Ivarson

here's an idéa. You've taken steps so that Enpass is now relying on your servers for licensechecking, fetching favico and probably something more. At the sametime we're in a pandemic where it's difficult for people to maintain security and integrity for some tasks. This includes sharing sensitve stuff like logins and passwords. For a mature organisation, there's probably less need for this internally since there's SAML, AD, AAD and other means, and of course if everyone has Enpass, you can share encrypted cards securely over email as long as you can get the PSK over in a secure manner. I do think that Enpass doesn't hit the above scenarios, so many users would appreciate a secure manner to sent creds But for those cases where you're communicating with an external member, or someone that doesn't have enpass, maybe you could implement a web-service that stores a chosen Item of Enpass making it possible for someone to retrieve it if they have a password provided through another channel. The item uploaded to, say, https://secret.enpass.io is of course end-to-end encrypted so there's a zero knowledge architecture here aswell. Upon visiting the link and providing the right password the items details are shown in the browser, and perhaps there's an "Import to Enpass" as well, although that's something overrated perhaps, it can be achieved through sending an enpasscard over email (unless it's blocked) The uploaded item is hardcoded to be temporary stored on your services, being deleted after first access of the provided link that the poster gets, or after 24 hours or something.

https://www.enpass.io/docs/manual-ios/share.html

The Cloud Synchronization-feature is just that, a sync. It's _main purpose_ is to provide all devices with a central point of data. It can not be conscidered a secure disaster backup. That's a general thing, files in sync are in constant motion and prone to be deleted, corrupt or such. On Desktops, Enpass creates backups per default on your device. These are versioned and should be at least copied to a separate drive, location or something once in a while. That's a generic recommendation for these kind of data. If your phone and computer are being reset at the same time (they're on your nightstand and your bedroom catches fire), you can of course restore your data from Google\DropBox... you'll have the latest version of the vault for sure, but you won't have much alternative if the cloud-version is corrupted, missing or whatver. You should also _always_ have alternative recovery methods for your primary cloud identities like Google or Microsoft. This can be printed out codecheats, recovery email-address or Security Questions (which I reaally hate, but still) or other means.. While documenting the password for your chosen sync-provider (Google,OneDrive) in Enpass is one thing, I'd even vote against using a random password there. Use something you'll remember that's still unique but still memorable and make sure to use additional factors like OTP, FIDO, or other device security. Enpass' sellingpoint is a local software which does (most) it's logic on your devices with crossplattform, coherent support for mobile- and desktop. You can't really blame them for what they're not claiming to be. I use Enpass _only_ for TOTP-items (since it nicely shows them in my smartwatch), and for passwords and other secrets I use keepass-derivates like you mention. That gives me cloud-sync, Yubikey-support (2FA) and AutoType, all on both mobile and desktops using free software (as in speech). And besides it feels stupid to store OTP together with passwords in a software that doesn't allow a true second factor since data syncs to cloud etc.) Think your disaster-strategy through, it's not the software's responsibility to do so :-)

Sorry, but I fail to follow. No you can't recover the password, nor change it, without knowing the current one. If you still have access to all your items from any device (by using biometric), you are able to change (if needed) the registered email (account) to get Pro-features (setting up a second vault). If you can't get into the vault by any means, you're locked out if you don't have older backups. If you still have access to the data with biometric login, Enpass Support should be able to assist you if you need help to a. Changing the account so you'll get the Pro-features you pay for b. Setting up a second vault with fresh password (wont need the password for initial vault), copy all items from vault A to vault B, perform backup on vault B, wipe Enpass data and setting it up again restoring the backup you just made. Anyway, hope support will help you out.

To do the above, you need to be able to have two vaults in Enpass. This requires Enpass Pro or Premium. When you bought the license, it should be tied to an email-address you entered at the time. Do you currently have the Pro-license activated in Enpass? If so you you just create a new Vault and copy all the items from the current one into the new one. Its important that you distinguish Account from Vault. You can only have one account registered in Enpass. This has nothing to do with the actual content\items, but as said earlier, the Account needs to leverage Pro or Premium features. The vault doesnt contain any registration-info, it's purely the encrypted items. In free mode your stuck with one vault. In Pro or Premium, you can create additional vaults after the main one is created. If you really do need to change the account within Enpass, this doesnt require you enter your Master Password neither.. Hope i've shed some light..

You've got it wrong in how it works.. you'll probably get help from support, but just to chime in; The registered account tied to your purchase isn't related to your encrypted vault. it just gives extra functionality, like unlimited Items youre mentioning.. If you have a license tied to a email, you can create one or more vaults. Without license you can only have one vault (the primary one). In what feels like a glitch in Enpass' thought-out design, it's possible to Create a new Vault with your desired password, then copy All items from the initial vault to the new one (move or copy). make sure to backup the later one. You don't have to authenticate with password for that copy\move-operation, so by doing that you can work around the requirement to authenticate for changing password and stuff like that.

