Jump to content

Fabian1

Members
  • Content Count

    24
  • Joined

  • Last visited

  • Days Won

    2

Fabian1 last won the day on November 18

Fabian1 had the most liked content!

Community Reputation

4 Neutral

About Fabian1

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Fabian1

    Security audit

    Thank you for quick response.
  2. Fabian1

    Security audit

    Still no answer to this very important question. Not a good sign to trust.
  3. That is the point. I want to decide as a customer if and when to buy a new version (for example with new features). Subscription models hinder the development of the software. The developers do not have to win the customers again. You can see that in Adobe & Co. - since there subscription models were introduced, the software is only managed. Innovations take place elsewhere. Even though I now get a free lifelong access, I can not recommend Enpass anymore. What will it cost in the future? At least $ 1 a month - probably more. Future customers pay in one year, which had to be paid once. Before I discovered Enpass, I used 1Password for 10 years - and bought three new versions - also for my family. That cost a total of $ 150. With the new subscription model I would pay in this time $ 360 or even $ 600 (for a family account). And it's "only" a password safe. A relatively manageable piece of software. I have dozens of other programs on the smartphone and PC. If everyone wants $ 5 a month, that's more than $ 1,000 a year. Subscription models are money robbers. Dear Enpass Team, I would prefer that I have no free, lifelong access and instead Enpass would have a one-time purchase - even though you would have to pay more for new versions. You break your word! See it here - still on your website:
  4. Fabian1

    Ghost-Fields

    I have some "ghost"-fields in some items. there a sections and orders of fields shown, and when try to edit, they will disapear in edit mode, but stay in view mode...
  5. Fabian1

    remove keyfile

    Yes, thanks - this is working.
  6. I really like enpass so much! But there is a fundamental security problem with the biometric unlock. face-id and fingerprint are not safe. you can hold someone's device in front of his face. or you press his finger on the device. We also leave fingerprints everywhere. They are even stored in many ID cards. this is a fundamental problem to unlock smartphones in this way and not a probem of enpass itself. but enpass should be more secure. its a pitty, that you need only seconds to overcoming the biometric unlock and all passwords are open! Enpass could become much safer with two very simple changes: 1. PIN & Biometric unlock at the same time. Please change the Enpass app so that the PIN and the biometric unlock are possible at the same time. Then a very short PIN could provide much more security. I would use a three-digit PIN and set the number of failed attempts to 1. After a single wrong entry, the master password must be entered. An attacker who overcomes the biometric unlock would thus only have a 1: 1000 chance. At the same time, the use of enpass remains very comfortable. 2. We urgently need a time-out for the biometric unlock. As in the desktop version, after a certain time (1 day) or when the device was restarted, the master password should always be queried. So it does 1Password - why not Enpass? It prevents attackers, who has captured the device from having all the time in the world to overcome the biometric unlock. Please implement this very simple features. You can set it by default to „only biometric unlock“ (without a pin at the same time) and set the biometric unlock timeout to „never“. So there will be no less comfort for people, that dont need higher security. kind regards Fabian
  7. Fabian1

    remove keyfile

    Nobody knows?
  8. Fabian1

    remove keyfile

    I can not remove the keyfile form a multi vault. there is no option do delete the keyfile on the "change password" section, as it is described in the manual.
  9. I think, solve this problem is VERY EASY: just implement at button in enpass „sync now“. so the user can choose: syncing anytime at the background or only syncing at manual request.
  10. I agree. The URL of some entrys in my vault is confidential. I dont want, that you at enpass knows all my server-domains...
  11. You can create a travel mode yourself: Keep all important information only in an extra vault. The default vault contains nothing (or just passwords that you want to share with the border official ;-)) The extra vault should have a different password than your default vault. Do not store this password in your default vault (or delete it before traveling). Only this extra vault is synchronized with the cloud. Best with an anonymous webdav server, that can not be associated with you. The iCloud is not so good because it's tied to the Apple ID, that you can look up in the phone, so the border guard might ask for the Apple ID password, searching and finding your extra vault there and will ask for this password too. Also on all other devices (desktops, pads, telephones, etc.): the standard vault contains only a few unimportant passwords or remains completely empty. All devices synchronize the important data via cloud with the extra vault. If a device is to be taken over the border, then the extra vault and the sync with the cloud must be deleted. Only the standard vault - containing only unimportant passwords or fakes - remains on the device. After successful border crossing, the sync to the extra vault on the (secret) webdav server can be restored and the extra vault restored to the device. By the way, there is a big security advantage to synchronize all data only via an additional vault: The extra vault can be protected by a very complex password! It rarely needs to be entered, for example only after a border passage, when the sync is reestablished. A complex password protects the data, if the extra vault in the cloud should fall into the wrong hands. On the local device the password for the standard vault will also open the extra vault (unless it has just been deleted because of a border passage). The password for the default vault could be easier to type, because it is needed more frequently. And you can use different passwords for the default vault on any device. Some passwords easy to type on a desktop-pc are very unconfortable on a small iphone for example
  12. another desirable change would be: the use of PIN and Biometric Unlock at the same time. That makes sense in the two-factor security philosophy: PIN - something you know. Finger or face - something you have. Biometric features alone are not safe, because unlocking can be done against the will of the user. For example, a border official would only have hold the iPhone in front of your face to unlock. And fingerprints are often stored on the border anyway. The combination of PIN and Biometric Unlock would also make very short PINs possible, maybe only two or three digits. That would be very comfortable. And ih would be very safe, because someone who looked over the shoulder while unlocking, could not do anything with it, because he lacks the biometric part.
×
×
  • Create New...