Jump to content
Enpass Discussion Forum

A suggestion about the master password for the pc version


Recommended Posts

Hi, I am a Premium lifetime user of Enpass and it is my favorite password management software.

Currently with the pc version, I need to re-enter the master password every time I restart the OS to open Enpass, while the Android version can always use fingerprint/PIN for authentication, so why should I adopt different authentication strategies on different platforms? What is the basis of this consideration?
Because my master password is very complicated and the process of entering it after each reboot is very painful, which greatly reduces my frequency of using Enpass.
Could the choice be left to the user to decide whether to use Windows Hello/PIN or Master Password for authentication or for example, perform master password verification once a month in case the user forgets the master password? and of course, the master password method should be the default configuration for Enpass, which I think would have minimal impact on security since it's my personal computer and no one but me can No one but me can use it.

Edited by APremiumUser
Link to comment
Share on other sites

Hi @APremiumUser

We are glad to hear that you like using Enpass; thanks for all the support!

Enpass does support Full-Time Windows Hello, even when you restart your device. Whether the full-time Window Hello will work on any device totally depends on the Windows itself.

To determine the compatibility of the device to support Full-time Windows Hello (feature is only available with Enpass Store version), Enpass relies on this API provided by the Microsoft . It is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case. Although for external TPM is available in the market we cannot ensure that they will support the given API.

If your system supports Full-time Hello unlock, you will see a similar message under Windows Hello -

image.thumb.png.641783c6187da04431be2651d937995e.png

Link to comment
Share on other sites

Posted (edited)

Hi@Abhishek Dewan

Version: Windows 11, Enpass 6.8.2 Microsoft Store

Here is the information output by Powershell:

PS C:\Users\admin> Get-Tpm


TpmPresent                : True
TpmReady                  : True
TpmEnabled                : True
TpmActivated              : True
TpmOwned                  : True
RestartPending            : True
ManufacturerId            : 1095582720
ManufacturerIdTxt         : AMD
ManufacturerVersion       : 3.78.0.5
ManufacturerVersionFull20 : 3.78.0.5

ManagedAuthLevel          : Full
OwnerAuth                 : ODB0oAtImuny5CVbEM0to3VzLD8=
OwnerClearDisabled        : False
AutoProvisioning          : Enabled
LockedOut                 : False
LockoutHealTime           : 10 minutes
LockoutCount              : 0
LockoutMax                : 31
SelfTest                  : {}

PS C:\Users\admin> Get-TpmSupportedFeature -FeatureList "Key Attestation"
key attestation
PS C:\Users\admin> Get-TpmEndorsementKeyInfo -Hash "Sha256"


IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            : 59631a7712bfb43bd98218ae736faa37f0b75d9c419b601a87ad65c0c6b65263
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00030001, TPMModel=AMD, TPMManufacturer=id:414D4400

                           [Issuer]
                             CN=PRG-RN, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering

                           [Serial Number]
                             2828F6629733A979112A30D5B94BA1B3

                           [Not Before]
                             2021/2/17 15:35:34

                           [Not After]
                             2046/2/17 15:35:34

                           [Thumbprint]
                             022E2EFA0F6A7A0C115C5BDE3C82828B4A664CF8
                           }

PS C:\Users\admin> Get-TpmEndorsementKeyInfo


IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            :
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00030001, TPMModel=AMD, TPMManufacturer=id:414D4400

                           [Issuer]
                             CN=PRG-RN, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering

                           [Serial Number]
                             2828F6629733A979112A30D5B94BA1B3

                           [Not Before]
                             2021/2/17 15:35:34

                           [Not After]
                             2046/2/17 15:35:34

                           [Thumbprint]
                             022E2EFA0F6A7A0C115C5BDE3C82828B4A664CF8
                           }

The following is the information output by WindowsAttestationTest_1.0.0.0:

14:28:22.1934474 HelloSupported::True
14:28:22.2034499 KCM::OpenStatus::NotFound
14:28:22.2034499 KCM::OpenFailed::RequestingCreate.
14:28:27.1052372 KeyRetrievalStatus::Success
14:28:27.1242397 GetAttestationStatus::NotSupported

Edited by APremiumUser
Link to comment
Share on other sites

Hi @APremiumUser

We are still investigating this concern as to why this issue is occurring in order to get to the root of it. I will not be able to share any ETA at the moment but rest assured, I'm personally following up on this case for you and will notify you in case of any updates on this matter. Enpass appreciates your co-operation and patience while we look into it for you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...