Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

I'm unable to open Enpass.  I get the screen indicating Windows Hello, but the prompt doesn't come up for Hello, password or pin.  I uninstalled and reinstalled Enpass, and initially it worked again, but a few days later, I'm getting the screen without the prompt.  

 

Screenshot 2021-03-14 07.57.33.png

Posted

Hi @Terri Breining,

Sorry for the inconvenience caused to you.

We have released a beta update for the Windows OS including fix for this issue and will soon be releasing the stable version. Meanwhile, if you are interested in joining the beta version, please share your Microsoft ID with me via PM or support@enpass.io. We would love to have your feedback on the beta version.

Posted

Unfortunately, I haven't been able to test the beta yet because my notebook is broken and will be repaired.

On 3/15/2021 at 2:38 PM, dan45 said:

hi @Pratyush Sharmahow can I get beta-versions?

Try out Enpass beta

On 3/12/2021 at 9:59 PM, gpf said:

Thanks for the suggestion, I'll try that out. Is the layout and functionality the same in that version?

The only difference I found is the program icon.

  • Thanks 1
Posted

I'm seeing the same thing.  It was working fine until the March update to Windows 10 20H2.  If I uninstall the update Windows Hello will work again with Enpass.  As it is, Enpass is unusable because there is not even an option to type a password.

Posted

Hey All,

Thanks for the patience. I'm glad to share that the stable version of the Enpass (v6.6.1) with the Windows Hello fixes has been released. Please update the Enpass app and share your feedback.

  • Like 1
  • 1 month later...
Posted

I'm using version 6.6.2 (826) from the Windows store, and Windows Hello login still does not work on launch. I've tried reinstalling the app but it does not work. I still have to enter the master password on launch on my PC.

The settings screen also still mentions this:

image.png.ee21f56322322fe62c6c3497424b7507.png

Posted

Hi @singularity0821,

Sorry for the inconvenience caused to you.

Whether the full-time Window Hello will work on any device totally depends on the Windows itself.

To determine the compatibility of the device to support Full-time Windows Hello (feature is only available with Enpass Store version), Enpass relies on this API provided by the Microsoft . It is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case. Although for external TPM is available in the market we cannot ensure that they will support the given API.

  • 1 month later...
Posted (edited)

I am also having the same issue where Enpass will not unlock using Windows Hello after the first time it is started/restarted.

Enpass Security Screen

image.png.4a1cc1b683ab89216341c38668857248.png

 

Below are my system details:

OS: Windows 10 Pro 20H2 19042.1052 x64
Enpass Version: 6.6.1 (804) from the Microsoft Store

 

Security Processor Details

image.png.0a5bbee75cba0ab63a3f0ae3daa10f9a.png

 

Get-TPM

TpmPresent                : True
TpmReady                  : True
TpmEnabled                : True
TpmActivated              : True
TpmOwned                  : True
RestartPending            : True
ManufacturerId            : 1229870147
ManufacturerIdTxt         : INTC
ManufacturerVersion       : 403.1.0.0
ManufacturerVersionFull20 : 403.1.0.0

ManagedAuthLevel          : Full
OwnerAuth                 :
OwnerClearDisabled        : False
AutoProvisioning          : Enabled
LockedOut                 : False
LockoutHealTime           : 2 hours
LockoutCount              : 0
LockoutMax                : 32
SelfTest                  : {}

 

Get-TpmSupportedFeature -FeatureList "Key Attestation"

key attestation

 

Get-TpmEndorsementKeyInfo

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            :
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00020000, TPMModel=CNL, TPMManufacturer=id:494E5443

                           [Issuer]
                             CN=www.intel.com, OU=TPM EK intermediate for CNL_EPID_POST_B1LP_PROD_2 pid:9, O=Intel
                           Corporation, L=Santa Clara, S=CA, C=US

                           [Serial Number]
                             ****************************************

                           [Not Before]
                             13/2/2018 8:00:00 AM

                           [Not After]
                             1/1/2050 7:59:59 AM

                           [Thumbprint]
                             ****************************************
                           }

 

Get-TpmEndorsementKeyInfo -Hash "Sha256"

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            : ****************************************************************
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00020000, TPMModel=CNL, TPMManufacturer=id:494E5443

