Search the Community

Guys good feature for future will be if we can add 2FA into Enpass for Microsoft Accounts. Now is this last one my account where I must using Microsoft Autenticator, because this is my last one 2FA which Enpass not support. Ps, two years back I used for 2FA only Microsoft Autenticator with cloud save. But as Enpass released this feature directly into Enpass so I start migrate and now I miss this last one. So I hold Enpass team fingers for some solution (Microsoft Account with 2FA + Enpass).

EDIT: Listing apps that require this feature to enable 2FA to increase priority of the feature request: SnapChat, Uber I just noticed when enabling 2FA in SnapChat on Android that it had the ability to invoke the installed 2FA apps on the Android device as part of the setup. On my tablet, that happened to be Microsoft Authenticator and Authy. Enpass has become my primary 2FA app and so I'm wondering if it is possible to have Enpass registered as a 2FA app on Android for these types of 'in-app' 2FA enablement?

As i have been using enpass for past several months i even got to know about enpass key file to enhance vault security but there are still few concerns which i am about to share. 1: for security new users do not know about enpass key and once a new user have created primary vault then it is almost not possible for them to move to another vault and keep primary vault without enpass key. There is no option to set or change default primary vault if i want to. 2: Even if you have created primary vault with enpass key it can be hacked very easily. Enpass Database + keyfile is located on same system once a hacker got into your pc using RAT which is very common scenario they can access your all files in drive and using key logger they can capture your password for enpass. So when a hacker have access to a pc having enpass keyfile does not make it secure. I am a security researcher and i know what i am talking about. Now a days malware have became so intelligent they can be asked to find specific file on that computer or even on that network and once they find name of extension matching file it can be uploaded to hacker's server. having 2FA on Authy or Google Authenticator or which ever you use is much more reliable way to add an extra layer of security to your enpass vault. Why don't we put a 2FA by default for primary vault? Even if it is protected by key file on new device vault must ask for 2FA code? It can be implemented and user gets to choose if they want keyfile and 2FA both activated or only key file or only 2FA. I have tested the scenario (2) explained above using my personal computers and i was able to access it very easily. It is my humble request to add this 2FA including keyfile to make enpass more secure and a single keyfile and a password is not enough to secure it. even if we keep keyfile on a USB drive our vault needs it and when we will connect our USB to that pc for vault unlocking it can be accessed by hackers like all other normal drives. Also please add feature to change primary vault if someone creates a new vault with keyfile or how ever there must be an option to change primary vault. I hope i am not missing anything and was able to explain it clearly but if i am missing something please do let me know.

Enpass currently works well with the standard TOTP implementation of a numeric, 30 second interval TOTP code which makes it possible to use most services that offer this sort of authentication. Due to it supporting custom digits, it not only works with the standard 6-digit, but also with some different ones like Blizzard's 8-digit authenticator (which I use just fine with Enpass). What Enpass still lacks in this regard is support for custom time interval and also Steam's 5-digit alphanumeric standard. I, for instance, have to use another authenticator for services like 'Twitch' and 'Mercado Livre' which use 7-digit 10-second TOTP codes (which I believe is Authy's own standard) and Steam (I believe Bitwarden is the only one that currently offers working TOTP for all of these). I know there's currently a thread which is a little over 4 months old about Steam's TOTP, but I couldn't find anything regarding custom time intervals in the feature request so I figured I should post it and hope it gets done sometime in the future

When Enpass identifies a site that supports 2FA, you have a blue banner that allows you to exempt the particular item from the audit (Don't save). Hitting that button the fields and values will be different depending on if exemption is being made on Enpass for Android or Enpass for Desktops: When exempted in Desktop (Microsoft Store edition, v.6.7.4): Fieldname: "2FA", value: "<random>". When exempted in Android app v. 6.7.1), fieldname: "Two FA Type", value "other". Also, neither of these fieldnames are visible in the Desktop app, only in the mobile app?

Hi, Enpass in Audit showing that website drupal.org support 2FA. But it is wrong. I have over 7 years account on website drupal.org and when you are normal standart user, so you cannot create 2FA login for this website. On oficial drupal.org website is it wrote too. First, is it here wrote that all info about 2FA is outdate. And second, normal standart account what is not verificate via drupal cannot secure account with 2FA. Only people what own verificate account and create some posts etc can secure account with 2FA. So for example I, what use website drupal.org only for forum discusions and downloading new version CMS, cannot secure drupal.org account with 2FA because I an not creator some plugin etc (so I cannot have verificated account which support 2fa), but Enpass still showing me that I miss one avaible 2FA. :-/ On drupal website exists only plugins for 2FA for download as additional plugin for websites builded on CMS Drupal. Someone in Enpass team can try it, create test account on drupal.org, and you will see that website drupal.org cannot secure via 2FA. Please fix it in next Enpass version. https://www.drupal.org/drupalorg/docs/user-accounts/setting-up-two-factor-authentication Last updated on 7 October 2019 This documentation is out of date.

