PatrickR Posted April 16, 2017 Report Share Posted April 16, 2017 The introduction of Quick Unlock by TouchID is a huge step forward for the usability of Enpass. However, in my opinion the promised perfect balance between convenience and security is still unmet due to the lack of a critical part: TouchID timeout. TouchID is not 100% secure as demontrated by security researchers who were e. g. able to replicate working fingerprints for TouchID. The logical consequence would be to disable TouchID in Enpass completely. However, this would not only eliminate the convenience benefit but also increase the risk of shoulder surfing. The solution is an adjustable timeout deciding whether TouchID will unlock Enpass or if the master password is required. In my current password manager*, I set it to one hour which is the perfect security/convenience tradeoff in my use cases. Patrick * TouchID timeout ist the missing feature that kept me fromswitching to Enpass. Link to comment Share on other sites More sharing options...
Anshu kumar Posted April 18, 2017 Report Share Posted April 18, 2017 Hi @PatrickR, Thanks for your suggestion. I have noted down your suggestion in our roadmap and will be available to you in the next major update of Enpass. Cheers! 1 Link to comment Share on other sites More sharing options...
PatrickR Posted April 19, 2017 Author Report Share Posted April 19, 2017 That's great news. Thank you very much. Link to comment Share on other sites More sharing options...
Recommended Posts