Fabian1

The same goes for me. 1Password requires the master password after restarting the iPhone. The biologic unlock is not possible. With Enpass the Unlock is possible directly after the restart by fingerprint. That's not good and incomprehensible. Turning off the phone should always be a kind of a emergency stop. For example, many people turn off their phones at the border. With a switched off phone, a potential attacker has all the time in the world to think about how to crack it. Hackers have already demonstrated, that it is possible to take the fingerprint of a person from a coffee cup, make a copy an trick the iphone. Dear Enpass Team, please change. There is no reason that PIN and fingerprint remain even after a reboot. In addition, we would like to be able to set a timeout after which the master password is also retrieved. What exactly is so difficult about that?

1Password will delete the masterpassword. there is a timeout. even, if you turn off your phone, you have enter the masterpassword again. why this is a problem for enpass?

The doubt left is: There is still no audit of you iOS and MacOS App... ...we are waiting 3 years now!

Me too. And where is the audit for iOS and MacOS?

Dear Vinod, Thank you very much for the very precise answer. That was exactly what I wanted to know. 1. PIN use (or old iPhone) = security risk, if the iOS keychain is broken 2. Biometric-Unlock + Secure Enclave = may still be considered secure, no indication of compromise of the Secure Enclave 3. Enter password yourself = currently best security. Or is there any evidence, that the current hack could read/log all keystrokes on the iPhone? Do you store the clear text masterpassword in process memory of the kernel? Thx again & kind regard Fabian

Nobody really knows if all the safety of Enpass was endangered?

Maybe you read the headlines: There was a massive iPhone hack. A Google team has found that thousands of iPhones were hacked - just by visiting a infected website. This allowed the attackers comprehensive access to the data in the iPhone: WhatsApp, Signal, SMS, gps-location, photos, contacts and - yes - even the keychain with the passwords should have been open. An incredible Bug! My question: Was Enpass also affected? Could attackers - even theoretically - read the passwords from the Enpass database? As far as I know, Enpass uses the iOS keychain to store the masterpassword, if you use biometric unlock. Who knows more?