Good idea for future new feature, if will be exist in Enpass App for adding 2FA not one option but two options. Add 2FA - First option, scan QR Code Add 2FA - Or second add 2FA into Enpass via Security Code (some apps or websites not create QR Code but provide only Security Code) EDIT: Sorry guys :-D Now I looked, and Enpass is ready for this .. oh my eyes I maybe need glasses

I use Authy on my phone to generate TOTP codes. I turned on 2FA in my Nextcloud account. As expected, Enpass (on my Mac) is no longer able to sync. I checked Nextcloud support. They said to use "app passwords". Allegedly you go into the preferences for the application that you want to sync, and there is a place to enter an app password. https://help.nextcloud.com/t/two-factor-authentication-totp/52347 I couldn't find this in Enpass. How do I sync my database with a copy stored on a Nextcloud server that has TOTP 2FA enabled?

Google Authenticator 2FA Implementation Hi, First off, I would like to start by saying I love the product and I use both the desktop and paid mobile version. I think it would be great if there was something built into Enpass that could replace Google Authenticator, something that is able to store your 2 factor authentication secrets, and then display and copy the codes. In the past when ever I've dealt with Authenticators, it has always been a struggle to keep the secrets synced between devices, and I know this is a strong point for Enpass. I think this could be a feature that would draw a lot of people to Enpass. Thank you for your consideration.

Hi, Can you consider adding support for 2FA functionality to log into Enpass. Today they are protocols (I mentioned 2 in the subject line) that can be used. This would allow first login into enpass without having to provide the 1st password. Regards,

Using the Enpass Android app on my LG G7 running Android 8.0 Oreo, Enpass defaults to using the wide-angle camera, and cannot read QR codes as a result. The app should detect if there are multiple cameras and either choose the correct one (if possible) or allow switching cameras.

Hello, I activated 2FA for my Ubisoft account. Now the 2FA code must be entered when I start the Ubisoft uPlay Client (Windows application). If you implement the Login into Desktop Applications: then Enpass should also copy the 2FA Code into the clipboard after logging me into the application. Best regards OLLI

Hello, How can I use TOTP (2FA) within Enpass? Is there somewhere a tutorial available? Thank you! Best regards OLLI

Some hardware auth tokens such as Yubikey support a challenge-response mode. i.e. you initialise the token with a secret which is henceforth only available to the token (backup of the key excluded). You take the user's password and send it as the challenge to the token, which calculates a HMAC using the key and returns the response, which is used as the database password. e.g. https://sourceforge.net/p/passwordsafe/discussion/134800/thread/7463e2a3/#7e4e It'd be neat if enpass supported this.

Hello, Here is a proposal to enhance security mainly for cloud/webdav users but not only : The goal of 2FA is to have two different things to use for authentication (basicaly something we know, something we have, ect...) As such, I feel that storing 2FA and passwords in the same storage renders 2FA completely useless. Wouldn't it be better if it was possible to split passwords and 2FA data in different files in a different location ? or even having two different apps. I've given some though about this and off course, I think any developer would agree this should be even in completely different applications. One could say we can use Google Authenticator or Microsoft authenticator or another for this however these applications does not sync with cloud/webdav and can be only used on a single device which I think is greatly ridiculous if you were to lose or break the device holding the application. And we can't have a two instances of Enpass on every device either... This is just a proposal but this would be a nice add. Thanks for listening

Any chance your Enpass developers could create a 2-Step Verification feature to be used within the Enpass app, rather than us having to use Google or some other alternative third party app for our 2 step (factor) verification logins. It makes sense to have that within Enpass, plus it would allow us to backup and encrypt our verification codes within the Enpass encrypted database. Just an idea.. What do you think?

I have a lot of passwords/items and try to use MFA where I can. If there was a view that I could click on to show all accounts that support MFA/2FA or an icon/note on the detail page this would help me identify and setup MFA on other accounts. I normally use this site to identify sites but its not exactly easy to use or identify the sites I use. https://twofactorauth.org/

I really like Enpass and use it multiple Windows devices. Everything works fine. Then I activated OneDrive two factor authentication, and sync stopped working. I installed Enpass new device while havin 2FA enabled. It could read data from OneDrive, but after initial load sync didn't work. After disabling 2FA sync started working with every device. Any workarouds? Any fix coming up? Or is this stupid user error?

I am looking for a solution to the problem of using Enpass locally between iPads, iPhone and MacBook Pro. Whilst using the iPads, I've employed my own hosted WebDav but again the management of such a server requires time and effort unlike iCloud, OneDrive for Business or local Folder. Cloud sync would be good if it is a Trusted store such as Apple or Microsoft. But do we really 'trust' these big corps with our password data? I would like to build a cross platform WebDav for secure password management for people to use solely for this purpose only. Who would be interested? I'm thinking deploying WebDav on a Swiss Server, designing a web interface for Enpass and then syncing between devices through WI or SSH. I've tested WebDav and EnPass on Digital Ocean before but it's a lot to manage. Any other solutions to secure cloud password storage?

Simply put I'm suggesting a multi-line text field that can be secured. Sites using multi-factor authentication (MFA) often have a set of recovery codes. One can't add these easily to Enpass as I don't have an option to have a secure text field. While talking about fields it could be nice to have a master list of fields that are already setup and can be added to any item (ie, I just add the recovery codes field I've already added).