September 8, 20178 yr Emergency access / disaster recovery - one-time-pad? One very handy feature of modern password managers (and cloud services such as Google's Inactive Account Manager) is that of "emergency access" for disaster recovery. You provide some sort of gated access to your data to trusted contacts such as your family, or business partners in the case of business passwords, and in the event of your untimely demise or incapacitation they can gain access to your data. The gated access part is usually a period of waiting where you are notified of the impending release of the data and have an opportunity to deny it. In Enpass' case, it'd be really neat to have a set of one-time-pad passwords that I could print out and stash somewhere safe that my trusted persons know about, and can use to access the enpass database. I can check whether anyone's stolen a one-time code by checking the next unused code (if it doesn't work, someone's used it!).
September 8, 20178 yr Hey @bdl We appreciate the idea but we're sorry to say this can't be done. Enpass is an offline password manager and we don't keep any of your data with us, Enpass doesn't even need signing up, to begin with. Enpass only uses the master password to encrypt your data and keep it safe and adding the suggested feature would serve as a backdoor for a potential attacker. However, you can create this safety measure by noting down your master password and keeping it in some place safe, like a bank vault. Thanks for your understanding.
September 9, 20178 yr Author G'Day Akash, I'm not referring to the usual "please support U2F / TOTP", rather I'm suggesting a change to the key management mechanism / KDF to support multiple key slots (e.g. Linux's LUKS supports 8 independent keys), and further for one of those slots to be an OTP. Having said that, of course there's nowhere enpass could store the OTP seed/counter/etc so I'll belatedly admit that that's a silly request. Another approach would be secret splitting: again, where the database supports multiple slots, one of those could be split (e.g. http://point-at-infinity.org/ssss/) and distributed to trusted people. Some number of these people would need to collaborate to recover the full key and access the database. As to storing the key offline: sure, but that has a bunch of issues incl. making key rotation a pain in the backside. Though if there multiple key slots that'd be easier to manage. So I suppose in an initial form, this feature request is really "please support multiple keys for accessing the database" with a bonus of "support secret splitting". I'm not entirely certain on how enpass uses sqlcipher - perhaps these feature requests should be for sqlcipher?
September 11, 20178 yr Hey @bdl Thanks for the detailed explanation. Now that you've cleared the specifics, I'm starting to think that this actually might be a very productive addition to Enpass. So I've noted down the suggestion for internal discussions. Keep Suggesting.
October 27, 20196 yr +1 to supporting Shamir's Secret Sharing for emergency access. I want to ensure that my family can access my passwords should I become incapacitated, but don't want to record my master password anywhere. Since you're already using PBKDF2, you could simply add some UI to expose the derived key as a set of Shamir shares, then add a recovery mode accepting the shares instead of the master password and reconstruct the derived key directly. In principle, you shouldn't need to change the existing encryption code or database at all.
December 17, 20205 yr Hey @chobo2 Welcome to the forum! Please note that this feature is already aligned for implementation in the future. However, we’re not sure of a specific timeline when this will be implemented. We appreciate your patience. Thanks!
December 22, 20205 yr On 12/16/2020 at 9:30 PM, Garima Singh said: Hey @chobo2 Welcome to the forum! Please note that this feature is already aligned for implementation in the future. However, we’re not sure of a specific timeline when this will be implemented. We appreciate your patience. Thanks! Ok, thanks do you know if this is going to be years away or months away?
February 4, 20215 yr +1 The article from the Bitwarden site gives a good explanation why this is a good feature to have esp due to COVID.
February 4, 20215 yr 3 hours ago, ikabupini said: +1 The article from the Bitwarden site gives a good explanation why this is a good feature to have esp due to COVID. Yep and why they got my business at the end of the day.
February 20, 20215 yr Any updates to the timeline for this feature? I really need this feature for future planning and would like to have something in place sooner rather than later. I'd rather not go to another service as I've already paid for enpass. Thanks!
February 22, 20215 yr Hey @MarkDownMark Thanks for letting us know that you would like to see this feature. Significant user demand is a big factor that determines our priorities for new features. I have shared it with our team.
January 4, 20224 yr Hi there! I where somehow 'shocked' to find this feature stll on a roadmap to be honest. I thought I would at least find a function like this after registering/signing up for a family account (as I could not find it in the trial). I didn't, since I ended up here at the forums. I see that the latest response is from februari last year, so is there any news regarding this? For me honestly this would mean a draw back on my subsccription yesterday, since this is a pretty mandatory feature/ functionality as per my opinion.
January 5, 20224 yr Hi @Mark Bevelander The requested feature is on our development roadmap. I will not be able to share any ETA for it right now, but I have shared your comment as feedback with the dedicated development team. Appreciate your patience and support in the meantime. #SI-573
March 31, 20232 yr Dear @Abhishek Dewan I hope you're well! This feature was suggested on September 9, 2017, and Akash Vyas stated that "this actually might be a highly beneficial addition to Enpass." I'm curious why this functionality hasn't been deployed till now?
March 31, 20232 yr Hi @Mohit Welcome to the Enpass Forums. Enpass developers are aware of the request for this feature and they have also investigated its feasibility. This feature may be included in future Enpass releases even though we have not yet received any specific version updates. Your support and patience are greatly appreciated.
April 17, 20232 yr Dear @Abhishek Dewan It's comforting to know that our Enpass developers are aware of the feature request. However, it has been more than 5 years and Enpass has not yet confirmed after investigation of its feasibility. I kindly request the Enpass team to confirm the deployment of this functionality because I have been eagerly awaiting it. Edited April 17, 20232 yr by Mohit
Create an account or sign in to comment