Jump to content
Enpass Discussion Forum

Recommended Posts

here's an idéa.

You've taken steps so that Enpass is now relying on your servers for licensechecking, fetching favico and probably something more.

At the sametime we're in a pandemic where it's difficult for people to maintain security and integrity for some tasks. This includes sharing sensitve stuff like logins and passwords.

For a mature organisation, there's probably less need for this internally since there's SAML, AD, AAD and other means, and of course if everyone has Enpass, you can share encrypted cards securely over email as long as you can get the PSK over in a secure manner.

I do think that Enpass doesn't hit the above scenarios, so many users would appreciate a secure manner to sent creds

But for those cases where you're communicating with an external member, or someone that doesn't have enpass, maybe you could implement a web-service that stores a chosen Item of Enpass making it possible for someone to retrieve it if they have a password provided through another channel.

The item uploaded to, say, https://secret.enpass.io is of course end-to-end encrypted so there's a zero knowledge architecture here aswell.

Upon visiting the link and providing the right password the items details are shown in the browser, and perhaps there's an "Import to Enpass" as well, although that's something overrated perhaps, it can be achieved through sending an enpasscard over email (unless it's blocked)

The uploaded item is hardcoded to be temporary stored on your services, being deleted after first access of the provided link that the poster gets, or after 24 hours or something.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...