Fabian1

The doubt left is: There is still no audit of you iOS and MacOS App... ...we are waiting 3 years now!

Me too. And where is the audit for iOS and MacOS?

Dear Vinod, Thank you very much for the very precise answer. That was exactly what I wanted to know. 1. PIN use (or old iPhone) = security risk, if the iOS keychain is broken 2. Biometric-Unlock + Secure Enclave = may still be considered secure, no indication of compromise of the Secure Enclave 3. Enter password yourself = currently best security. Or is there any evidence, that the current hack could read/log all keystrokes on the iPhone? Do you store the clear text masterpassword in process memory of the kernel? Thx again & kind regard Fabian

Nobody really knows if all the safety of Enpass was endangered?

Maybe you read the headlines: There was a massive iPhone hack. A Google team has found that thousands of iPhones were hacked - just by visiting a infected website. This allowed the attackers comprehensive access to the data in the iPhone: WhatsApp, Signal, SMS, gps-location, photos, contacts and - yes - even the keychain with the passwords should have been open. An incredible Bug! My question: Was Enpass also affected? Could attackers - even theoretically - read the passwords from the Enpass database? As far as I know, Enpass uses the iOS keychain to store the masterpassword, if you use biometric unlock. Who knows more?