Benoit63 Posted April 10, 2021 Report Posted April 10, 2021 Hello, I have a suggestion for Enpass. Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password? Thinks
Garima Singh Posted April 12, 2021 Report Posted April 12, 2021 Hey @Benoit63 We have noted your suggestion to unlock Enpass app on Windows and Linux device using the mobile or apple watch and shared it with the team. Thanks for showing your interest in this feature. Keep suggesting!
Breizh22 Posted April 14, 2021 Report Posted April 14, 2021 Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password? Thinks +1 1
PESER Posted April 18, 2021 Report Posted April 18, 2021 On 4/10/2021 at 9:34 AM, Benoit63 said: Hello, I have a suggestion for Enpass. Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password? Thinks I am pretty sure its not something enpass can implement without apps actually implementing that feature in the login themselves.
Solomon Posted April 18, 2021 Report Posted April 18, 2021 50 minutes ago, PESER said: I am pretty sure its not something enpass can implement without apps actually implementing that feature in the login themselves. I don't believe they're talking about unlocking desktop applications with Enpass. To hopefully clarify, I believe they're asking to be able to unlock the desktop version of Enpass with the mobile version. An example flow: * Open desktop enpass * Open mobile enpass * unlock mobile enpass with biometrics * mobile enpass then prompts to unlock desktop enpass This is certainly do-able, but is not exactly trivial and is full of major potential security vulnerabilities. The big issues: * The two versions would have to find eachother in some way, this means likely setting up a whole network discovery system, just to identify that both are on the network. * This can create privacy concerns as the applications are now advertising themselves over the network * When unlocking this way, this requires sending the encryption key over the network between the devices. There's no way to avoid this as the desktop does not have a safe place to store the encryption key like the phone does. There's a lot of possibilities for this method to be used to compromise the encryption of your password database (it will a lot of work and oversight to maintain this function securely).
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now