Hi Team,

I switched from Lastpass to Enpass because Enpass is the only app which supports Windows Hello authentication, however, there's a bug.

Each time the app is started, it asks for the Master Password even though I have enabled Windows Hello. If the authentication times out or if I minimise the app and go back to it, it asks for Hello credentials, but if the app is closed and opened again, it asks for the master password.

This is not optimal, as my master password is quite long and Windows Hello was the only reason I switched to Enpass.

 

 

 

it seems a Windows Hello behavior. I cannot see when this is triggering that because it works several hours but at some point, it re-asks the password (or when you restart of course the phone).

I am saying that because 1Password seems to have the same behaviour.

I thought so too, but Password10 works flawlessly in this regard.

The master password is triggered when the app starts from scratch, which is when the phone restarts, or the app is purged from memory.

 

Hey guys,

Currently Enpass does not support full time support for Windows Hello. Presently, unlocking Enpass with Windows Hello works like Enpass PIN i.e. Master password will be required once the App is closed. We are working on it but need some more time in security analysis of Master password behind Windows Hello.

Appreciate tremendous work you do on this application. It is for me also a REAL burden as the switch to Enpass and the fact that I paid 3 times (for 2 different iOS devices / account and Windows Phone / Windows) was because of this support of Windows Hello.

I am not sure about the real problem for the developer behind but this is a real hindrance. On the iPhone, it is only required when restarting the phone. On Windows Phone, it is required each time the logoff time in the settings occurs which is a maximum of 12h and it seems even then, it still required more often for whatever reasons...

Edited May 11, 20169 yr by JB Labelle
ask notification

Any status update ? Just tested the OneLocker app (https://www.microsoft.com/store/apps/9nblggh3t7g3 ) and this app supports the full Windows Hello feature meaning that when the app is closed completely, you can unlock the app with Windows Hello on your Lumia 950 or 950XL without the use of a master password.

For now I'll stick with Enpass, because I bought is 3 times (2x Windows Phone, 1x iOS) but I think it takes a long time to implement the full Windows Hello feature.

 

Hi @MRE,

Thanks for being an awesome customer of Enpass. We are doing our best to add as many features as we can but only after being sure about security of user's data i.e. No leaks and no backdoors are left for any bad guy to get access to your data. Now lets come to the point why we haven't added full-time Windows Hello support yet.

To unlock the Enpass keychain, we need master password and thats why you are always prompted to enter that, once the Enpass is exited or killed by OS. So our main fight is to store the master password with the OS in such a way that we can request it anytime after successful authentication of user. Here comes Microsoft Windows Hello into play. It uses TPM hardware (a secure cryptoprocessor) to securely generate and store encryption keys (this is exactly what we need to encrypt our master password). But the keys generated in TPM are asymmetric and for digital signatures, suitable for server/website logins and are not directly suitable for our purpose. The best thing about TPM keys is that they are exposed to requesting App only after successful authorization aided by biometrics. 

We are done with the development part and now doing the security assessment to be sure about protection of keys and understanding behavior of windows systems which don’t have a TPM hardware and use software emulation instead. 

So just bear with us and hopefully we will release it very soon. 

Hi Hemant Kunar,

Thanks for your reply. Of course I'll stick with Enpass but I was just wondering why it takes so long. Didn't know it is so complex and you are right, safety first.

 

On ‎02‎-‎06‎-‎2016 at 7:07 AM, Hemant Kumar said:

Hi @MRE,

Thanks for being an awesome customer of Enpass. We are doing our best to add as many features as we can but only after being sure about security of user's data i.e. No leaks and no backdoors are left for any bad guy to get access to your data. Now lets come to the point why we haven't added full-time Windows Hello support yet.

To unlock the Enpass keychain, we need master password and thats why you are always prompted to enter that, once the Enpass is exited or killed by OS. So our main fight is to store the master password with the OS in such a way that we can request it anytime after successful authentication of user. Here comes Microsoft Windows Hello into play. It uses TPM hardware (a secure cryptoprocessor) to securely generate and store encryption keys (this is exactly what we need to encrypt our master password). But the keys generated in TPM are asymmetric and for digital signatures, suitable for server/website logins and are not directly suitable for our purpose. The best thing about TPM keys is that they are exposed to requesting App only after successful authorization aided by biometrics. 

We are done with the development part and now doing the security assessment to be sure about protection of keys and understanding behavior of windows systems which don’t have a TPM hardware and use software emulation instead. 

So just bear with us and hopefully we will release it very soon. 

Thanks for the detailed technical explanation, good to know this is being worked upon.

Unfortunately, in this case it is more of a security issue not implementing this because I have chosen to use a short master password, since it is a huge pain typing in the full password every time. I am sure many others have done this, too.

Looking forward to full Windows Hello support, soon.

 

 

 

Hello @Ronit

We understand the ease in using Windows Hello to unlock Enpass and are done with the development. Soon we will be rolling out the Beta version for our Beta program subscribers. To get your hands on it, please join here and we will push the update to you through Package Flight as soon as it becomes available.

Cheers!