Skip to content
View in the app

A better way to browse. Learn more.
Enpass Discussion Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
We’re on Reddit now, Come and join us there!!

Stephen

Members

  • Joined

  • Last visited

View Profile Find content

Everything posted by Stephen

  1. Auto-fill Identity with Chrome Browser Extension not working (prospective user)

    Stephen replied to Stephen's topic in Autofilling and Desktop Browser Extensions
    Hi @Tahreem, Thanks for responding. I should have been more explicit as to what I was doing. I am indeed double-clicking on the identities in the browser extension menu and it wasn't working. I just determined that the identities imported from Lastpass had First Name and Last Name field labels imported like so: First Name, Last Name (capital N) Apparently, the field label matching is case-sensitive in Enpass instead of fuzzy matching. I'm assuming this because once I opened the edit for the identity and filled the default Enpass fields: "First name" and "Last name" without N capitalized, I was able to fill the fields with labels matching "First name" and "Last name". I tested the hidden field phishing example at https://anttiviljami.github.io/browser-autofill-phishing/ and it looks like Enpass is also vulnerable to this identity fill exploit as the hidden fields are filled. This is a critical risk for people who have their Social Security numbers filled in their Enpass identities. I'm going to pass on purchasing Enpass unless/until this issue is addressed.

  2. Auto-fill Identity with Chrome Browser Extension not working (prospective user)

    Stephen posted a topic in Autofilling and Desktop Browser Extensions
    Hi Enpass Staff, I'm dissatisfied with Lastpass Premium and am considering Enpass as an alternative. I'm currently trialing Enpass to see if the feature set is comparable and worth the transition. I have the Windows 10 (Build 1903 64-bit) Desktop app, the Chrome extension (on Version 79.0.3945.88 (Official Build) (64-bit)) and now the Android app. As per the discussion here it appears that auto-fill for saved identities has been implemented. One of the primary reasons I'm transitioning away from Lastpass is the extremely poor customer service I received while reporting a phishing vulnerability. I want to ensure Enpass is not vulnerable to the same "hidden field" auto-fill vulnerability that Lastpass (and Chrome) are. I attempted to test to see if this is the case on the Github page of the developer who discovered it: https://anttiviljami.github.io/browser-autofill-phishing/ But I can't seem to get the identity to auto-fill from the Chrome extension. To test whether it was that specific form that could not be filled, I went to a basic HTML form on w3schools to see if I could auto-fill the fields using the saved Identity - and it doesn't appear that I am able to. Am I missing something? As per the article, auto-fill for identity was implemented in 2016, but based on my experience thus far that doesn't seem to actually be the case.

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.