Anonym Potato Posted April 10, 2019 Report Posted April 10, 2019 Hello, I am relatively new to Enpass, I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure? This means that the Masterpassword is stored locally on the flash memory. This and the fact, that there have never been an security audit for iOS really worries me. Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit. 1
Guest Vikram Dabas Posted April 11, 2019 Report Posted April 11, 2019 Hi @Anonym Potato Providing security to user's data is the primary objective here at Enpass and we have already addressed these type of concerns here in our Enpass Security Whitepaper and Security page. Please read the details and let me know if you still have any doubt left.
Anonym Potato Posted June 28, 2019 Author Report Posted June 28, 2019 The Security Whitepaper says: „Enpass stores an obfuscated version of your master password in iOS Keychain that can only be accessed by Enpass“ I don‘t understand why the masterkey needs to be stored on the flash memory. Even if this protects the key against other apps. It don‘t protects the key from being physically retrieved. I don‘t get why this risk is even necessary. Why can we not get the same security like 1Password users, by simply entering the key on every startup.
Anonym Potato Posted June 28, 2019 Author Report Posted June 28, 2019 Articles like this: https://resources.infosecinstitute.com/ios-application-security-part-12-dumping-keychain-data/#gref describe how to extract this data. The fact that you refuse an security audit for ios and that master keys are physically stored, make me really nervous.
abhibeckert Posted August 12, 2019 Report Posted August 12, 2019 Ultimately, Enpass stores all of your passwords on the device. Therefore if you don't trust the device, you shouldn't install Enpass on it at all. The iOS keychain is designed to store things privately. Yes there are ways to dump the keychian, but especially if your device isn't jail broken and you have a strong password to lock the phone the Keychain is very secure. Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords.
Fabian1 Posted September 16, 2019 Report Posted September 16, 2019 On 4/11/2019 at 9:01 AM, Vikram Dabas said: Please read the details and let me know if you still have any doubt left. The doubt left is: There is still no audit of you iOS and MacOS App... ...we are waiting 3 years now!
Fabian1 Posted September 16, 2019 Report Posted September 16, 2019 On 8/12/2019 at 3:42 AM, abhibeckert said: Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords. 1Password will delete the masterpassword. there is a timeout. even, if you turn off your phone, you have enter the masterpassword again. why this is a problem for enpass?
Anonym Potato Posted September 17, 2019 Author Report Posted September 17, 2019 Retaining the master password in memory, like on desktops??? My whole problem is, that the password is stored permanent on the Flash memory. If you turn off your phone, the master password can still be recovered. All the other password managers do it like this. Why does Enpass thinks, the user is unable to enter the master password on device restart? I would even say, that this makes it much more probable to forget your password, if you never have to retype it.
abhibeckert Posted September 18, 2019 Report Posted September 18, 2019 (edited) On 9/17/2019 at 7:01 AM, Fabian1 said: 1Password will delete the masterpassword. there is a timeout. even, if you turn off your phone, you have enter the masterpassword again. why this is a problem for enpass? I use 1Password and Enpass. They both store your master password in the keychain and 1Password definitely doesn't require entering it after a restart. Both 1Password and Enpass allow you to configure a timeout. The shortest timeout in 1Password is an hour - they store it in your keychain on flash memory exactly the same as Enpass (and probably for longer than an hour). If your passwords are sensitive enough for keychain's security model to be unacceptable then they shouldn't be stored in *any* password manager. Switch to something simple like a plain text file encrypted with AES for those specific passwords. If you want to be worried about anything, you should worry about browser plugins creating a significant attack surface. That's far more likely to result in a compromise than Apple's keychain database. Edited September 18, 2019 by abhibeckert
Anonym Potato Posted September 18, 2019 Author Report Posted September 18, 2019 I just tried... when I restart the device, 1Password asks to reenter the master password. Whats the difference?
Fabian1 Posted September 19, 2019 Report Posted September 19, 2019 The same goes for me. 1Password requires the master password after restarting the iPhone. The biologic unlock is not possible. With Enpass the Unlock is possible directly after the restart by fingerprint. That's not good and incomprehensible. Turning off the phone should always be a kind of a emergency stop. For example, many people turn off their phones at the border. With a switched off phone, a potential attacker has all the time in the world to think about how to crack it. Hackers have already demonstrated, that it is possible to take the fingerprint of a person from a coffee cup, make a copy an trick the iphone. Dear Enpass Team, please change. There is no reason that PIN and fingerprint remain even after a reboot. In addition, we would like to be able to set a timeout after which the master password is also retrieved. What exactly is so difficult about that? 1
Vinod Kumar Posted September 19, 2019 Report Posted September 19, 2019 Hi all, Very important discussion going on here. We had this feature once in Enpass as a mandatory setting and we remove it after backlash from users (convenience wins over security). Meanwhile, I have prioritize this feature request and it will be available as an advance option just like 1password. Cheers:) 2 1
Fabian1 Posted September 24, 2019 Report Posted September 24, 2019 another desirable change would be: the use of PIN and Biometric Unlock at the same time. That makes sense in the two-factor security philosophy: PIN - something you know. Finger or face - something you have. Biometric features alone are not safe, because unlocking can be done against the will of the user. For example, a border official would only have hold the iPhone in front of your face to unlock. And fingerprints are often stored on the border anyway. The combination of PIN and Biometric Unlock would also make very short PINs possible, maybe only two or three digits. That would be very comfortable. And ih would be very safe, because someone who looked over the shoulder while unlocking, could not do anything with it, because he lacks the biometric part.
Vincent91 Posted December 1, 2019 Report Posted December 1, 2019 +1. Master password must not be stored on non-volatile memory. Be it obfuscated or not.
kb_ahir Posted October 2, 2021 Report Posted October 2, 2021 On 8/12/2019 at 7:12 AM, abhibeckert said: Ultimately, Enpass stores all of your passwords on the device. Therefore if you don't trust the device, you shouldn't install Enpass on it at all. The iOS keychain is designed to store things privately. omegle website Yes there are ways to dump the keychian, but especially if your device isn't jail broken and you have a strong password to lock the phone the Keychain is very secure. omegle tv Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords. The doubt left is: There is still no audit of you iOS and MacOS App... ...we are waiting 5 years now!
John Doe Posted October 3, 2021 Report Posted October 3, 2021 @vinod - i hope you don’t bring back what these folks are asking here.. i for one am happy with the biometric login post restart and absolutely hate 1password for forcing me to enter master password each time.. it is ok if you want to go and add this as an advanced option setting for these folks, but please do not make it mandatory. I like the way it is right now 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now