                           [Issuer]
                             CN=www.intel.com, OU=TPM EK intermediate for CNL_EPID_POST_B1LP_PROD_2 pid:9, O=Intel
                           Corporation, L=Santa Clara, S=CA, C=US

                           [Serial Number]
                             ****************************************

                           [Not Before]
                             13/2/2018 8:00:00 AM

                           [Not After]
                             1/1/2050 7:59:59 AM

                           [Thumbprint]
                             ****************************************
                           }

 

Output from the WindowsAttestationTest_1.0.0.0_x86 App

21:33:38.4189779 HelloSupported::True
21:33:38.4239986 KCM::OpenStatus::NotFound
21:33:38.4259780 KCM::OpenFailed::RequestingCreate.
21:33:41.0279789 KeyRetrievalStatus::Success
21:33:43.1271809 GetAttestationStatus::Success
21:33:43.4383245 PublicKeySignStatus::Success
21:33:43.4383245 PublicKey::********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

 

Will you be able to assist please? 

I have attempted the following but the issue still persists:

1. Clear the TPM both from Windows and the BIOS

2. Re-enroll Windows Hello.

3. Cleared Enpass data and restart from fresh.

 

Thank you.

Edited by Plexion
Posted (edited)
On 6/29/2021 at 2:27 PM, Anshu kumar said:

Hi @Plexion,

As mentioned by @Pratyush in the post above, it is the Windows itself which decides whether Enpass can be always unlocked using Windows Hello.

To determine whether your device have support Full-time Windows Hello, please have a look at these troubleshooting steps mentioned by @Garima Singh

Hope this helps!

Interestingly Bitwarden does support full-time Windows Hello, while Enpass does not. So I'm not sure if it's an issue with our devices.

Edited by singularity0821
Posted (edited)
2 hours ago, Anshu kumar said:

Hi @Plexion,

As mentioned by @Pratyush in the post above, it is the Windows itself which decides whether Enpass can be always unlocked using Windows Hello.

To determine whether your device have support Full-time Windows Hello, please have a look at these troubleshooting steps mentioned by @Garima Singh

Hope this helps!

 

Hi @Anshu kumar

If you have read through my entire post, you will notice that I have gone through all 3 pages of this thread, and provided all the information your team has requested for throughout, including those highlighted in the link you have provided.

Kindly please check my previous post once again, for all the information requested, including the output from the test app. Windows Hello is said to be supported by the test app.

Edited by Plexion
  • 2 weeks later...
  • 1 month later...
Posted (edited)

I am also having the problem of Windows Hello not working when first launching the app after first boot. However this problem only started to happen when I had to reimage my laptop. Before reimaging, it worked as expected and Windows Hello would always work, even after reboot. This tells me that my hardware does support the ability to do Full Time Windows Hello, and I can confirm that the laptop has an OEM TPM 2.0 chip that came with the laptop (not a TPM added after the fact). This tells me that it is a problem with the Enpass App, and not with my hardware.

I am using the 6.6.3 (836) version of the app from the Windows Store on Windows 10 21H1. Below is the results from the WindowsAttestationTest app:

 

21:25:40.0438434 HelloSupported::True
21:25:40.0578458 KCM::OpenStatus::NotFound
21:25:40.0588455 KCM::OpenFailed::RequestingCreate.
21:25:46.1298155 KeyRetrievalStatus::Success
21:25:48.0390590 GetAttestationStatus::Success
21:25:48.3560603 PublicKeySignStatus::Success
21:25:48.3560603 

If you need additional information to help troubleshoot and resolve this issue, I will gladly assist.

Thank you.

Edited by Rojma
  • 2 months later...
Posted

Hello @Anshu kumar & @Pratyush Sharma there have been no replies on this for 2 1/2 months. I now have a third machine which was working fine that after reimaging now no longer works. I have to put in the password after reboot, and only then can I start using Windows Hello. Before reimaging I did not have to do this and I was able to authenticate using Windows Hello after any reboot. I will be more than happy to assist on troubleshooting the issue and providing any needed data.

