Ivarson

why are you not encryping or at the very least obfuscating the names of a users cached favicons when this is enabled? I know, the icons are only cached on each device not synced to the cloudproviders, and if your OS content can be read by someone else it cannot be assumed to be secure yadayada. But on a shared- or work-related machine, Im pretty sure a Enpass-user expects the entries to be confidential as well. So if someone has a strange affection to... crows, whatever, there will be a login.ilovecrows.com within %AppData% or the portable directory. If someones has several hundred entries, it gives quite alot intel about that person.. This applies to the Portable versions as well, so having website icons enabled on Enpass Portable on a USB stick means youre running around with all the URL's in your vault unencrypted.. There's no disclaimer or warning in Enpass about this, nor on the link https://www.enpass.io/support/kb/beta/what-happens-when-i-enable-website-icons/ that you provide from within Enpass. Just store them within the main vault and save your API's some queries, or at least encrypt them separately..

When I long press Enpass icon on Android and select Add new item through the shortcut menu, after unlocking Enpass it shows an empty list of categories until I actively switch the vault. To add something to the primary vault I have to select a second vault and then back to the primary. Enpass 6.6.7 510 Android 11, oneplus 7T

That can be done by editing a Password-property of an item (click the label Password) and select "exclude from audit" or whatever the translation says. The exclusions will show up on the Audit dashboard as "Excluded"

Yes, the local vaults will continue to work if the sync providers is being disconnected or malfunctions, the local backups in addition gives you the ability to restore the vaults to a version created way back (if you discover some severe errors that's been laying around for some time)

First of you have to select the vault you want to copy /move from. Do that by selecting the vault in the upper left corner. Then you can select one or many items and click "Add to vault" >move /copy. Backup is a good idea, but there's already automatic backup enabled by default on the Desktop versions (to local drive). It'll keep the last 60 vault-versions or so which can be tricky on some cloud providers

Not sure that's what op meant. If you edit and save Item A, then immediately go and edit Item B, the automatic sync process will discard the edits your doing in Item B if you're not fast enough to hit Save, which will reset the timer and buy another 5 seconds.. Perhaps you could suspend the timer to autosave if user is currently editing an item, or not discard the edit during reload of a database.

No, the primary vault won't replicate to any additional vaults if that's what your after. It's sole purpose is rather the opposite, to segment items, like private vs work. You can copy or move items (one or all) between vaults though as a onetime operation. The cloud providers supported in Enpass are mostly oath-based so there shouldn't any any difference between which OS or device you're using

On top of that, you have to add that Enpass is closed source, and makes outbound requests while the database is decrypted. So even with a yubikey, but yeah it would still be a huge improvement

Hi @Vinod Kumar Couldn't there be a "flightmode" or something in Enpass? Or would such feature have to small audience? Supplychain-attacks aren't going away and with more and more builtin connectivity the risks for such inevitably increases. I'm thinking that would shut most outbound requests off. Disclaimers of less functionality, the need for manual update-checks, no favicons etc.

There's no continuous dependency between any browser and Enpass. When you setup sync or perform a restore from cloud, Enpass gets a token from the browser. That's why the currently logged on user matters. When that's finished you can safely logout and login as another office 365 user without affecting Enpass

Enpass only supports one primary vault. There's no selection involved, the primary vault then opens all the additional vaults that are configured. In your case you need to make sure that you and your wife has separate logins to the computer itself. That way you can also have separate primary vaults. Do note that the Account for App itself is only used for subscription / licensing purposes and is not tied to your vaults at all, so sharing that with your wife doesn't imply sharing vaults or items.

Simple cosmetic request. Implement a setting that only shows the Categories which has any associated items in the leftmost pane, basically hiding empty categories. I know you can hide the categories manually, but it makes sense to have this done dynamically.

here's an idéa. You've taken steps so that Enpass is now relying on your servers for licensechecking, fetching favico and probably something more. At the sametime we're in a pandemic where it's difficult for people to maintain security and integrity for some tasks. This includes sharing sensitve stuff like logins and passwords. For a mature organisation, there's probably less need for this internally since there's SAML, AD, AAD and other means, and of course if everyone has Enpass, you can share encrypted cards securely over email as long as you can get the PSK over in a secure manner. I do think that Enpass doesn't hit the above scenarios, so many users would appreciate a secure manner to sent creds But for those cases where you're communicating with an external member, or someone that doesn't have enpass, maybe you could implement a web-service that stores a chosen Item of Enpass making it possible for someone to retrieve it if they have a password provided through another channel. The item uploaded to, say, https://secret.enpass.io is of course end-to-end encrypted so there's a zero knowledge architecture here aswell. Upon visiting the link and providing the right password the items details are shown in the browser, and perhaps there's an "Import to Enpass" as well, although that's something overrated perhaps, it can be achieved through sending an enpasscard over email (unless it's blocked) The uploaded item is hardcoded to be temporary stored on your services, being deleted after first access of the provided link that the poster gets, or after 24 hours or something.

