Jump to content
Enpass Discussion Forum

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General discussion
    • Hot topics
    • Enpass Support & Troubleshooting
    • Registration and Purchases
    • Autofilling and Desktop Browser Extensions
    • Data Security
    • Announcements
  • Help us improving Enpass
    • Feature requests
    • Enpass Beta
    • Localization
  • General discussion

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Hi I have recently read an article written by Tavis Ormandy, Link. So I'm curious to know that Enpass have these vulnerabilities or not?. Thanks
  2. Hello, I am relatively new to Enpass, I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure? This means that the Masterpassword is stored locally on the flash memory. This and the fact, that there have never been an security audit for iOS really worries me. Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit.
  3. Good idea for future new feature, if will be exist in Enpass App for adding 2FA not one option but two options. Add 2FA - First option, scan QR Code Add 2FA - Or second add 2FA into Enpass via Security Code (some apps or websites not create QR Code but provide only Security Code) EDIT: Sorry guys :-D Now I looked, and Enpass is ready for this .. oh my eyes I maybe need glasses
  4. Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have an internal database of security breaches (database with information about hacked websites where user-data was stolen). In this database they store the website and also the date of the breach. 1Password stores for password entries two modification dates: modification date of the password modification date of the entry 1Passwor
  5. There are two ways to code Face ID on Android. One that requires you to press the confirm button after the face recognition process and one that doesn't. The extra confirm button press doesn't add any additional security. I wish Enpass would switch to the one that just unlocked when it saw your face. I have uploaded an example of the Experian app that used the one that doesn't require a confirm button press.
  6. Hi there, Just a simple request: That Enpass has the ability to generate custom keyfiles. By default, Enpass estimates certain policies for its generation (128-bit or 256-bit), and as an option, it can be of almost any type of file extension (which is not so obvious, for advanced users). Even if it may be possible to use images with hidden text (steganography), either generated within the same Enpass or by third-party software. Understanding that steganography does not encrypt content, but as a way to hide already encrypted content in an image. KeePass (and clones) allow
  7. After using 1Password for a long time, I plan to go back to Enpass, the first password manager I used. This is mainly because multiple vaults are available in the latest Enpass versions. My 1Password account is secured with a master password, secret key and 2FA. At Enpass I will have to use a keyfile to make the vault just as safe. But where can I store my keyfile the best and easiest so that I can access it on any device (Windows, Android smartphone, Chromebook)?
  8. I am a big fan of Enpass in China. However, I find Enpass take so much CPU time and send/receive so much traffic through internet. As a password manager app, I believe it do not need use CPU so often, or it do not need to send traffic so much.
  9. I've been using Enpass for a while now and i'm well satisfied as my first password manager. An aspect that concern me the the most though, is the lack of protection aganist a master password sniffing attack or leak. Basically, as i understand, if you have the master password you can decrypt the database and take all the passwords, easy, without a second factor authenticantion or somenthing similar to stop it. And since you need to manually insert the master password everytime you want to unlock Enpass, this make the job easy for a keylogger, a zero day virus, or even a random security came
  10. In the security settings it is clearly stated, that when using biometrics the master password has to be entered after a restart. However, after I restart my android phone I am still able to login with just my fingerprint. In my opinion either the description or the behaviour has to be updated. Better would be the behaviour since the password is currently stored somewhere on the device.
  11. The less information that I need to provide, the more privacy, the more secure. I don't like that I need to register with an email address. (especially for the free/lite version.) Thank you.
  12. Maybe you read the headlines: There was a massive iPhone hack. A Google team has found that thousands of iPhones were hacked - just by visiting a infected website. This allowed the attackers comprehensive access to the data in the iPhone: WhatsApp, Signal, SMS, gps-location, photos, contacts and - yes - even the keychain with the passwords should have been open. An incredible Bug! My question: Was Enpass also affected? Could attackers - even theoretically - read the passwords from the Enpass database? As far as I know, Enpass uses the iOS keychain to store the masterpa
  13. I've recently installed Ubuntu 19.04 on my laptop with UEFI/SecureBoot and disk encryption enabled. when i tried to restore my vault from my cloud drive, it doesn't accept my masterpassword. after some research I found this: Is there an option to restore the vault with while keeping my disk encrypted? Like to see your thoughts.