Posted

Hi @Rojma

Apologies for the delay in response. Enpass really appreciates your patience. Our team is continuosly working on the concern to get it fixed. Just to make sure your data is synced and saved, on your windows Enpass application, please create a manual backup first, then un-install the application. After that please reinstall the application and restore your data.

Will update this thread as soon as I get any further updates.

Posted

I use enpass on 3 computers, one with Infineon TMP-Module, one Surface 7 (Intel 10th Generation CPU TPM) and one with Intel 7th Generation CPU TPM. None of them provides this "full windows hello" support. This function seems to be a myth.

Posted

Same with my laptop. I have Windows Hello and TPM 2.0 and the latest version 6.7.2 of Enpass, but I also have to insert my Password after every restart. Why do you call it a brand new feature, if it doesn't work for most users? 

And btw I did a factory reset of my machine and installed Enpass completely fresh on it.

  • 3 weeks later...
Posted (edited)

Not sure what change was introduced in the latest version, according to the change log, the browser inline autofill was added.

However, the Windows Hello feature is finally working as it should have been on version 6.7.4 (934) on Windows 10. You will need to disable and re-enable Windows Hello authentication in the Enpass app to achieve this.

Hope this will not be reversed in the future updates.

Edited by Plexion
  • Like 3
Posted

I tried again to uninstall Enpass + the browser extension, restart laptop and then download Microsoft-Store-version and also after that .exe-file. Both the latest versions, and both have no support for Windows Hello. I have to manually insert my master password after every restart, after that Windows Hello works, but the website says, it's full Windows Hello support.

What else can I try or how could you help me?

I'm really disappointed because I knew it worked with a previous version...

  • 3 weeks later...
Posted

I can confirm that after upgrading to version 6.7.4 (934), and then disabling followed by reenabling Windows Hello in the EnPass app, that Windows Hello is now working as expected. After either completely exiting out of the app or after a reboot of the PC, EnPass allows me to continue to use Windows Hello without having to reenter the master password. Thank you for fixing this.

  • Like 1
Posted (edited)


I have noticed a new behaviour on my desktop PC. Full Windows Hello now works on the same PC on one user account and not on another. That means the missing functionality on the other account can not be hardware related.

Edited by Mathew
  • 2 months later...
Posted (edited)

@Anshu kumar@Abhishek Dewan the problem is not completely solved yet.

I was able to get Enpass + TPM working on a few laptops (Intel based), but it refuses to work on AMD fTPM.

It used to work a while back (~6 months ago). I had to reinstall Enpass at some point and was never able to get it working again (I am suspecting a regression here). I just did a fresh install of Windows 11, cleared TPM, ... and it is still not working

Windows 11 22000.527

Enpass 6.7.4 (934)

Get-TPM

TpmPresent                : True
TpmReady                  : True
TpmEnabled                : True
TpmActivated              : True
TpmOwned                  : True
RestartPending            : True
ManufacturerId            : 1095582720
ManufacturerIdTxt         : AMD
ManufacturerVersion       : 3.58.0.5
ManufacturerVersionFull20 : 3.58.0.5

ManagedAuthLevel          : Full
OwnerAuth                 :
OwnerClearDisabled        : False
AutoProvisioning          : Enabled
LockedOut                 : False
LockoutHealTime           : 2 hours
LockoutCount              : 0
LockoutMax                : 32
SelfTest                  : {}

Get-TpmSupportedFeature -FeatureList "Key Attestation"

key attestation

Get-TpmEndorsementKeyInfo -Hash "Sha256"

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            : 66ea35255c7311f1a7ac3c5b015526d70a3edba8bf9d658bb6a0d00982a536a7
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00030001, TPMModel=AMD, TPMManufacturer=id:414D4400

                           [Issuer]
                             CN=PRG-SSP, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering

                           [Serial Number]
                             075DDC8753AEEC2FFB9560A9485C3765

                           [Not Before]
                             7/22/2021 9:15:13 AM

                           [Not After]
                             7/22/2046 9:15:13 AM

                           [Thumbprint]
                             B1FB33A21E82F3C4CA1BCD3D1CA434C751C10B8F
                           }

 

image.thumb.png.50d7cd9ac7a3e37cd496627a40b68b8b.png

image.png.9149e667944f1eec4d822fb6b32d0459.png

Edited by FuN_KeY

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...