Jump to content

Recommended Posts

Hello, I am relatively new to Enpass,

I noticed, that after reboot, I can use the PIN to access my fault. How can this be secure?
This means that the Masterpassword is stored locally on the flash memory.

This and the fact, that there have never been an security audit for iOS really worries me.

Can someone explain to me, how this might possibly secure? I have a feeling, that the reason, why there is no security audit is, that they know, that there is no way there application passes the audit.

Share this post


Link to post
Share on other sites

The Security Whitepaper says: „Enpass stores an obfuscated version of your master password in iOS Keychain that can only be accessed by Enpass“

I don‘t understand why the masterkey needs to be stored on the flash memory. Even if this protects the key against other apps. It don‘t protects the key from being physically retrieved.

I don‘t get why this risk is even necessary. Why can we not get the same security like 1Password users, by simply entering the key on every startup.

Share this post


Link to post
Share on other sites

Ultimately, Enpass stores all of your passwords on the device. Therefore if you don't trust the device, you shouldn't install Enpass on it at all.

The iOS keychain is designed to store things privately. Yes there are ways to dump the keychian, but especially if your device isn't jail broken and you have a strong password to lock the phone the Keychain is very secure.

Also there really is no alternative other than to make the user type the master password every time they need to auto-fill a password or do a background sync operation - and the entire point of Enpass is to let users avoid typing passwords.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...