  14. I ran across an interesting article about some other well-known password managers out there, like 1Password, KeePass, DashLane & LastPass. https://www.securityevaluators.com/casestudies/password-manager-hacking/ If that's too technical, read ZDNet's summary on this article: https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/ While I was pleased Enpass wasn't on the list, I suspect it might be due to lack of significant market share like some of the other products. But I'm also very curious about the steps Enpass is taking to h
  15. Hello, KeePass offers in the options the feature "Enter master key on secure desktop". When this option is checked then the dialog for entering the master password is shown on a secure desktop. This should prevent keyloggers from stealing the master password. Details about this feature you get here: https://keepass.info/help/kb/sec_desk.html If you want to see a screen shot of this feature, just google for "KeePass Secure Desktop" and you will find screen shots like this: (Source: https://img.raymond.cc/blog/wp-content/uploads/2016/02/secure-desktop.png) It would
  16. I talked with a colleague about password managers and he suggested 1Password. On the website of 1Password I saw on the "Tour" site (https://1password.com/tour/) some features of 1Password. One feature is very interesting and increasing the security: They show which sites in your vault support TOTP but the user has not set up TOTP. Here is a screenshot from the 1Password site: Suggestion In Enpass add the entry "Missing TOTP" in the section "Password Audit". Here you should show all password entries, where TOTP is possible but not set up by the user. Here is
  17. Dear Developer, Enpass is very good app but i miss some features like device administrator. For protecting app from uninstalling via other unauthorized persons.. or accidentally uninstalling... Also add fevicon as soon as possible. And add full UI change log in new updates description in google play so we can check on which area you modify UI.
  18. Hello, I read in a computer magazine that there is a new Browser Extension for Google Chrome called Password Checkup https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno When I sign into websites this extensions checks if the password that I have entered is pwned . Then a message box is shown telling me if the password was pwned (message box is red) or if my password is still safe (message box is green). I think it would be useful when Enpass also checks passwords at login. But you should only show a message when the password was pwned.
  19. Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have a internal database of security breaches (the site was hacked and user data was stolen) and check if the password of the specified website was changed after the breach. So they have two modification dates: one modification date of the password itself and one for the total entry. Example: The password entry for a page was last changed today
  20. Can we integrate the PC/Desktop app to use Windows Hello as a login option just as the iPhone app uses TouchiD/FaceiD? I have a laptop, iPhone, and Microsoft Surface Tablet and it would be great if the user experience could be similar across all platforms. This request was being worked on since last year and I am surprised that the MS Store App version of Enpass is NOT updated to use the Windows Hello feature since they promised to include this functionality in a newer version of the app.....! Here's the link:
  21. Hi there, I'm a long time user, and generally a big fan of Enpass across my devices. I recently updated the certificate on my Webdav instance and hit sync on my devices, and no notification was given on this change. Given the nature of Enpass, I believe at minimum a notification should come up advising the certificate has changed and requesting a confirmation of trust. Some sort of certificate pinning solution would also work. I use Let's Encrypt, so this would be inconvenient to me (given it updates every 3 months or so), however I feel the security/convenience trad
  22. Hi, I would like to propose the following feature: As a security conscious user who also values convenience I would like to be able to: for N minutes after unlocking the app with my passcode unlock the app again using touch ID This way I would achieve the following goals: Enpass would never be left fully unlocked (i.e. changing into the app via multitasking, activity or tapping the icon should never lead into an unlocked app) Enpass would still regularly require the full passphrase Touch ID would be used as a convenient temporary unlock Thereby,
  23. How can I remove my profile from this forum software? I have no intention of using enpass, and I do not want to maintain an account here.
  24. Hello Enpass-Team, happy new year to you! I'm a very happy user of Enpass and it's perfect usability. But since some week's I'm frightened about the usage of password-managers because of the released information regarding Meltdown and Spectre (CVE-2017-575, CVE-2017-5715 and CVE-2017-5753) Especially Meltdown can lead to a dump of the Memory of Applications like Password-Managers, which are one of the most valuable targets! I know, that MicroCode-Workarounds for CPUs and OS-BugFixes are on the way, but I want to ensure, that you have implemented Enpass in a way, to minimized
  25. Hello, Here is a proposal to enhance security mainly for cloud/webdav users but not only : The goal of 2FA is to have two different things to use for authentication (basicaly something we know, something we have, ect...) As such, I feel that storing 2FA and passwords in the same storage renders 2FA completely useless. Wouldn't it be better if it was possible to split passwords and 2FA data in different files in a different location ? or even having two different apps. I've given some though about this and off course, I think any developer would agree this should be even in complet
×
×
  • Create New...