https://www.enpass.io/docs/manual-ios/share.html

The Cloud Synchronization-feature is just that, a sync. It's _main purpose_ is to provide all devices with a central point of data. It can not be conscidered a secure disaster backup. That's a general thing, files in sync are in constant motion and prone to be deleted, corrupt or such. On Desktops, Enpass creates backups per default on your device. These are versioned and should be at least copied to a separate drive, location or something once in a while. That's a generic recommendation for these kind of data. If your phone and computer are being reset at the same time (they're on your nightstand and your bedroom catches fire), you can of course restore your data from Google\DropBox... you'll have the latest version of the vault for sure, but you won't have much alternative if the cloud-version is corrupted, missing or whatver. You should also _always_ have alternative recovery methods for your primary cloud identities like Google or Microsoft. This can be printed out codecheats, recovery email-address or Security Questions (which I reaally hate, but still) or other means.. While documenting the password for your chosen sync-provider (Google,OneDrive) in Enpass is one thing, I'd even vote against using a random password there. Use something you'll remember that's still unique but still memorable and make sure to use additional factors like OTP, FIDO, or other device security. Enpass' sellingpoint is a local software which does (most) it's logic on your devices with crossplattform, coherent support for mobile- and desktop. You can't really blame them for what they're not claiming to be. I use Enpass _only_ for TOTP-items (since it nicely shows them in my smartwatch), and for passwords and other secrets I use keepass-derivates like you mention. That gives me cloud-sync, Yubikey-support (2FA) and AutoType, all on both mobile and desktops using free software (as in speech). And besides it feels stupid to store OTP together with passwords in a software that doesn't allow a true second factor since data syncs to cloud etc.) Think your disaster-strategy through, it's not the software's responsibility to do so :-)

Sorry, but I fail to follow. No you can't recover the password, nor change it, without knowing the current one. If you still have access to all your items from any device (by using biometric), you are able to change (if needed) the registered email (account) to get Pro-features (setting up a second vault). If you can't get into the vault by any means, you're locked out if you don't have older backups. If you still have access to the data with biometric login, Enpass Support should be able to assist you if you need help to a. Changing the account so you'll get the Pro-features you pay for b. Setting up a second vault with fresh password (wont need the password for initial vault), copy all items from vault A to vault B, perform backup on vault B, wipe Enpass data and setting it up again restoring the backup you just made. Anyway, hope support will help you out.

To do the above, you need to be able to have two vaults in Enpass. This requires Enpass Pro or Premium. When you bought the license, it should be tied to an email-address you entered at the time. Do you currently have the Pro-license activated in Enpass? If so you you just create a new Vault and copy all the items from the current one into the new one. Its important that you distinguish Account from Vault. You can only have one account registered in Enpass. This has nothing to do with the actual content\items, but as said earlier, the Account needs to leverage Pro or Premium features. The vault doesnt contain any registration-info, it's purely the encrypted items. In free mode your stuck with one vault. In Pro or Premium, you can create additional vaults after the main one is created. If you really do need to change the account within Enpass, this doesnt require you enter your Master Password neither.. Hope i've shed some light..

You've got it wrong in how it works.. you'll probably get help from support, but just to chime in; The registered account tied to your purchase isn't related to your encrypted vault. it just gives extra functionality, like unlimited Items youre mentioning.. If you have a license tied to a email, you can create one or more vaults. Without license you can only have one vault (the primary one). In what feels like a glitch in Enpass' thought-out design, it's possible to Create a new Vault with your desired password, then copy All items from the initial vault to the new one (move or copy). make sure to backup the later one. You don't have to authenticate with password for that copy\move-operation, so by doing that you can work around the requirement to authenticate for changing password and stuff like that.

Elaborating on what @Pratyush Sharmasaid, The "registered account" in Enpass isn't tied to your vault nor the sync-provider. It's solely affects functionality in the app. Changing or removing the registered email for an Enpass-installation won't affect the data, the same relation applies if you're backing up\restoring vaults. Registration \ subscription is an extra step, not tied to the neither data or cloud-access.

Yubikey-support is mandatory for me as well. Currently, I only use Enpass for storing TOTP-codes, and my first factor passwords are stored in a kdbx with Keeweb, which has excellent yubikey support and crossplattform for desktops.

Might we hope for it in version 6.6?

You should add the possibility to generate a QR (as well as other share-methods) for a Pre-shared key. Would be a good complement to your existing improvement or the password generator for PSK

I had a vault of 4MB (300 items, 2 small but separate attachments, and many (maybe 50) custom icons in the database. When deleting _all_ items, and emptying trash, the database was still huge (don't remember if was 4MB or shrunk to 3MB but it didn't slim down. I made sure to delete every single custom icon. Is this by design? (I know some databases and containers won't shrink / deallocate because of performance or security

OP made a feature request; He wants Enpass to lock the database after 3 attempts, and then send an email to it's registered owner with a OTP to unlock it again.

I just discovered hotkeys Ctrl+<up> and Ctrl+<down> for navigating in the left sidebar. But Ctrl+<key> skips sub-tags and imploded menus, so one has to expand them beforehand. Why not add Ctrl+<left> and Ctrl+<right> to expand nested tags as well as imploded menus so we can see everything without interacting with the moues? Thanks in advance