Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

Hello,

I have a suggestion for Enpass.

Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password?

Thinks

Posted

Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password?

Thinks

 

+1 :D

  • Like 1
Posted
On 4/10/2021 at 9:34 AM, Benoit63 said:

Hello,

I have a suggestion for Enpass.

Would it be possible to implement an unlocking function with the mobile application and apple watch for windows, linux without having to type in your master password?

Thinks

I am pretty sure its not something enpass can implement without apps actually implementing that feature in the login themselves.

Posted
50 minutes ago, PESER said:

I am pretty sure its not something enpass can implement without apps actually implementing that feature in the login themselves.

I don't believe they're talking about unlocking desktop applications with Enpass.

To hopefully clarify, I believe they're asking to be able to unlock the desktop version of Enpass with the mobile version.

An example flow:

* Open desktop enpass
* Open mobile enpass
* unlock mobile enpass with biometrics
* mobile enpass then prompts to unlock desktop enpass

This is certainly do-able, but is not exactly trivial and is full of major potential security vulnerabilities.

The big issues:

* The two versions would have to find eachother in some way, this means likely setting up a whole network discovery system, just to identify that both are on the network.
* This can create privacy concerns as the applications are now advertising themselves over the network
* When unlocking this way, this requires sending the encryption key over the network between the devices. There's no way to avoid this as the desktop does not have a safe place to store the encryption key like the phone does. There's a lot of possibilities for this method to be used to compromise the encryption of your password database (it will a lot of work and oversight to maintain this function securely).

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...