Jump to content
Sign in to follow this  
Peter Wang

on phone, create an option to always use PIN even on startup

Recommended Posts

Hi I'm a new user, I found out from this post while trying to figure out why my app always asks for master password when I have setup a PIN for it. Below is a quote I found from the post:

Quote

After setting PIN, Enpass asks for master password if the App has been freshly started

Now I realise this is a 'feature' but I think this 'feature' defeats the purpose of the pin due to the fact that I don't constantly keep the enpass app running so mostly of the time I don't get to use my pin. I setup a pin for convenience and I have a complex master password for security. Entering my master password with a little android phone keyboard is a pain.

Please create an option in setting -> security, something like "always use PIN" so some of us can choose to always use a PIN if there is one set.

 

Regards,

Peter W

Share this post


Link to post
Share on other sites

That sounds like a security risk because it gives your pin the same access level as the master password. -- Why not make your master password the pin. 

Edited by Michael

Share this post


Link to post
Share on other sites
On 20/06/2016 at 3:51 AM, Michael said:

That sounds like a security risk because it gives your pin the same access level as the master password. -- Why not make your master password the pin. 

The pin is supposed to have the same access level as the master password. This is the practice for even some internet banking app. Ultimately a pin is a security <-> convenience trade-off. And therefore the user should have a choice in the options to use the pin as master password replacement for mobile app only. This should satisfy both parties.

As for making master password the pin... No! That's a real security risk.

Share this post


Link to post
Share on other sites
Quote

The pin is supposed to have the same access level as the master password.
As for making master password the pin... No! That's a real security risk.

Your two statements seem contradictory to me. If the pin code is supposed to have the same access as the master password, how is making your master password the pin any less secure than having a pin in the first place?

You're essentially saying "I want two passwords to unlock Enpass, a secure one and a less secure one." Having two passwords doesn't make the app any more secure than using only the less secure one.

Edited by Michael

Share this post


Link to post
Share on other sites
On 08/07/2016 at 3:51 AM, Michael said:

Your two statements seem contradictory to me. If the pin code is supposed to have the same access as the master password, how is making your master password the pin any less secure than having a pin in the first place?

On 08/07/2016 at 3:51 AM, Michael said:

You're essentially saying "I want two passwords to unlock Enpass, a secure one and a less secure one." Having two passwords doesn't make the app any more secure than using only the less secure one.

Because the master password is also used on a desktop. when I'm using desktop I don't mind typing in the longer, more protective password because I have a keyboard. While on my mobile device, I do wish to set a pin which is equivalent to my master password for the sake of convenience. 

So from what you are trying to say, yes, it will be easier to compromise enpass on my phone with a shorter pin, however, that's a personal choice to make, and you will have to steal my phone, crack my phone lockscreen before I remote wipe my phone, and then guess my pin for enpass before accessing my password library.

I don't believe this is a new practice that you have never heard before, a few banking apps that I'm aware of in Australia and New Zealand (which is where I am) are also using this practice on their app.

Edited by Peter Wang

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...