Fingerprint & PIN

I really like enpass so much!

But there is a fundamental security problem with the biometric unlock.  face-id and fingerprint are not safe. you can hold someone's device in front of his face.  or you press his finger on the device.  We also leave fingerprints everywhere.  They are even stored in many ID cards.  

this is a fundamental problem to unlock smartphones in this way and not a probem of enpass itself. 

but enpass should be more secure. its a pitty, that you need only seconds to overcoming the biometric unlock and all passwords are open!

Enpass could become much safer with two very simple changes:

1. PIN & Biometric unlock at the same time.  Please change the Enpass app so that the PIN and the biometric unlock are possible at the same time.  Then a very short PIN could provide much more security.  I would use a three-digit PIN and set the number of failed attempts to 1.  After a single wrong entry, the master password must be entered.  An attacker who overcomes the biometric unlock would thus only have a 1: 1000 chance.  At the same time, the use of enpass remains very comfortable.

 2. We urgently need a time-out for the biometric unlock.  As in the desktop version, after a certain time (1 day) or when the device was restarted, the master password should always be queried.  So it does 1Password - why not Enpass?  It prevents attackers, who has captured the device from having all the time in the world to overcome the biometric unlock. 

Please implement this very simple features. You can set it by default to „only biometric unlock“ (without a pin at the same time) and set the biometric unlock timeout to „never“. So there will be no less comfort for people, that dont need higher security.

kind regards

Fabian