Elaborating on what @Pratyush Sharmasaid, The "registered account" in Enpass isn't tied to your vault nor the sync-provider. It's solely affects functionality in the app. Changing or removing the registered email for an Enpass-installation won't affect the data, the same relation applies if you're backing up\restoring vaults. Registration \ subscription is an extra step, not tied to the neither data or cloud-access.

Yubikey-support is mandatory for me as well. Currently, I only use Enpass for storing TOTP-codes, and my first factor passwords are stored in a kdbx with Keeweb, which has excellent yubikey support and crossplattform for desktops.

Might we hope for it in version 6.6?

You should add the possibility to generate a QR (as well as other share-methods) for a Pre-shared key. Would be a good complement to your existing improvement or the password generator for PSK

I had a vault of 4MB (300 items, 2 small but separate attachments, and many (maybe 50) custom icons in the database. When deleting _all_ items, and emptying trash, the database was still huge (don't remember if was 4MB or shrunk to 3MB but it didn't slim down. I made sure to delete every single custom icon. Is this by design? (I know some databases and containers won't shrink / deallocate because of performance or security

OP made a feature request; He wants Enpass to lock the database after 3 attempts, and then send an email to it's registered owner with a OTP to unlock it again.

I just discovered hotkeys Ctrl+<up> and Ctrl+<down> for navigating in the left sidebar. But Ctrl+<key> skips sub-tags and imploded menus, so one has to expand them beforehand. Why not add Ctrl+<left> and Ctrl+<right> to expand nested tags as well as imploded menus so we can see everything without interacting with the moues? Thanks in advance

Please bring back the Dark theme for Classic mode for windows. It works and looks awesome in Linux, why did you revoke it from the Windows app, it was there when version 6 was initially launched.

The solution for this is to implement Auto-type. It's an old feature request

ok, again the message you recieved in the browser is expected when using a browser to that url. But since its there the dav seems running. Backup enpass vaults and then remove data and set up sync again. If you're using external storage in nextcloud for enpass id then start checking those. Check the Log within nextcloud, esp. if youre using external storage. here's how you can investiage apache-logs, if you're not familar with it already. sudo apt install multitail -y && sudo multitail /var/log/apache2/access.log or grep your IP if you have much traffic to it egrep "192.168.1.123" /var/log/apache2/access.log You should see som PROPFIND and GET from your client reaching the Enpass-data and at least one response code if 200. redirects like 300 and forbidden 400 is fine. You should not see response codes of 500.

Maybe you retained /home partition during reinstall, if it was a separate one.

That's not really an error, just a hint.. are you trying to browse to the dav-url? Does any other DAV-clients work? Troubleshoot webdav in nextcloud from here https://docs.nextcloud.com/server/12/admin_manual/issues/general_troubleshooting.html#service-discovery-label

It's well-known behaviour that apps in windows goes to systray when clicking 'X' in upper corner or Close. Especially when it has a reason of living permanently during the logged on user's session like Enpass does to serve queries from your webbrowsers plugin. It also makes perfect sense that the files are locked while the app is opened since Enpass needs to respond fast upon a query from a plugin or a keyboard shortcut is pressed, and also it does background sync while being locked It's techincally possible to release the file allocations while app is still running, but it's error-prone, and Enpass has builtin Sync so there is no point.

Not sure if this is an issue of enpass. Enpass has its sync mechanism, mixing in another sync mechanism (Onedrive) is not ideal,generally speaking.. If you install the Store version, I think your db will reside in appdata rather than Documents, otherwise I'd stop syncing Documents if possible, Onedrive's default location is directly under user's home folder. Doesn't seem like you're able to exclude files yet in Onedrive https://answers.microsoft.com/en-us/msoffice/forum/all/stopping-onedrive-from-syncing-specific-files/e5f3fd2e-6ec4-403b-9435-1ada19026919 At least not Onedrive personal, but for Onedrive Business the admin can apparently do it

What browser? Tried to clear user data there? Is your OS time correct?

Please bring Dark mode back for Classic theme in enpass for Windows. It looked so good and matches macos and Linux theme

+1 Especially in addition to a designated vault for work, 365 is a very important sync provider

You're using the Free version of the IOS app, which entitles you; Stores up to 20 items Single vault See pricing

I dont think Enpass was targeted, there where easier, standardized targets with APi's like you mentioned. They also stole oath tokens meaning that no matter how you store your password, the resulting granting "ticket" for e.g Google or Microsoft Live was passed on. But of course Enpass wouldnt sustain a root-level threat like that if being targeted. The security of an individual app cant hold up if security of underlying operating system is broken.