Enpass has posted an update for the Windows 10 version of its popular password manager. It includes full-time Windows Hello support for Surface Pro 4 and Surface Book devices.
Enpass explains what's been updated in a blog post:
We introduced full-time support for Windows Hello with the version 5.1 for Windows 10 Mobile devices with TPM chip, like the Lumia 950 and Lumia 950XL. With the latest update, we've brought the same functionality to your Surface devices.Now, with Enpass for Windows, you don't need to enter the master password to unlock the app – even when the app or the device is restarted. Just enable Windows Hello from the settings, and enjoy the seamless peeking, pretty much like you log in to Windows itself.
Well, we know, we took a while to bring this feature to your Surface devices. Although, it should've been right there from the start, but we preferred to do it in a secure way taking care of these security hurdles rather than to do a quick job and hinder your experience. Note that the full-time Windows Hello support is only available for devices having TPM chip, essentially, Surface Book and Surface Pro 4 for now.
The update also includes secondary tile support, which means Windows 10 users can put Enpass tiles to their Start screen for any frequently used items so they can get to them much faster. The new version also allows users to re-order the fields in an item any way they want.
There are also some minor improvements, such as a new password strength indicator on the app's Detail screen. Windows 10 Mobile users can now open web URLs from the clipboard in the Enpass browser and several new search engines, including Bing, have also been added to the browser as well
Download Enpass from the Windows Store
Reader comments
Enpass update adds full-time Windows Hello support for Surface Pro 4 and Surface Book
Love their support!!!
Nice. Enpass rocks
This investment continues to be more and more beneficial. I absolutely love this service!
This app is really great. The only annoying thing about using Windows Hello to unlock the app is that you are also enabling unlocking the app with your device PIN.
SO if somebody finds out what your PIN for Windows 10 is (Mobile or PC), they don't need any more than that to then get into all your passwords - When the Hello Prompt pops up they can just click on the "More Choices" link and type in the devices PIN.
You should be able to have a very long PIN when you use Hello as the main method to login, but I bet a lot of people still have a really crappy PIN.
It would be good if MS allowed a way for them to require either specifically using Hello OR Master Password, right now they can't get around the fact that your PIN allows the same access as your Iris/Face/Fingerprint when it comes to signing into the password manager.
I still use the app and love it, it's jsut an observation that people need to be aware of if they have a weak PIN. Safest way to use Enpass is to always type in the Master Password
Agree, I do not like how MS makes it so you have to use a Pin with Windows Hello, would rather it default to master password.
All MS would need to do as well would be to give the app developer the choice of ONLY allowing specific methods to be used in that prompt.
The prompts purpose is actually just to re-identify that you are the owner of the device - It would be great to have a bit more control over this as a developer.
After all, the master password is the responsibility of Enpass, so all MS need to do is give the option to restrict that prompt to biometric credentials only. Everything else under the hood could actually remain as it is, the trouble is the "More Choices" link.
If they let us restrict that prompt from a dev perspective it would be up to the developer to handle what the backup is when Hello doesn't recognise you (In this case, the fall back is to ask the user to enter the master password)
Hopefully more Hello APIs will become available over time.
I'm not sure I folow your logic. A PIN and a Password are just as meaningless if someone learns the code to put in. The difference between the PIN and the Password though is that the PIN is locked to a single device, where the password is good on all your W10 devices. The PIN is also good for a certain amount of attempts (5 I think) so it's not going to be compromised for any kind of a brute force attack, unless you're terrible at choosing PIN's, which would likely mean you're terrible a passwords too.
Look at it this way, if I revealed my PIN to you somehow and you also had my device you could use the PIN to get into my PC, you could then start Enpass and choose "More Choices" and enter that same PIN and have instant access to my password vault.
If I did not have Windows Hello enabled in Enpass and the same thing happened, you could still get into the PC with the PIN, but you could not get into Enpass unless you had the master password.
Enabling Windows Hello means you can use either my biometrics or my PIN to unlock the app - If Windows Hello is not enabled in Enpass then you MUST know the master password
It's of course not a huge deal, but really just pointing out how the way we can use Hello as developers right now does have some small flaws. 99.99999% of the time somebody is unlikely to get both your PIN and your device and I totally agree and get how a PIN is specific to the device and is really actually more secure than a password, I'm talking about the specific scenarios above.
Yes it's unlikely to happen, but I just mean it could and MS could give us more options as developers on how we can use Windows Hello to verify the presence of the actual owner.
I do use Enpass and I do have Hello enabled for it on my devices that support it, so by all means I'm saying even with the above in mind it is secure enough for me personally but there's a tiny tiny trade off for the convenience
Not free??
The trial can store and sync up to 20 passwords, which is plenty for you to decide if the app is worth buying.
It is worth buying, and developers do deserve to get paid for their work. Not everything can be free just because it runs on a mobile phone
3 things I always pay for are security/anti-virus programs, password managers, & VPNs. These are too important to trust to freebies. That said the free trial of Enpass is worth trying. I use Enpass (paid version tho)
I got it free last year via myappfree.... It's a very secure app
Awesome!! Keep up the good work Enpass!
Very happy to see some developers who sync perfectly with the vision of msft. Windows 10 + UWP + Surface devices rocks!
Is there any Edge extension planned or on the way?
Search our site, we covered that a few times.
They have a beta extension, BUT are leaving it in beta until the full APIs are there for the UWP app. Right now, extensions for chrome/firefox only work when you have the desktop application open. I'm hoping this will be resolved asap and so far support is looking good, so hopefully just a matter of time.
My Dell Inspiron 13 also has a TPM chip.
I like Enpass a lot. I like that there isn't a service fee, but rather a one time payment for the app itself. I love that they are FULLY supporting Windows 10/Mobile. Because of this I try to encourage others even outside of Windows to use Enpass.
Yeah the beauty of Enpass is actually that it isn't a service at all. It's a standalone app in essence which is much more preferable than something like LastPass IMO - Not even from a cost perspective but from a security and control perspective
Nice, It's an update I have been waiting for.
Well, it now brings Full-time hello to my SP3 with fingerprint type cover, too. I think devices started shipping with TPM chips 5-6 years ago, so basically any Hello compatible device should be able go use this.
Unfortunately we don't have full announced functionality: "you don't need to enter the master password to unlock the app – even when the app or the device is restarted"
As I can see now? I have to enter master password on each app restart. And sometimes manually click on Windows Hello button.
Do you have same behavior?
Enpass is good, however...
Why, when you're using Windows hello, do you need to then hit "ok" to unlock the app after it recognizes you?
I already authenticated myself, let me in! Even worse, if you don't hit "ok" fast enough, it goes back to looking for you and Windows Hello will no longer work. This really needs to be fixed.
I don't like the fact I have to hit "ok" after to unlock it after it already recognizes my eyes. This is the same gripe I have with the OneDrive app also.
This is a MS thing, before the result of the dialog is returned to the app you can't do anything - MS would need to make it so that it automatically returns to the calling app with the result.
yeah it would be nice if they change it to make it a bit faster when unlocking, but it's just a minor annoyance for now.
I'm waiting patiently for the Edge Extension to be available. That's the only reason not to fully use Enpass.
I just bumped up my rating to 5 stars in the Windows Store review.