Password Manager Discussion.

.
Damn.. I didnt see that. I'll have another go later.
Thank you

 

Visual Studio. How much?

 

I see you like to edit your posts. EVERYTHING under the 'Windows' folder was added since I've installed Enpass x 3 machines.

 

At least it deletes easy enough.

 

Hmm, so that's why all those files. Who knew. Thanks

 

Yeah, 2FA is essential for me. Where does it say they've removed sync across devices? I can still use the mobile apps in free version, and notice no difference in passwords.

 

https://www.enpass.io/kb/does-enpass-support-two-factor-authentication-2fa/

 

I haven't tried Enpass yet but agree that it looks good at first glance. However, I don't see compelling advantages over Keepass. As far as I understand, Enpass is not open source while Keepass is - which is, IMO, particularly important for this type of security software as it's much easier to check if it contains critical security flaws. For Keepass sync is also possible via, e.g., Dropbox if you want that.

Above all, Keepass works for me with auto-type without the need of a browser extension. Remember that a couple of serious flaws had been detected in the Lastpass browser extension. This confirms that an extension increases the attack surface on principle. Not needing an extension is more secure, IMO.

 

I tried and like it. Bitwarden is an open source what is great plus. Freemium has 2FA, nice browser extension for desktop Chrome. My android has too old OS for their browser, so I go on using Lastpass.

 

I could have sworn that I read they had removed it from the free version, but apparently I was wrong. Near the bottom of this page it says the free version will sync between smartphone and PC:

https://lastpass.com/features/

 

Krusty said: ↑
Have you tried this?

Tools > Settings > Browser > uncheck Verify Browsers.

That allowed me to use Enpass in Cyberfox.

........................................................................
Well I just tried again with the setting unchecked but autofill doesn't seem to work in palemoon .I cant even see an easy way to manual fill in other than just copy and pasting.Clicking the login box once or twice doesn't work.Its a shame they don't use an enpass browser like on android for logins.

 

https://www.enpass.io/apps/windows/

 

#469

 

Yes, I know that SQLCipher is open source. But in my understanding Enpass on the whole is not open source, hence nobody can tell if their implementation has flaws or not. Please correct me if I'm wrong.

And regarding the extension thing: Here's Wladimir Palant's blog post on the problems with the LastPass extension. His conclusion:

I believe that these problems are fixed now. And I don't know if the Enpass extension is questionable security-wise or not. My point was: It's preferable, IMO, to avoid possible problems beforehand by not using such an extension at all. With Keepass I don't need any.

 

How are you getting your passwords from Keepass to the webpage login fields?

 

http://keepass.info/help/base/autotype.html
I'm using a Global Auto-Type Hot Key.

 

I googled and found the same info in their blog. But I can't find it now. Maybe they removed it. It must be some outdated page.

 

Nice I may check into this one as well. Less than 24 hours into Enpass and it is not bad. I guess my only gripe would be lack of auto-fill in web browsers and having to install an app on my pc.

EDIT: I do however like the auto-fill much better on the Android app vs. Lastpass.

 

Hmm 10 bucks huh? Have you tried it Krusty?

 

One major difference with Enpass is that it doesn't connect to a server. Enpass is local although you can have it sync as mentioned earlier.

Nup. I only need a password manager on my Windows machines.

 

Gotcha.

 

Also, you don't have to install or use the extensions with Endpass if you don't want to. You can copy / paste your login details from the installed program.

 

Indeed! Been using it a little bit more today. Getting more used to it and liking it so far. I may give Bitwarden a spin as well however.

 

Yeah, Enpass has really grown on me too. I'm used to double clicking on the extension now.

I won't worry with any others unless I find a reason not to use Enpass. Their support hasn't replied to my email yet, probably because it's a weekend. Will see how that goes, although I finally got it to auto-start on all machines now anyway.

Looks like I'm stuck with Norton ID Safe in Edge for now but I hardly use Edge much anyway.

I was pleasantly surprised to see that Enpass was automatically added to HMP.A's protection.

 

This doesn't impair the importance of a proper implementation of that security-critical code. Besides, the Lastpass vulnerabilities mentioned in my previous were not related to Lastpass connecting to its server but to vulnerabilties in the add-on itself which could be misused, e.g., by an XSS vulnerability on specific websites which could result in your passwords being stolen.

Note that I'm not trying to badmouth Enpass. I simply do not see advantages over Keepass which are:

• Keepass has been available for many years as open source software.
• Keepass has successfully gone through (at least) one security audit.
• Its usage is rather comfortable without the need of a browser extension. Note that the target window need not be a browser but can also be any other application where you have to input, e.g., a password.
• It's extendable with many plugins.

However, if I'm missing any advantages of Enpass feel free to convince me.