Kashish Posted August 21, 2020 Report Posted August 21, 2020 Hey Enpassians! We hope you are doing great and making the most of your time. The latest Beta v6.5.0 for on Windows Store comes with the ever-awaited "full-time Windows Hello" support. You can enjoy continuing using Windows Hello even after the system or app restarts. Go ahead and put your bio-metrics to test with the new feature. What's New: · One of the most requested features— "Full-time Windows Hello support" is here. Now you need not enter the master password after the system/app restart. · Added an option to delete the unnecessary fields from the saved web forms. Navigate to the 'Show Webform' on the detail page of the item. Fixes: · Fixed an issue where some of OneDrive users were getting a password-mismatch error as "Password of data on OneDrive is required." Now fixed. Affected users first need to delete data from OneDrive (option to delete data is present while disconnecting the sync from the cloud). · Few of our users reported an error code 1208400 while syncing with OneDrive. · The issue where the order of the fields is getting shuffled for a custom template on syncing with other devices. · An issue where custom icons display as black. · Fixed an issue where the deleted items were visible under associated tags. · Squashed a bug with CSV importer. · Instead of the word TOTP, Enpass now uses the terminology One-time passwords. · The issue with URL marked as private did not mask. · Some of the keyboard shortcuts were not working consistently in Enpass assistant. · The cloud icon didn't display on the vault list. Get your hands on this beta version and share your valuable feedback. If there are other improvements you'd like to see, please leave a comment below. Cheers! 1
tox1c90 Posted August 22, 2020 Report Posted August 22, 2020 Hi @Kashish, I just updated to 6.5.0 and had to re-enable Windows Hello (maybe it got disabled due to the changes made for full-time Windows Hello support). However, it seems like it is not working as intended for me, because it says "Master password is required every time you restart Enpass". So I restarted Enpass and indeed I had to enter the master password. Are there any additional requirements for the full time Windows Hello support? I know that it worked on my PC using the old Enpass UWP for Windows 10. There I had the full Windows Hello support because I fulfilled all the requirements, i.e. TPM 2.0 enabled, UEFI boot without CSM, SecureBoot enabled. So Enpass UWP was able to use the TPM to safely store the credentials. Did the requirements change with Enpass 6.5.0 in comparison to the Enpass UWP regarding Windows Hello support?
Samuela Posted August 24, 2020 Report Posted August 24, 2020 @tox1c90, you have downloaded the website version or store one?
tox1c90 Posted August 24, 2020 Report Posted August 24, 2020 (edited) I am talking about the store version, of course. I got it working now on another computer, which is a Surface Go tablet from Microsoft. Only difference in configuration which I am aware of is that it's using a different TPM. The Surface Go is using it's Intel fTPM (firmware/platform TPM 2.0), while my desktop computer has a discrete Infineon TPM module (also TPM 2.0, latest firmware). Both claim to fully support "Key attestation". I remember last time I was using the old Enpass UWP version (which already had full-time Windows Hello), I was using a different discrete TPM module on the same mainboard. It was a Nuvoton TPM 2.0, which I got replaced by the Infineon because it was painfully slow in comparison. However, full-time Hello was working with the former TPM module. Maybe, this could be something for the developers to check? Could it be that Enpass was tested against the built-in Intel/AMD platform TPMs only? For me, using a discrete TPM module was always preferable, because it survives an UEFI or Intel management engine update / reset to defaults without clearing or wiping the TPM. If I find some time, I will also try to check a few things on my side, like e.g. swapping the different TPMs (Intel vs. Nuvoton vs. Infineon) to see if I can finally get it working again. Edited August 24, 2020 by tox1c90
dan45 Posted August 25, 2020 Report Posted August 25, 2020 in Windows Store I don't find the v6.5 Version. How can I get it?
