Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

I would like to make a simple observation. To create or open a key file, the extension called ".keepasskey" is mandatory. In fact you cannot choose or create a different extension. For this reason it is very easy for an attacker to locate the enpass key file. For this reason, to keep it archived I have to rename it, and then when I need it I have to rename it again by adding the ".keepasskey" extension.
Wouldn't it be a good idea to be able to create and open the file without the extension?

  • Like 1
  • 4 weeks later...
  • 3 weeks later...
Posted

Enpass enables users to customize the file extension of their keyfile. Furthermore, when prompted to select a keyfile during app unlock, you may encounter a drop-down menu or file type option. You can choose "All Files" from this menu and then select a keyfile with any extension.

  • 4 months later...
Posted

That's a valid concern regarding the .keepasskey extension making key files easily identifiable. Allowing users to create and open key files without a fixed extension would certainly add an extra layer of security through obscurity.

A potential workaround could be an option in Enpass to allow users to manually select a key file, regardless of its extension, instead of enforcing .keepasskey. This way, users could rename the file as they wish without needing to revert it back every time they use it.

Have the developers considered implementing such flexibility? It would be a useful feature for users who want to better protect their key files from easy detection.

Posted

Hello

I have noticed that Enpass requires key files to have the .keepasskey extension, which makes them easily identifiable. This could be a security risk since an attacker who gains access to a system can quickly spot key files just by searching for this extension. While key files add an extra layer of security; their predictability in naming might make them a target.🙃

One workaround I use is renaming the key file to something else when storing it and then renaming it back when needed. However, this is inconvenient and could lead to accidental file loss or confusion. It would be much more secure and user-friendly if Enpass allowed selecting key files without enforcing a specific extension.🙃Checked https://support.enpass.io/home.htmAzure documentation guide for reference. 

Has anyone else thought about this? 🤔 Wouldn’t it be beneficial if Enpass provided an option to manually select any file as a key file, regardless of its extension?  I’d love to hear thoughts on whether this could be a useful feature to improve data security.

 

 

Thank you !🙂

Posted (edited)

I'm using Enpass on Windows 11 and it does not require a .enpasskey extension.  The dropdown for selecting the key file gives the default option of .enpasskey or All files (*).  I'm currently using a file with an extension that is not .enpasskey.

image.png.5e7e0181db2820e7e0c674168d373ebc.png

 

I do wish the dropdown would eliminate the .enpasskey extension and just have the All Files (*) option.

Edited by TN_Dude

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...