Enpass App is locking me out from my passwords.

[sbstnzmr]

My Enpass suddendly wants a new authentication. Since I need to have ZScaler running it is failing the SSL verification. However this should not be an issue. Why does anybody think that locking a user out of a local installation with a local vault is anything that should be possible? Password managers run on trust. A password manager that locks you out is as bad as an insecure one.

I bought the app some while ago. I can activate my the premium I got for buying it before the subscription model. Why would I ever need to re-activate a local installation? I really can't put it into words how dumb that is. The only way around it seems to be using a different software and telling everybod to stay away from Enpass since you cannot trust the App to continue to work.

By the way, the reason in the message for verification says I wasn't using the app for a while. Which is not true since I'm using it every working day.

I also contacted support, every day for a couple of days. No response.

[Abhishek Dewan]

Hi @sbstnzmr

We have received your query on support@enpass.io and have already responded to the same. To avoid duplication of efforts and confusion, we request you to please revert to the same. We appreciate your understanding in this case.

[sbstnzmr]

I'm still waiting for any helpful information though. You send an email telling me support is waiting for my response. There was no support email. You didn't include any information in the mail that reached me. You didn't respond to any of my replies telling you that I never got any supporting mail. I appreciate you understanding that this is not a decent support.

Additionally I think it would be benefitial for you to publicly state, why locking user our of their password manager is something you think is a good idea. I consider this immensly harmful behaviour of an app I should trust.

[Ivarson]

I agree with @sbstnzmr here.

It's one thing to utilize SSL pinning, but a completely different thing to force lockout with the 'local' architecture in mind.

At the very least there has to be an official, completely offline method for airgap-activating and maintaining licensing. Especially in the Enterprise-segment this is always an option.

The very same audience would most likely expect Enpass with its nature to have and honor a switch in Settings->Advanced that disables Enpass from initiating outbound network requests to public internet. Staying local with Enpass should be possible.

Edited November 20 by Ivarson