SSL-Enpass App is locking me out from my passwords.

[sbstnzmr]

My Enpass suddendly wants a new authentication. Since I need to have ZScaler running it is failing the SSL verification. However this should not be an issue. Why does anybody think that locking a user out of a local installation with a local vault is anything that should be possible? Password managers run on trust. A password manager that locks you out is as bad as an insecure one.

I bought the app some while ago. I can activate my the premium I got for buying it before the subscription model. Why would I ever need to re-activate a local installation? I really can't put it into words how dumb that is. The only way around it seems to be using a different software and telling everybod to stay away from Enpass since you cannot trust the App to continue to work.

By the way, the reason in the message for verification says I wasn't using the app for a while. Which is not true since I'm using it every working day.

I also contacted support, every day for a couple of days. No response.

[Abhishek Dewan]

Hi @sbstnzmr

We have received your query on support@enpass.io and have already responded to the same. To avoid duplication of efforts and confusion, we request you to please revert to the same. We appreciate your understanding in this case.

[sbstnzmr]

I'm still waiting for any helpful information though. You send an email telling me support is waiting for my response. There was no support email. You didn't include any information in the mail that reached me. You didn't respond to any of my replies telling you that I never got any supporting mail. I appreciate you understanding that this is not a decent support.

Additionally I think it would be benefitial for you to publicly state, why locking user our of their password manager is something you think is a good idea. I consider this immensly harmful behaviour of an app I should trust.

[Ivarson]

I agree with @sbstnzmr here.

It's one thing to utilize SSL pinning, but a completely different thing to force lockout with the 'local' architecture in mind.

At the very least there has to be an official, completely offline method for airgap-activating and maintaining licensing. Especially in the Enterprise-segment this is always an option.

The very same audience would most likely expect Enpass with its nature to have and honor a switch in Settings->Advanced that disables Enpass from initiating outbound network requests to public internet. Staying local with Enpass should be possible.

Edited November 20, 2023 by Ivarson

[sbstnzmr]

There is still no real update. There was some generic mail exchange like "did you try reinstalling the app". There is still no solution and the current resolution was "we will get back to you" which they didn't. There also is still no explanation why it's a feature that a locally installed and activated app has a session that can expire. I still can only use the free version of the app I payd for.

[sbstnzmr]

So how is it going with that promise @Abhishek Dewan:

Quote

Rest assured; we are doing our best to find a fix for the issue. Our Enpass Support Team will update you within the next 15 days.

Issue is still unresolved. I still got no explanation why this "feature" exists or when it will be solved. I'm still not able to use the software I paid for.

[Mohit Thapa]

Hey there, I have just messaged you. Please do check your direct messages (DM).

[sbstnzmr]

Are you serious? You send me a generic "pleas restart the app". We were past this month ago. This is no solution.

And still the most important question remains why is there a local session that can expire. I had a perfectly running and activated App.

The whole support here is more than just underwhelming. Nobody should ever trust this software with anything if that is your business practice.

[sbstnzmr]

To whom it may concern, there is still no reply. I don't even want a solution for the SSL problem. I just want an answer, why there is a session for a local vault that can expire.

Of course after that horrible support (and the support ghosting me) I moved on. I still advise everyone to stay far away from Enpass.

[Amandeep Kumar]

@sbstnzmr & @IvarsonI'd like to take this opportunity to inform you that our development team is already aware of this issue and was actively working on refining the pinning architecture. We have fixed this issue, and the solution will be included in the next update. Before the official release, we will also provide access to the beta version. Once it's available, I'll notify you here. We appreciate your patience in the meantime.
#SI-3465