Jump to content
Enpass Discussion Forum

Safer Enpass


Maurizio1313

Recommended Posts

Hello, I am using Enpass with a password and the keyfile, every time I have to enter Enpass I must have the password together with the keyfile, but I have a doubt, it would not be more secure if the keyfile was used only the first time it is installed Enpass? If I have a virus on my computer, it manages to find out the password but does not know the keyfile so enpass cannot be installed on another computer.

Link to comment
Share on other sites

On 3/22/2022 at 11:38 PM, Maurizio1313 said:

Hello, I am using Enpass with a password and the keyfile, every time I have to enter Enpass I must have the password together with the keyfile, but I have a doubt, it would not be more secure if the keyfile was used only the first time it is installed Enpass? If I have a virus on my computer, it manages to find out the password but does not know the keyfile so enpass cannot be installed on another computer.

The keyfile is part of the encryption and decryption of the primary vault, hence it needs to be present all the time. Worth to mention that any additional vault using a keyfile will save that password AND key file in the primary vault. 

Also, a virus that's gotten foothold in your box means your pretty much toast anyway, but to make it a bit harder you should read my post here 

 

Just make sure you still store the key file safely as it will still be needed, it just doesn't need to lay around.. 

  • Like 1
Link to comment
Share on other sites

Depends on your personal circumstances and preferences, but you won't have to input your password nor have the keyfile persistently available which reduces the risk for keyloggers or exfiltration of the keyfile. 

But your computer still needs to be secured of course, and while the tpm guarded password would be tied to your one computer, keeping it physically secured and prevent people from looking over the shoulder becomes more important as a simple 6 digit code could log you on to the computer and also access Enpass. 

Enpass themselves wouldn't "recommend" it, I assume this is because they can't guarantee the functionality for Hello since it's a windows function, Enpass merely uses it. But if your password and keyfile are safely stored you should be fine. But I would recommend that you occasionally try to unlock with password +keyfile to ensure function. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...