Enpass is a secure password manager that allows users to protect multiple accounts across various devices with robust unique passwords. Enpass is available for most platforms. However, the free version is more restrictive on mobile than it is on desktop (where users can protect an unlimited number of accounts free of charge). In this review, we will thoroughly test the password manager to see how it compares to competing services on the market.
Enpass permits users to protect multiple accounts and services with strong unique passwords that are stored locally on an encrypted database. Users can access those passwords with just one single master key. This permits users to remember just one tricky password in order to protect an unlimited number of accounts.
Enpass is available on a freemium basis, which is fantastic for consumers who want a password manager that they don’t need to pay for initially, but which has premium features that can be purchased as and when necessary. However, it is a closed source password manager that runs on proprietary software; which may put some privacy-conscious users off.
As is always the case, closed source software cannot be audited by a third party - meaning that you must trust that the firms provide the privacy and security they claim. This is far from ideal, and on the whole, it is always better to trust a password manager that has published its code and has been verified by third-party auditors.
Enpass is available for Windows, Mac OS, Linux, iOS, and Android. It is worth noting that Linux support is rare, which makes this password manager interesting for Linux users. Users can use Enpass for free on all your desktops. However, on mobile, it is necessary to pay a one-time fee of $11.99 for each platform. Anybody that plans to use this password manager across various platforms will need to invest some money to make it compatible across all their devices.
Enpass is also available as an extension for Firefox, Chrome, Safari, Edge, Opera, and Vivaldi.
Downloads are available for all platforms on the Enpass website. This makes the password manager extremely easy to set up. We downloaded the Windows client and the Chrome extension to test them both out. It is worth noting that the Chrome extension will only work if you already have the standalone desktop client also installed.
Having agreed to the EULA with the software’s developer Sinew Software Systems Private Limited, the software installs in just a few minutes. Following this, you are ready to launch the software and can go ahead and set up a master password.
Users are reminded that they must store their master password securely and are recommended to make a note of it because if they lose it they will not be able to access any of their passwords. This is because, like all the best password managers, the firm does not store people’s master password on its servers and can not provide the password or reset the account if it gets lost.
With the Windows Enpass client now set up, you can go ahead and set up the Chrome extension. Launching the Chrome extension automatically pairs with the Enpass client and provides a code for synchronizing the two clients.
With both components of the password manager now setup, you are ready to start inputting your passwords into the manager so that it will auto-fill passwords as soon as you arrive on those websites and services.
Enpass allows people to automatically generate passwords between 1 and 10 words long. The service also lets users opt for upper and lower case characters, random symbols, and provides various options for placing random characters or hyphens between each word.
As with many other password managers, Enpass comes with a huge range of features for protecting information and logins within its encrypted database. The primary features are as follows:
- Protect unlimited accounts for free on any desktop machine
- Sync the password manager with browsers using extensions
- Identity feature for saving address and other data
- Easy to use categories menu for saving data and passwords
- Auto lock feature to ensure the client is never left open and unprotected
- PIN feature for quick unlock when the password manager is already logged in using the master password
- Password audit feature to ensure an account or password has not been pwned.
- Sync feature for passing passwords across various devices securely
- Auto-backups feature to ensure data is always securely stored to the encrypted database
- Password generator for automatically created strong passwords
- Autofill for easy logging into online accounts
Although most Enpass features are available for free, there are some premium features that users will need to pay to use. A one-time fee of $11.99 per desktop platform will allow users to access those extra features.
On Android and iOS, users will need to pay a one-time fee of $11.99 to use the password manager to protect any more than 20 accounts. If 20 passwords are enough for you, you can use the mobile freemium version without concerns. It is worth noting that these are off payments, which means that once you have paid, you can use the software to protect your accounts indefinitely; no recurring payments and no hidden costs.
Ease of Use
Enpass is perfect for people who want to ensure all their passwords are stored locally, meaning that there is never any need to trust Enpass to store your passwords on its servers. Getting Enpass downloaded is simple and getting it set up to work with your browser via the extension is extremely easy.
Because Enpass does not store your passwords or master password on its servers, it is essential that you choose a master password that you will never forget. Failure to remember your password could mean that you are completely locked out of all your passwords.
With the master password setup, you can either enter your passwords manually - or simply go about using your online accounts and services - allowing Enpass to save the passwords as you go along.
If a password has been used before on another account, Enpass will let you know so that you can update the password or auto-generate a strong password from within Enpass.
We found using Enpass stress-free and the extensions we tried (Firefox and Chrome) worked seamlessly. For those who want to, it is possible to put Enpass on a USB stick in order to transport it across various different machines. This is a useful feature and means that you can always access your passwords even if you are using somebody else’s machine or a library computer, for example.
