Jump to content
Craig

Always needs Master Password

Recommended Posts

Hi,

I'm running on Android 4.0.3 and it seems that I always need to type in my Master Password: I never get a chance to use the PIN... even after a minute or two, even though in the settings I have it set to 12hrs.

Any ideas on what's going wrong?
(If it's relevant, I am using sync on an OwnCloud/WebDAV server)

 

Cheers,

Craig.

Share this post


Link to post
Share on other sites

Hi @Craig,

After setting PIN, Enpass asks for master password if the App has been freshly started (killed by OS or by swiping it up from recent Screens or you restarted the device). 

For test purpose, please let us know if it still asks for master password when just after setting the PIN you send Enpass to background and bring it back to foreground after 5 seconds.

Thanks!

Share this post


Link to post
Share on other sites

A 5 seconds test -- what is the point of that? But to answer your question, yes, I can flip back and forth from app to browser. If the OS kills it however (which is all of the time), then I have to re-enter the Master Password, which is too cumbersome to use on a daily basis on a mobile.
Other Password Managers have a 'log in once and then use the pin' afterwards -- even after days of no usage.

 

Share this post


Link to post
Share on other sites

Hi @Craig,
5 seconds test was just to check if the Enpass's default behavior of unlocking with PIN is working correctly because in 5 seconds the chances of being killed by OS are very low. As far as we understood, you are expecting a full time PIN unlock behavior (like we have in iOS) where Enpass will never ask you for Master password even if killed by OS. Currently we don't have full time PIN unlock feature, but we do have Full time Fingerprint feature and that is for Android M devices with fingerprint sensor as mentioned here https://www.enpass.io/blog/Enpass-5-for-Android-Fingerprint-support-Autofill-and-much-more/.

Shortfall of Full time PIN unlock in Enpass is for the sake of security of Master password because we don't have any Android-provided approach to secure Master password on pre Android-M devices. More at: https://www.enpass.io/unlock-using-fingerprint-in-android-marshmallow-security/

We can understand that at times, it becomes cumbersome to provide Master password but currently we don't have any secure way to implement this feature. Yes, other password managers (mainly Online one) can do this by authenticating your unlocking attempt by saved tokens, but being an offline password manager, Enpass has no such option (currently).

Cheers!

  • Like 1

Share this post


Link to post
Share on other sites

So, what you're saying is: On Pre Android-M systems PIN unlock does not work. On Android-M systems you can use your fingerprint (which I'd never do!).

So, either way you have provided something that a) doesn't work and b) will never be used! I had already paid for this (because I have a large number of entries), with the assumption that a PIN unlock would be something that actually worked and was usable.

There is of course a simple developer solution: create a service that is long running and encrypt the master password using the PIN and store the encrypted result in that service. I'm relatively sure that's what other password managers do (hint: 1password is NOT an online service).

Unfortunately, I'm off to a) look at other password managers again and b) give 1 star for completely wasting my time and money through a bogus marketing ploy.

Disappointed,
Craig.

Share this post


Link to post
Share on other sites

Hi @Craig

Sorry for the inconvenience caused to you. But starting a service the way you described doesn't qualify a good use case from our perspective to consume precious system resources. It seems the other password manager you suggested also asks for Master password once the App is killed.

At the moment (if you can update your Android system to 4.1), the possible work around is to enable the Autofill service of Enpass to keep it always alive in background (as a protection against being killed by OS). And then you will always prompted for PIN until the service is running.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...