Hello,

Since mid august windows 11 or browser updates (edge, chrome and brave), I became unable to use enpass (from windows 11 store) to store new passkeys. I simply no longer have the option.
Several sites are trying to enforce passkeys but I don't thing storing passkeys in the OS is safe at all so this is urgent for me. any idea when this will be fixed ? 
Also, is the desktop version better suited to windows 11 or all the same as store version ?

Note: Browsers seems to have implemented the new WebAuthN spec version 3 for passkeys despite some FIDO2 libraries being still beta and incomplete, for exemple fido2 for .net is beta 13 and missing field authenticationMethod on one of their model....
Thanks.  

Edited August 27, 20241 yr by julichan
Clarity

Actually I tried the windows beta desktop version and I have the same problem.

I tested more and figured out that it works on github but not amazon. I made a server using fido2-net-lib and tried with various settings such as removing authenticator conditions black list, fiddling with settings on authenticator attachment, existing credentials and other authenticator selection criteria but ended up failing to make enpass work with it. After looking around, I figured out that Enpass is not even registered in the MDS3 trusted FIDO2 authenticator list. Is it going to be part of it in the next batch on first september ? 

I've reported this issue to the Enpass technical team. They are currently investigating it, and I will reach out to you with updates as soon as I receive them. 

#SI-3977

To help resolve this issue, please ensure that Manage Passkeys is enabled:

1. Right-click on the Enpass extension in your browser.
2. Select Settings.
3. Verify that the Manage Passkeys option is enabled.
   
   

 

If issue still persist, please provide the following details for further investigation:

1. The URL of the website where you're experiencing the issue.
2. Whether the passkey for this website is already saved in Enpass.

Hello,

I tried again as requested. Manage passkeys was and is enabled in the plugin. It somehow works again where it did not work before.
However now, on amazon.fr, enpass stays stuck at signing in. Check the attachment. All i can do is close the enpass window or it might eventually show some kind of timeout error.

Additionally, I did not get an answer to my previous questions:
- I made tests using the official FIDO2 library for aspnet servers (both the webauthn3 release and webauthn4 beta13) (https://github.com/passwordless-lib/fido2-net-lib) and it seems that no matter the options set, Enpass doesn't react on that official library. Is there any special setting i should be aware of to make it work? (I tried both platform and cross-platform, several authenticator options and even none, ect...)

Also Enpass is not registered as a official FIDO2 trusted passkey manager. Please try to check yourself that enpass is officially not trusted: https://opotonniee.github.io/fido-mds-explorer/. You missed 1st september rolls, now we have to wait another month. will enpass get registered as an official FIDO2 trusted passkey manager and when?

Thanks

Edited September 9, 20241 yr by julichan

Just an extra question, does enpass block non-https passkeys ? or perhaps localhost domain passkeys ?

Alright got answers on my own.

First of all, enpass doesn't support fido2 yet. The communication says it supports passkeys but that's true only for older versions meaning as 2FA (something like fido u2f) and not passwordless.

Fido2 is only supported by bitwarden and 1password apps currently. Apparently logmeonce as well. I'm going to test those.

I am also interested, if and when FIDO2 will be supported. Is this on the roadmap of Enpass?

Hi @Amandeep Kumar

Do you have any updates on FIDO2-support in Enpass?

Many thanks!

You will be pleased to know that FIDO2 support is already part of our development roadmap and will be implemented in future versions of Enpass. I’ve also shared your comment with our dedicated development team as additional feedback.

Hi @Amandeep Kumar

Over 1 year has passed since your last message; do you have an update for us?

Many thanks!

The feature request is under review by our technical team. While we don't have an ETA, we will update you once we have more information.

Thank you for your continued patience.