPhone, OSX, Windows)I regularly used. For whatever reason, they’re not properly synced.

I’d like to consolidate them without loosing anything from any Vault. I learned the hard way (using other password managers), that trusting Import buttons and hoping for the best is a bad idea. Your documentation didn't help me to take action yet.

How do I proceed safely without compromising anything? Given I don't know which entries are most recent on which device.

Thank you in advance!
Ronny

Exports shouldn't be done if you're not switching password manager. I would simply create a new vault, set it up with a dedicated cloud sync, and then copy items from all vaults there. 

If you've been good and using unique passwords everywhere you'll also be able to spot potential duplicates via Audit > Identical Passwords 

On desktops, there's a option to backup vaults automatically. 

So if you're a mobile + desktop user you're covered. 

However in the mobile apps there's only possibility to backup manually. 

Phone-only users therefore has an increasing risk of non-recoverable situations if something happens, could be them doing stuff wrong or you end up scrambling the vaults. 

Synchronization is not a backup. 

Please add scheduled /auto-backup in mobile apps 

... and away

I understand this, what I'm saying is that you're missing a point with what Hello can achieve.

Conscider this;

I am an 'advanced' user on Windows-device.

I set whatever security i can for my Enpass, a master password with fairly high entropy and a Key-file.

I activate Windows Hello with full compatibility (TPM 2.0).

I make sure to have a second copy of the keyfile stored safely (maybe on a USB-drive locked into a safe, or whatever) as well as remembering the master password.

I make sure any local copies of the keyfile is deleted.

Now Enpass is limited to Windows Hello's framework and the 'masterpassword' is safely stored in the computers TPM and can't be extracted.

Anything above everyday operations, like changing passwords, exporting vaults would indeed require that keyfile + masterpassword.

The keyfile on the other hand would have much higher risk of being compromised, copied or stolen etc.

It's not a revelation, i just think people should be aware that the keyfile shouldn't be needed atrest permanently on a Windows-device as long as you have it stored safely somewhere else. This is a upside especially until you've implemented Yubikey-support (a real secure element), if that's still on the roadmap.. 

When on a Windows-device with compatible TPM and the Hello-integration is turned on, it is possible to delete the Keyfile with the effect that only Windows Hello authentication will be possible.

I am positive by that finding, and believe it could be highlighted in the manual or something (couldn't find it in https://www.enpass.io/docs/manual-desktop/Enpass-Desktop.pdf, it only seem to reflect quick unlock with TPM)

The keyfile of course still has to be stored somewhere safe, but it doesn't have to reside or be visible to the target machine during everyday usage.

that's a huge security benefit if you're using Hello anyway IMHO.

Keepassxc-style HMAC1 challenge/response for the win! 

I don't get why this hasn't been done way back. Especially for a software being developed behind closed curtains this is the only way to keep users up2date with expectations as well as letting them steer direction. 

I've suggested this over two years back and it's probably in the forums here as well 

11 hours ago, david said:

I really want to use the new beta version because I like the theming, it integrates better with my desktop but on opensuse I'm unable to get the latest beta.. There is a beta in the repository but it's approx 100 years old.. Is there any way I can get a hold of an updated rpm? I'm fine compiling it myself too but I'm assuming it's not available in that manner?
I could try to convert a .deb package but I can't find any direct links to any beta channel download.

Please help!

What Enpass Beta are you after?

From what I can see, there's no beta version newer than the Stable enpass release (Stable 6.7.4, Beta 6.7.2)

Not using that repo myself, are they not up to date?

https://www.enpass.io/support/kb/general/how-to-install-enpass-on-linux/

Is this any closer than on a to-do-list? 

On 1/12/2022 at 2:53 PM, INTRASERVER said:

Hello, I'm glad to switch to Enpass. Everything works perfect. But as for while Windows 10/11 comes with UI improvements. So unfortunatelly system tray icon doesn't fit Windows UI. If you look like Onedrive, dropbox, wifi, speaker etc iccons they looks right for Windows 10/11.

The version available on Microsoft Store uses a modernized icon, should you be able to use that. 

On 1/12/2022 at 2:53 PM, INTRASERVER said:

Hello, I'm glad to switch to Enpass. Everything works perfect. But as for while Windows 10/11 comes with UI improvements. So unfortunatelly system tray icon doesn't fit Windows UI. If you look like Onedrive, dropbox, wifi, speaker etc iccons they looks right for Windows 10/11.

Totally off-topic, but what are those applets called showing your network\cpu\mem-stats in system tray?

7 hours ago, hvarun29 said:

Ability to share password with enpass users within the app. 

That feature has been in Enpass for quite some time.. 

https://www.enpass.io/docs/manual-desktop/share.html

10 hours ago, Gulshan Dogra said:

Hi @Ivarson and @DenalB,

As already mentioned above we never provided dark mode support for the classic theme in the past but I have duly noted your feedback regarding this and it has been forwarded to the concerned team for further consideration.

#SI-2389

I know.

But still.. it worked without any noticeable glitch when I used it (before it was completely disabled). 

It would be one thing if only provided UWP /Modern theme for windows but since your shipping Enpass with classic and modern theme engine, I'd be thrilled if you could provide light /dark color schemes for both.

Thanks 

Can this be reconscidered?

I really fancied the Classic theme with dark mode.

being on multiple desktop platforms it also feels nice to have the same UI

nope, the developers decided that one vault should be the entry point for any additional vaults.

It's a bit odd design and assumes that a user _always_ has and wants a primary vault to be opened prior to any additional.

it does speed up the flow of unlocking if you're having many vaults since you only have to explicitly unlock the primary vault, while it might not be saught after to upon your personal vault to reach eg. company shared vaults.

To open vaults individually, the easiest method today is to run the portable version, choose not to save the vault-paths, and then use the Browse-button upon each launch of Enpass Portable, albeight a pretty clunky method.

I'd advice you to post a feature request (if you haven't done that) if you want this to be easier.

Yes. Sync is gonna work fine. You'll loose some audit stuff like breach detection and 2fa checks