Garima Singh Posted August 26, 2020 Report Posted August 26, 2020 Hey, @dan45 Enpass v6.5.0 for windows platform is still in beta phase. To join the beta program please revert us back so that we can go ahead. @tox1c90To determine whether the device should support Full-time Windows Hello, Enpass relies on the this API provided by the Microsoft: This is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case. The API is not returning attestation info on your first PC and hence the message. UWP version also had the same logic. Also, please check if there is any firmware update available for your TPM. Windows will mark it untrusted if a vulnerability is found for TPM and restore when updated with a fixed firmware. Thanks.
dan45 Posted August 26, 2020 Report Posted August 26, 2020 Yesterday I Have signed up for beta Programm with my Store ID but I dont get the Version.
dan45 Posted August 27, 2020 Report Posted August 27, 2020 I've tried Windows Hello with PIN, because I need a new fingerprint stick. On my Laptop mit Onboard Intel TPM with fingerprint in works fine. On my PC with seperate Asus TPM 2.0 Module (Infineon) it doesnt work, after restart I have to enter the Master-Password. Can you tell me which TPM Modul I can buy for my motherboard, that works? Thanks
Dentonthebear Posted August 27, 2020 Report Posted August 27, 2020 18 minutes ago, dan45 said: On my PC with seperate Asus TPM 2.0 Module (Infineon) it doesnt work, after restart I have to enter the Master-Password. Can you tell me which TPM Modul I can buy for my motherboard, that works? Thanks Hi @dan45 Before thinking about changing your TPM check that the firmware is up-to-date and I would suggest also resetting it. Microsoft's guide to resetting the TPM: https://is.gd/3bYNYy Thread on the ROG ASUS forum: https://is.gd/2ll2kh
dan45 Posted August 27, 2020 Report Posted August 27, 2020 (edited) Tried both, but still doesn't work. Edited August 27, 2020 by dan45
Garima Singh Posted August 28, 2020 Report Posted August 28, 2020 Hey @dan45 Thanks for getting back. On 8/26/2020 at 6:02 PM, Garima Singh said: To determine whether the device should support Full-time Windows Hello, Enpass relies on the this API provided by the Microsoft: This is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case. The API is not returning attestation info on your first PC and hence the message. UWP version also had the same logic. Also, please check if there is any firmware update available for your TPM. Windows will mark it untrusted if a vulnerability is found for TPM and restore when updated with a fixed firmware. Please go through the above quoted text and the link which is mentioned and let us know if this doesn't help. Thanks.
dan45 Posted August 28, 2020 Report Posted August 28, 2020 so now i cleared the module over bios, after that I disabled Windows Hello in Windows and reactived it. Then I enabled Windows Hello in Enpass and now it works. Great work thank you 1
tox1c90 Posted August 29, 2020 Report Posted August 29, 2020 (edited) I wasn't able to get it to work using the Infineon TPM 2.0 module on my Asrock board, despite using the latest firmware. Also tried clearing the TPM and setting everything up from scratch (Windows Hello, Bitlocker TPM and so on...). I also noticed that the event log throws a Certificate Error on each boot regarding the TPM attestation, saying that the public and private key are not cryptographically bound. Most likely this is also the problem that leads to the failed check which Enpass is calling. However, I was able to fix the problem - by removing the Infineon TPM module and putting the Nuvoton TPM module back in (my board vendor Asrock is actually selling two versions of the TPM 2.0 module - one made by Infineon, the other made bei Nuvoton). This fixed both the event log errors as well as the ability of Enpass to use full-time hello. For people thinking about how to achieve a compatible combination of Enpass, Hello and TPM, I attached a screenshot showing my TPM properties and firmware version. Edited August 29, 2020 by tox1c90
Remy Posted September 12, 2020 Report Posted September 12, 2020 (edited) Hello, maybe it's nice to tell users that they need a TPM chip for this :P, my laptop with build in chip works correctly, on my desktop I need to buy a separate chip. But thank you so much for this update! Is there a way to not have to click on the windows hello icon but automatically use Windows Hello instead of master password? Edited September 12, 2020 by Remy
Pratyush Sharma Posted September 14, 2020 Report Posted September 14, 2020 Hi @Remy, Currently, there is no way to use Windows Hello without clicking on the icon at the first launch. However, we do have plans to improve the functionality, and update with the fixes will be available with the subsequent update.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now