One a password has been saved you can access it from in the password manager:
We managed to get the service synched up to an iPad and Android device without any problems. We used Google Drive and icloud to sync up, however, users have plenty of options including Microsoft OneDrive, Dropbox, Box, or using the open source WebDAV protocol. Unlike some password managers, it is not possible to sync over Wi-Fi so you will need to transmit the data via the internet.
It is worth noting that if you decide to use iCloud to sync your passwords, you will need to make sure you download the Enpass app from the Mac app store.
Another feature that we enjoyed with Enpass is the ability to import passwords from another password manager such as Keepass, Dashlane,etc (there are many options). This allows users to quickly get it set up with all their existing passwords. We would also recommend setting up the auto lock feature so that it kicks in as soon as possible:
Overall, we found Enpass easy to use and we particularly enjoyed the categories in the menu system; which allow you to easily group data to autofill online forms. The client provides over 50 customized templates, which allow you to save everything from hotel booking details, addresses, passport details, or your driver's license within the securely encrypted database.
We particularly enjoyed the mobile apps which seem a bit contemporary than their desktop counterparts, and while they have no extra features to speak of they are more of a pleasure to use. What’s more, you can set both the iOS and Android versions up to authenticate using your device’s fingerprint scanner for added ease of use.
Privacy and security
Enpass users do not need to subscribe to the service by providing an email or any personal data. This is because the software works entirely client-side without any need for data to be processed or stored by Enpass.
Of course, if you decide to pay for premium features - or for the full mobile version - you will need to provide payment details, which means that the firm will get some information from you.
It is also worth noting that the firm does perform some onsite tracking using Google Analytics, which likely means that it is collecting user IP addresses when they visit the site and download the software.
Where the password manager itself is concerned, the software encrypts all passwords (and other data inputted into the software) using strong 256-bit AES encryption using the peer-reviewed and open-source encryption engine SQLCipher. Those passwords are only stored locally and are never uploaded to Enpass servers.
For authentication, the master password produces a cryptographic key using PBKDF2- HMAC-SHA512 password hashing for PHP with 100,000 rounds of random salt. This is a secure cryptography that ensures advanced protection from brute force and side channel attacks.
Users also have the option to download a vault key that is produced by their master password. The desktop version of Enpass is able to 64-bit random keys on behalf of the user. That vault key can be used as a secondary form of authentication, meaning that if the master password is compromised (guessed, brute-forced, etc) it is also necessary to have the vault key file. Like the Master Password, it is impossible to recover the vault key file from Enpass.
The fact that the user retains full control over their master password (and vault key) means that even if someone does gain access to the data files, they will never be able to unencrypt the passwords without the user’s master password.
However, it is worth noting that if you sync your passwords across devices using a third-party service such as drive or Dropbox, your passwords are also stored there. This should be secure because they are end to end encrypted. For anybody who is concerned about this, the option is there to use the vault key file (which to be secure should never be shared via the same method that you sync the password).
Enpass also includes an auto-lock feature. Which ensures that the master password is always needed each time the password manager is used. This ensures that if the user is away from their device, they do not leave the program open and available for accessing passwords.
MacBook Pro users can set up Enpass to authenticate using their fingerprint scanner. The same is true of both iOS and Android users who can use the fingerprint scanner on their device.
Enpass provides users with a whitepaper on its website that explains how the password manager works and details the level of protection that their files and passwords get when stored. A blog section also provides useful information and guides for using the service, which is great for users who just need a pointer here and there.
Clicking support on the website will bring users to a forum where they can ask the community of users for help. People ask plenty of questions in this forum and answers often stretch into many hundreds and even thousands of responses. This is a testament to its active user base.
For anybody that wants to communicate directly with Enpass, it will be necessary to sign up for an account with an email address. With this done it is possible to log in and start sending messages to support staff. This is a nice extra for those that want it. However, it is worth noting that we had to wait quite a while for a response.
Enpass is an excellent and affordable password manager that stores all of your passwords locally. This ensures that your passwords never travel anywhere unless you have to sync them via Dropbox or another service. For anybody who wants an easy-to-use password manager, this is an excellent option that we can strongly recommend on both mobile or desktop.
At a cost of $11.99 per device for anybody who needs to store more than 20 passwords, the service can be considered good value for money. After all, you could get it up and running on three different devices for just $36 - and that is a one-off payment with no hidden fees.
However, because there are free open source password managers on the market, you do have the option to get a similar service for nothing if you prefer. We think Enpass is a good option for anybody who isn’t that techy. The features are set out intuitively and because it sticks to doing what it does best (managing passwords) there is very little to learn.
Finally, if the closed source nature of Enpass is a problem for you, you could opt for Bitwarden - another easy-to-use password manager that is open source. However, the software does store all your passwords locally, and we see no real reason not to trust it. On the other hand, you do have to trust that it isn't doing something nefarious and you rightly may prefer not to.