Jump to content

Recommended Posts

Hello, I am relatively new to Enpass,

I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure?
This means that the Masterpassword is stored locally on the flash memory.

This and the fact, that there have never been an security audit for iOS really worries me.

Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit.

Share this post


Link to post
Share on other sites

The Security Whitepaper says: „Enpass stores an obfuscated version of your master password in iOS Keychain that can only be accessed by Enpass“

I don‘t understand why the masterkey needs to be stored on the flash memory. Even if this protects the key against other apps. It don‘t protects the key from being physically retrieved.

I don‘t get why this risk is even necessary. Why can we not get the same security like 1Password users, by simply entering the key on every startup.

Share this post


Link to post
Share on other sites

Ultimately, Enpass stores all of your passwords on the device. Therefore if you don't trust the device, you shouldn't install Enpass on it at all.

The iOS keychain is designed to store things privately. Yes there are ways to dump the keychian, but especially if your device isn't jail broken and you have a strong password to lock the phone the Keychain is very secure.

Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords.

Share this post


Link to post
Share on other sites
On 4/11/2019 at 9:01 AM, Vikram Dabas said:

Please read the details and let me know if you still have any doubt left.

The doubt left is: There is still no audit of you iOS and MacOS App...

...we are waiting 3 years now!

Share this post


Link to post
Share on other sites
On 8/12/2019 at 3:42 AM, abhibeckert said:

Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords.

1Password will delete the masterpassword. there is a timeout. even, if you turn off your phone, you have enter the masterpassword again. why this is a problem for enpass? 

Share this post


Link to post
Share on other sites

Retaining the master password in memory, like on desktops???

My whole problem is, that the password is stored permanent on the Flash memory. If you turn off your phone, the master password can still be recovered.

All the other password managers do it like this. Why does Enpass thinks, the user is unable to enter the master password on device restart? I would even say, that this makes it much more probable to forget your password, if you never have to retype it.

Share this post


Link to post
Share on other sites
On 9/17/2019 at 7:01 AM, Fabian1 said:

1Password will delete the masterpassword. there is a timeout. even, if you turn off your phone, you have enter the masterpassword again. why this is a problem for enpass? 

I use 1Password and Enpass. They both store your master password in the keychain and 1Password definitely doesn't require entering it after a restart.

Both 1Password and Enpass allow you to configure a timeout. The shortest timeout in 1Password is an hour - they store it in your keychain on flash memory exactly the same as Enpass (and probably for longer than an hour).

If your passwords are sensitive enough for keychain's security model to be unacceptable then they shouldn't be stored in *any* password manager. Switch to something simple like a plain text file encrypted with AES for those specific passwords. If you want to be worried about anything, you should worry about browser plugins creating a significant attack surface. That's far more likely to result in a compromise than Apple's keychain database.

Edited by abhibeckert

Share this post


Link to post
Share on other sites

The same goes for me. 1Password requires the master password after restarting the iPhone. The biologic unlock is not possible. With Enpass the Unlock is possible directly after the restart by fingerprint. That's not good and incomprehensible.

Turning off the phone should always be a kind of a emergency stop. For example, many people turn off their phones at the border.

With a switched off phone, a potential attacker has all the time in the world to think about how to crack it. Hackers have already demonstrated, that it is possible to take the fingerprint of a person from a coffee cup, make a copy an trick the iphone.

Dear Enpass Team, please change. There is no reason that PIN and fingerprint remain even after a reboot. In addition, we would like to be able to set a timeout after which the master password is also retrieved.

What exactly is so difficult about that?

  • Like 1

Share this post


Link to post
Share on other sites

Hi all,

Very important discussion going on here. We had this feature once in Enpass as a mandatory setting and we remove it after backlash from users (convenience wins over security:(). Meanwhile, I have prioritize this feature request and it will be available as an advance option just like 1password.

Cheers:)

  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites

another desirable change would be:  the use of PIN and Biometric Unlock at the same time.

That makes sense in the two-factor security philosophy: PIN - something you know.  Finger or face - something you have.

Biometric features alone are not safe, because unlocking can be done against the will of the user.  For example, a border official would only have hold the iPhone in front of your face to unlock.  And fingerprints are often stored on the border anyway.  The combination of PIN and Biometric Unlock would also make very short PINs possible, maybe only two or three digits. That would be very comfortable. And ih would be very safe, because someone who looked over the shoulder while unlocking, could not do anything with it, because he lacks the biometric part. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...