Jump to content
Enpass Discussion Forum

Master password only every x days instead of Windows Hello?


eno
 Share

Recommended Posts

Hey there,

I use a fingerprint reader on Windows to unlock Enpass via Windows Hello, and it would be lovely if there was an option to only use the master password every x days instead of on every re-start of Enpass. Is that an option to consider?

 

Best

Eno

Link to comment
Share on other sites

Posted (edited)
On 3/22/2021 at 12:15 PM, Garima Singh said:

Hey @eno

Thanks for sharing this valuable suggestion. The same has been noted and shared with the team for further consideration. Keep suggesting!

Funny enough, on my second computer I am never asked for the master password, latest version of Enpass as well, and the text in the app for Windows Hello settings states I could use Windows Hello to unlock Enpass at any time. Why is that different on my other computer? Any ideas?

To make it clearer: Computer 1 requires me to type in my master password each time I (re-)start Enpass. Computer 2 lets me unlock Enpass with my fingerprint each time, and never asks for my master password.

Edited by eno
Link to comment
Share on other sites

Hi @eno,

Sorry for the misunderstanding.

Now I can see that you want to always unlock Enpass using Windows Hello on both devices. But it seems like that your second device does not support full-time Windows Hello. Please refer to this FAQ to check the requirements to use full-time Windows Hello.

Hope this helps!

 

Link to comment
Share on other sites

3 hours ago, Pratyush Sharma said:

Hi @eno,

Sorry for the misunderstanding.

Now I can see that you want to always unlock Enpass using Windows Hello on both devices. But it seems like that your second device does not support full-time Windows Hello. Please refer to this FAQ to check the requirements to use full-time Windows Hello.

Hope this helps!

 

Hi @Pratyush Sharma,

thanks for getting back! On my one device with 'full' Windows Hello unlock I do have an inbuilt fingerprint reader. On my other computers I use a USB fingerprint reader. I can use all three for normal Windows Hello operation (i.e. unlocking my computer etc.), but only the inbuilt one to unlock Enpass at any time. Do you mean that the USB fingerprint readers don't support 'full' Windows Hello as a standard, so you can't do anything about it? Or is it rather a decision from your side not to be able to unlock with the 'half' version?

Link to comment
Share on other sites

Hey @eno

To determine whether the device should support Full-time Windows Hello (feature is only available with Enpass Store version), Enpass relies on the API provided by the Microsoft in this link.

This is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case.
Although for external TPM is available in the market we cannot ensure that they will support the given API.

Thanks for your co-operation.

Link to comment
Share on other sites

  • 4 weeks later...
Posted (edited)
On 4/5/2021 at 12:50 PM, Garima Singh said:

Hey @eno

To determine whether the device should support Full-time Windows Hello (feature is only available with Enpass Store version), Enpass relies on the API provided by the Microsoft in this link.

This is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case.
Although for external TPM is available in the market we cannot ensure that they will support the given API.

Thanks for your co-operation.

Hey @Garima Singh, I finally got around to getting myself a TPM 2.0 for my computer. There is a TPM socket on my mainboard, and the TPM I bought is also from the same manufacturer as the mainboard. In TPM management I can also see it is working and enabled as a TPM 2.0. I even re-added my fingerprints to Windows Hello. I also re-installed Enpass (Microsoft Store version) in case it needed it for recognising the TPM.

Unfortunately, Enpass still requires the master password after every app restart (and says so in the settings). Is there anything I would need to do to enable TPM usage for Enpass?

 

Edited by eno
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...