Enpass master password and windows hello

[paulsiu]

Can someone verify if we can set it up so that the fingerprint reader on windows 10 can be used in place of the master password. I believe that this functionality current functionality works on certain machine with TPM, but can it work with a usb fingerprint reader connected to a win 10 machine.

Paul

 

[Anshu kumar]

Hi @paulsiu,

Thanks for writing in. 

1 hour ago, paulsiu said:

can it work with a usb fingerprint reader connected to a win 10 machine.

The minimum requirement is: Your USB fingerprint reader must be Windows Hello certified  or known to work with Windows Hello.

1. If your PC/machine doesn't have TPM chip, a software TPM will be used by windows. You have to unlock Enpass using your master password only at launch of app, afterwards you will be able to use your fingerprint to unlock.

2. If your PC/machine have a hardware TPM, you will be able to unlock Enpass with your fingerprint at any time, even at launch of app.

 

[paulsiu]

I was afraid of that. The chief reason I wanted to do this is to avoid entering any password. It's for a relative who's like totally terrible with password. She keeps forgetting them or type them incorrectly. Keeping the password shorter helps. If you increase it to a longer length to be secure, she's likely to tape the password on the table or have the same password for every website she uses.

So TPM isn't something that can be added on to a computer?

Paul

 

[paulsiu]

I did some research on why this may the case. My initial impression was that when  you use the fingerprint reader, you would use that to encrypt the password key file. Essentially, your fingerprint is the master password. Based on your comment, this is not the case. Instead, the fingerprint only allow you to access a stored copy of the master password. Because the master password must be stored, there's no safe way to do this without using something like a TPM, is that correct?

Paul