markwayne

Hello I have noticed that Enpass requires key files to have the .keepasskey extension, which makes them easily identifiable. This could be a security risk since an attacker who gains access to a system can quickly spot key files just by searching for this extension. While key files add an extra layer of security; their predictability in naming might make them a target.🙃 One workaround I use is renaming the key file to something else when storing it and then renaming it back when needed. However, this is inconvenient and could lead to accidental file loss or confusion. It would be much more secure and user-friendly if Enpass allowed selecting key files without enforcing a specific extension.🙃Checked https://support.enpass.io/home.htmAzure documentation guide for reference. Has anyone else thought about this? 🤔 Wouldn’t it be beneficial if Enpass provided an option to manually select any file as a key file, regardless of its extension? I’d love to hear thoughts on whether this could be a useful feature to improve data security. Thank you !🙂

That's a valid concern regarding the .keepasskey extension making key files easily identifiable. Allowing users to create and open key files without a fixed extension would certainly add an extra layer of security through obscurity. A potential workaround could be an option in Enpass to allow users to manually select a key file, regardless of its extension, instead of enforcing .keepasskey. This way, users could rename the file as they wish without needing to revert it back every time they use it. Have the developers considered implementing such flexibility? It would be a useful feature for users who want to better protect their key files from easy detection.