Jump to content
Enpass Discussion Forum

How secure is using PIN code for quick unlock on Mac without Touch ID?


Recommended Posts

Posted

Hi there

I´m using PIN code on Mac OS (MacBook without Touch ID) in oder to quick unlock enpass app running in the background?

I think that the master password is not saved on in Mac, even in ram.

This means unlocking with Pin Code doesn´t actually decrypt data in enpass.

Technically you can say enpass running in the background and locked with Pin is actually unlocked, right?

In case someone gets acess to an unlocked Mac with enpass locked with PIN (instead master passwors):

May it be possible that this person (that is is pretty much into IT / has former computer skills) could gain access to data saved in enpass?

Posted

Hi @Fab8

Unlocking via PIN is more of a convenience feature rather than security. In case of PIN, Enpass restricts access to data through User Interface without locking down the database. After three failed attempts, the database will be closed and a master password will be required next time.

20 hours ago, Fab8 said:

In case someone gets acess to an unlocked Mac with enpass locked with PIN (instead master passwors):

May it be possible that this person (that is is pretty much into IT / has former computer skills) could gain access to data saved in enpass?

Your master password does not remain in memory any time after initial unlock of database. However, running sophisticated attacks with administrative privileges are still possible. We recommend against using PIN in such environments.

:)

  • Like 1
Posted

Thanks @Vinod Kumar

There are two options for quick unlock: via PIN-Code (Mac without touch id) or via touch id.

You said: 

On 2/18/2021 at 2:03 PM, Vinod Kumar said:

Unlocking via PIN is more of a convenience feature rather than security. In case of PIN, Enpass restricts access to data through User Interface without locking down the database. After three failed attempts, the database will be closed and a master password will be required next time.

So while Enpass in running in the background using PIN-Code does only protect via user interface and does not actually a decrypt/encrypt operation.

I think this is different when using touch id as quick unlock via touch id does an actual decrypt/encrypt operation, right?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...