Now Enpass 5.0 is there on every supported desktop platform with browser extensions. But unlike MAC and Windows, Linux version has an exception on the grounds of browser validation. Yes it is related to security but don’t afraid folks as this doesn’t mean that using Enpass on Linux is insecure and compromises on security anywhere. If so, we wouldn’t have released that.
What is the issue with Browser Extensions in Linux?
Since extensions are the plugins installed in the browser and are capable to request the confidential information from the Main Enpass App after validation by Master password, it becomes necessary to be sure that the whole working environment is clean and certified. The first thing comes here is to validate the extension itself and we do this by checking the unique identifier of our extension.
Now the second most important thing is to validate the browser from which our extension is working. We need to verify if the browser is genuine and not contaminated. By word genuine we mean that it is trustworthy and is true-copy by provider itself like Mozilla and Chrome. This validation is done by checking the code signatures of the browser. Enpass on MAC and Windows uses code signature verification APIs to validate the browser’s code signature but unfortunately code-signing itself is not available on Linux (Due to open nature of Linux). We fell short here in validating the authenticity of browser. The same message is prompted to user when he enables the Enpass browser extensions on Linux.
So what should you do?
You have to be sure that the browser you are using is authentic and downloaded from the legitimate sources (like provider website or distro repository itself) and thats what the code signature verification does in Windows and MAC. Also try to avoid unnecessary and non-validated extensions in your main browser. Rest everything is secure and feel free to use it.