Anonym Potato Posted April 4, 2019 Report Share Posted April 4, 2019 Hello, I want to buy Enpass Premium, to be able to have multiple faults. My Question is, is it possible, not to store the password of the secondary vault in the primary vault? I don't need any auto unlock features. Entering the password every time, is perfectly fine. This page indicates this is default: "When you create multiple vaults, the passwords of other vaults are stored securely in the Primary vault and are removed when you delete the vault. That’s why when you unlock Enpass, all the vaults get unlocked automatically." - https://www.enpass.io/docs/manual-desktop/vault.html#vaults-in-enpass Can this be changed? I need different faults for work and private. I don't want any auto-unlock features or stored passwords for my work-data. Link to comment Share on other sites More sharing options...
Anonym Potato Posted April 4, 2019 Author Report Share Posted April 4, 2019 For the moment it would be enough if multiple passwords would be only possible on the phone (iOS). One the computer I don't have to manage multiple faults (separated personal and work pc) Link to comment Share on other sites More sharing options...
xarekate Posted April 5, 2019 Report Share Posted April 5, 2019 AFAIK by default you have to confirm if you’d like to store the password items of your secondary vaults in your main vault. But for now the Master Password unlocks all the other vaults, too. Link to comment Share on other sites More sharing options...
Anonym Potato Posted April 5, 2019 Author Report Share Posted April 5, 2019 But. why. Is this not an extremely dumb and insecure behaviour? Link to comment Share on other sites More sharing options...
xarekate Posted April 5, 2019 Report Share Posted April 5, 2019 I don't know, maybe because of the comfort reasons. But you're right that there should be at least an option to prevent the automatically unlock process of all the other vaults with the main Master Password. Link to comment Share on other sites More sharing options...
Anonym Potato Posted April 5, 2019 Author Report Share Posted April 5, 2019 (edited) This is so bad, because secondary faults would be ideal to store crypto seeds. Client information... so information that is extremely critical. When its key is stored in the primary vault, this means, it can be accessed with PIN or Touch-ID. Witch is not secure (and in a lot of cases, infringe compliance rules like ISO-norms and GDPR) Edited April 5, 2019 by Anonym Potato Link to comment Share on other sites More sharing options...
100 Watt Walrus Posted April 5, 2019 Report Share Posted April 5, 2019 I can see how unlocking each vault separately might be appealing to some, but while it's technically more secure, practically speaking if you've unlocked Enpass, you've proven you're you, so why not have access to everything? Having said that, I agree it should be a choice. 1 Link to comment Share on other sites More sharing options...
Anonym Potato Posted April 5, 2019 Author Report Share Posted April 5, 2019 Because this adds an single point of failure. If the primary password is leaked, everything is leaked. Because there is information with different kind of security levels, this is essential. An other problem is, that in my company the use of PIN-codes and Biometric authentication like Touch-ID, is against the compliance we ensure customers. Also it is unsure if this is compliant with GDPR (because encryption keys are insufficient secured), which might result in fines up to 10.000.000 EUR (about 11.000.000 USD). It is the same Problem with 1Password. I don't get why this is still a thing. At the moment I am simply using multiple password managers. I hoped to be able to store everything in the same place. This features should not be so difficult to implement! Why is this no problem for everyone? 1 Link to comment Share on other sites More sharing options...
Anonym Potato Posted April 5, 2019 Author Report Share Posted April 5, 2019 Ok. I just bought the App vor MacOS and iOS. I hope Sinew will fix this soon. Until then, I will have to continue paying for 1Password. Why not add an feature like this as en add-on? I am sure there are a lot of people filling to pay 5€ to get more security. It is really sad, because this might be such an ideal way to get away from this multiple password manager work around. Link to comment Share on other sites More sharing options...
atommat Posted May 5, 2019 Report Share Posted May 5, 2019 I totally agree with AP, i would like to see Enpass include an option to manually open vaults one at a time without auto opening everything as a default My main use case here is that i have one vault which i regard as being mission critical and the other that i simply use for everyday use (i even have one i use for general notes). The mission critical vault contains banking and sensitive ID information and the other is less critical and is used more for convenience. Furthmore, the financial stuff contains links and paswords to access quite a lot of money. I have the password to this vault commited to memory and it is lengthy. In the worst case scenario someone could easily use my fingerprint under force to acess this information while it is accessible by the master password/fingerprint. I simply do not like opening the whole lot all the time, it makes me uneasy. I may even have to rethink my secure storage if this isnt resolved. Sorry Enpass, youve got a good (ish) user interface going on here but there is a massive security assumption that youve got completely wrong. mat Link to comment Share on other sites More sharing options...
atommat Posted May 5, 2019 Report Share Posted May 5, 2019 I have found a workaround for this scenario mentioned above. Enpass, youre not going to like this though. The only way to not have the master password opening the secondary vault is to simply delete the secondary vault when not in use then when i need it, resync it. This is THE ONLY way that full security can be achived in enpass because in order to open the secondary vault : 1. i would need to enter the master passrd first 2. Then, enter the cloud storage password to access the DB 3. Then, i would need to unlock the secondary vault with the super strong password So you see, the only way i can use Enpass securely is to not use it at all!!! Come on people, surely you can see the madness in this? mat 1 Link to comment Share on other sites More sharing options...
Anonym Potato Posted May 5, 2019 Author Report Share Posted May 5, 2019 I just moved to MiniKeePass. This app is a bit outdated, but because of a working security model still a much more secure alternative. It is really sad, but Enpass give no f** about security. Still no security audit for iOS, master keys stored on the flash memory, secondary keys stored in primary database. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now