![]() ![]() But ENPASS is making those risks far worse than they need to be, and far worse than they are simply with the other PIN approach, it's crazy. Of course, having fingerprint access is a user's choice and if they make that choice they need to know the risks involved. being forced to open the database with your fingerprint. an inconsistent methodology of security so users cannot expect the same level of security. My concern is not a brute force attack or someone trying to add a new fingerprint. There is no reason it should work EXACTLY the same way with the finger print. If you force close the app or reboot the phone, you don't get a chance to enter your PIN first, you MUST enter your Master Password. If the PIN is wrong EVEN ONCE, it forces you to use the Master Password. This is exactly what you do with the PIN method. ONLY AFTER that has happened, should Fingerprint support be available. ALWAYS ALWAYS ALWAYS require the typed Master Password for the initial load of the database (after the phone boots up, or after the app is opened from being force closed, whatever). On the other hand, if we delete the encrypted master password entirely on fingerprint authentication error (which sometimes happens with genuine users also for various reasons), it will lead to enable fingerprint support again from the Enpass settings and hence user inconvenience without any gain in Kumar I am certainly not one of your programmers, but from a logic point of view, it's very clear to me what the solution is. Even if someone knows your device code and tries to add a new fingerprint, Android will invalidate the Enpass fingerprint key immediately and master password will be asked next time. In other words brute-forcing by Fingerprint is almost impossible. Nobody can enter inside Enpass without your fingerprint. ![]() Unlocking by fingerprint is securely implemented in android OS and OS itself restricts a users after n number of bad tries. Moreover, you can set Enpass to be automatically locked after a specified time interval, as well as clear all the data stored in the clipboard after as little as 30 seconds.Īll in all, Enpass is a straightforward utility that is bound to be appreciated by those who like to have all their online info at hand, especially since they can import credentials from numerous third-party services.Firstly let me assure you this is not a security bug. You get to specify the password’s length, as well as the type of characters that should be used (symbols, uppercase or lowercase letters). ![]() Regardless of the type of entry you want to set up, Enpass offers you the possibility to either enter your own custom passkey or generate a brand new one. Generate strong passwords and automatically clear clipboard If you choose to create new records that will be stored locally, you need to first select a master password, then choose the type of entry you want to add (credit card, finance, software licenses, online logins, passwords, secure notes or travel info).ĭepending on the type of record you are interested in, Enpass provides you with multiple templates that you can choose from, all meant to simplify the entire process as much as possible. Store passwords for a wide range of accounts On the downside, the only way to export your data is to TXT, meaning that all the info is left completely unprotected, so you should use this function as rarely as possible. It should also be mentioned that you can import data from several supported Mac applications, such as RoboForm, KeePassX, eWallet, mSecure, Moxier Wallet or SafeWallet.Īnother strong point of Enpass is that its clients can be run on all major mobile platforms, namely iOS, Windows Phone, Android and Blackberry. When running Enpass for the first time, you get the possibility to choose whether you want to create new local records or if you prefer to simply restore data from your Dropbox or OneDrive accounts.Īdditionally, you can also import information from other famous password managers, such as Handy Safe, KeePass, LastPass, Password Safe, DataVault, RoboForm, SplashID or SPB Wallet. A lot of users prefer online shopping to the traditional one, as well as making financial transactions right from their PC, instead of visiting a bank whenever they want to manage the contents of their account.Įnpass is one of the numerous applications that you can rely on to keep all your online credentials stored in a single place, safely protected by the password you select. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |