Skip to content
View in the app

A better way to browse. Learn more.
Enpass Discussion Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
We’re on Reddit now, Come and join us there!!

Passwordstate password manager breach

electrolund
in Data Security

Featured Replies

Hey Enpass devs!  I just read about a breach with a manager called "Passwordstate".  Apparently their third-party upgrade mechanism injected malware into the update and now thousands of users had their passwords and other info stolen directly out of their managers.  Talk about a nightmare scenario!  

  • What does the Enpass updater mechanism look like? 
  • Is that maintained by Enpass alone?
  • How secure is the updater scheme?

Thanks!  My family are all committed Enpass users (multiple screens & PCs).

Hi @electrolund,

I can understand the worry of our users after this incident. I would like to provide some explanation about delivery channels and tools we use:

We have our own system to notify updates and distribution  apart from standard app stores. All Enpass builds are automated and scanned against virustotal service to eliminate human error.

App stores:
Most of the Enpass installations happens through Various App stores (Apple store for macOS and iOS, Windows store and Google Play store), that does not require any third party installer. Updates are also handled by corresponding App stores.


Distributed via our website:
All the download happens through our own servers only and over https. In-built updater in Enpass for macOS and Windows, check for integrity after downloading an update.
1. macOS installer is built using standard pkg tools provided by apple.
2. Windows installer is built using latest version of widely known Open source wix tools.
3. Linux packages are distributed from our own signed apt and yum repositories.

Let me know if you have other queries.

Cheers:)

  • 3 weeks later...

Hi @Vinod Kumar

Couldn't there be a "flightmode" or something in Enpass? 

Or would such feature have to small audience? 

Supplychain-attacks aren't going away and with more and more builtin connectivity the risks for such inevitably increases. 

I'm thinking that would shut most outbound requests off. 

Disclaimers of less functionality, the need for manual update-checks, no favicons etc. 

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.