Jump to content
Enpass Discussion Forum

BUG: Password Audit > Identical has a lot of inaccuracies


100 Watt Walrus
 Share

Recommended Posts

Beta 6.4.2 (667)

I was poking around in Password Audit > Identical today and have run into a handful of issues:

1) If you're in All Vaults, the sidebar shows a count of "identical" passwords, but when you click on that category to view them, it's empty — the only way to see a list of identical passwords is to choose a particular vault first.

2) The count is inaccurate — in my primary vault, the sidebar shows 22 items, but only 12 appear in the list

3) Many of the items shown as identical are not identical — some of them are similar (the first 16 characters are the same, but last several characters are customized per site)...

4) ...but those first 16 characters are the same in a several of my passwords, so if bug #3 is because the app is (for some reason) only looking at the first XX characters in order to call them "identical," why did it only find 2 "matches"?

5) Of the 12 items shown, 2 of them are grouped all by themselves — listed as matching, but there are no matches.

(And just to head off at the pass anyone who might want to admonish me for using passwords that have 16 characters in common, I have lots of entropy after those 16, and I'm in the process of randomizing all my passwords, but that takes time.)

1558480991_Enpass22identical22bugs.thumb.png.8795f717cd5503c7dc708e899608c25b.png

Link to comment
Share on other sites

Hey @100 Watt Walrus

Sorry for the trouble you are going through and thank you so much for the explaining the scenario in detail.

On 6/28/2020 at 10:04 AM, 100 Watt Walrus said:

1) If you're in All Vaults, the sidebar shows a count of "identical" passwords, but when you click on that category to view them, it's empty — the only way to see a list of identical passwords is to choose a particular vault first.

2) The count is inaccurate — in my primary vault, the sidebar shows 22 items, but only 12 appear in the list

To check further on this issue, we want little input from your side so please let us know:

  • Total numbers of vaults and which cloud services you are using to sync the data?
  • Number of identical items showing in each vault?
On 6/28/2020 at 10:04 AM, 100 Watt Walrus said:

3) Many of the items shown as identical are not identical — some of them are similar (the first 16 characters are the same, but last several characters are customized per site)...

4) ...but those first 16 characters are the same in a several of my passwords, so if bug #3 is because the app is (for some reason) only looking at the first XX characters in order to call them "identical," why did it only find 2 "matches"?

5) Of the 12 items shown, 2 of them are grouped all by themselves — listed as matching, but there are no matches.

(And just to head off at the pass anyone who might want to admonish me for using passwords that have 16 characters in common, I have lots of entropy after those 16, and I'm in the process of randomizing all my passwords, but that takes time.)

 
One of the possible reasons might be these items (which you have mentioned) have more than one password field. To investigate further on this issue can you please open these three items one by one in edit mode and check if they have more than two password fields. Or please click on the "Show Webform" of each items on the info page and check if there is any password field having a similar password.
 
Thanks for your co-operation.
Link to comment
Share on other sites

Hi Garima. Here's the details you're looking for:

Five vaults — 3 on separate Google Drive accounts, 1 Dropbox, 1 Box.

My primary vault — where the sidebar shows 22 but the list is only 12 — is one of the Google Drive accounts.

None of these records have more than one password field. Each of them do have additional sensitive fields, but those are not Field Type = Password (one is Text and one in Multiline).

Also, none of them have webforms. I've never used them. I don't even know where to find that feature.

FYI, I created my own simplified templates and always use one of those for every new Item (it's impossible to choose my own default template, so I have Ask to Save New Logins turned off)...

...but actually, I don't even use the templates because it's faster to just have keep empty Items made from those templates at the top of the alphabet in each vault, and just duplicate them whenever I need need a new item. (CMD+D, and just start typing — that's a lot faster of having to click +, then click a category, then click a template). Screenshot below for clarification.

100WattWalrus's non-template template.png

Link to comment
Share on other sites

  • 2 months later...

Hi @Pratyush Sharma,

Most of the issues seem to be fixed, except for 

On 6/27/2020 at 9:34 PM, 100 Watt Walrus said:

3) Many of the items shown as identical are not identical — some of them are similar (the first 16 characters are the same, but last several characters are customized per site)

For example, All Vaults > Identical currently has a count of 52 (accurate), the biggest group of which is 19 supposedly "identical" passwords — but in fact, while all 19 passwords in this group begin with the same 8 characters, most of them have different additional characters. These 19 shown all together should actually be split into 5 different sets of identical passwords:

  • 3 of them are identical to each other, and consist of just those 8 characters (the unlock code on devices with a shared user account)
  • 2 of them are identical to each other, but not to the to other 17
  • Another 2 are identical to each other, but not to the other 17
  • 9 of them are identical to each other, but not to the other 10
  • 3 of them are identical to each other, but not to the other 16

So it looks like Enpass may not be comparing the entire password before calling them "identical."

That's not necessarily a bad thing in terms of the end goal (totally unique passwords for every account, not variations on a theme), but it is inaccurate, exposes the shortcomings of Enpass's "identical" tool, and potentially misleads the user into thinking they have more matching passwords than they really do.

 

Link to comment
Share on other sites

  • 8 months later...
  • 3 weeks later...
  • 8 months later...

Hi @Schtief

On our end, we were able to reproduce the issue, which leads to the application not showing identical passwords in some cases. We are now working on a patch that addresses this issue, and it will be released in the near future. Thank you for your patience during this time.

 

 

  • Like 1
Link to comment
Share on other sites

  • 1 month later...
  • 3 months later...

Unfortunately the bug is back in the current version 6.8.2 (1084) on Windows 10. I recently created a new entry that now appears as identical. In the counter 20 duplicates are marked and when counting there are only 19 (with the NOT duplicate login included). The other 18 entries are true positives.

Why is this happening all the time? Can you please explain a little about fixing this issue? I do not understand what is the difficulty about this.

Link to comment
Share on other sites

Hi @Schtief

We are looking into the concern reported by you but require some additional information in this case -

  1. On which all devices ( along with OS version) are you using Enpass.

  2. Number of items and vaults.

  3. Cloud services you are using to sync?

"In the counter 20 duplicates are marked and when counting there are only 19 (with the NOT duplicate login included)."

Can you please explain a little bit more, it will help in a clear understanding of the problem before proceeding further, or a screenshot of the issue?

Link to comment
Share on other sites

On 9/1/2022 at 12:56 PM, Abhishek Dewan said:

On which all devices ( along with OS version) are you using Enpass.

Windows 10 21H2, iOS 15.6.1 and MacOS 12.5.1.

On 9/1/2022 at 12:56 PM, Abhishek Dewan said:

Number of items and vaults.

I am using 4 vaults with a total of 183 records.

On 9/1/2022 at 12:56 PM, Abhishek Dewan said:

Cloud services you are using to sync?

I am using 2x WebDAV, iCloud and OneDrive.

On 9/1/2022 at 12:56 PM, Abhishek Dewan said:

Can you please explain a little bit more, it will help in a clear understanding of the problem before proceeding further, or a screenshot of the issue?

The second entry in the screenshot is not duplicated.

1459490321_Screenshot2022-09-03211010.thumb.jpg.d620d316b7082f47cfc10ad1ccd54c84.jpg

Link to comment
Share on other sites

Hi @Schtief

We have identified some issues on our end, due to which we believe this issue is occurring. Our dedicated development is now working on correcting it, and a fix will be available in the upcoming release. In the meantime, you can also try our beta for the Enpass version (6.8.3) from here. Any feedback will be much appreciated.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...