Coming clean right off the bat: I’m not a fan of using password management software, for both convenience and security reasons. I keep a few passwords close to heart, I don’t let Chrome remember most of my passwords because I don’t want that information available, and mostly I keep the actual password management aspect of things to myself. Mind you, I’ve used password managers before some years ago when I believed in having a different password for every account I used, but due to their complexity to me at the time, they soured me somewhat on the whole concept. Before starting this assignment, I decided to grab Enpass and try it out before reviewing it. After signing up on their site, you receive an email with links to both their desktop application and browser extension.
A note of mild irritation – the browser extension isn’t standalone and requires the desktop version to run.
Fortunately, installing the application and running the first-time setup isn’t a problem. After taking a moment to set a “master password” that is used to guard your various account information, you’re ready to start inputting passwords and account details into Enpass. Of particular note is that the master password is an encryption key – it isn’t stored locally or in the cloud, so if you forget it, there’s no way to access your data. Enpass can also automatically pick up passwords whenever you’re signing into websites, providing a popup that asks you to fill in a master password before choosing to save the information within the application. Overall, it functions fairly cleanly. The popups can be annoying at times, but you only have to worry about them once – after they’ve popped up once for each of your sites, you’re set. Enpass also supports most desktop OSes, including Windows, Linux and Mac, as well as mobile platforms such as iOS, Android, Windows Phone and Blackberry. The iOS version also happens to support TouchID for added convenience. Before we begin, though, let’s take a moment to talk about how it works.
How it Works
All program data is encrypted behind a “master password” that you set during initial setup. The program itself doesn’t know what your master password is and neither does a cloud server if you choose to Sync your program data. The master password is an encryption key, and the program encrypts its data using the AES-256 protocol. The only way for your master password to be discovered is if you tell someone, someone sees you type it in, or there is a malicious keylogger in your system. Once you’ve set up the program, it has various active features in order to prevent people from getting into your data. The program locks itself automatically after being idle for one minute, requiring a re-entry of your master password to be used. For more on this and other active security features, take a look below.
Security Features
Enpass’ special features are all focused around security. By default, Enpass locks itself every minute just in case you happen to leave your computer unattended. It also clears your clipboard every thirty seconds (more or less if you so choose) to prevent your passwords from being acquired whenever copying and pasting your sensitive data. These are set as they are to prevent people from gaining access to your passwords when you aren’t at your computer.
Another interesting ability is syncing your Enpass data with external cloud services like Google Drive or Dropbox. Unless you specifically choose to sync your passwords and information to a cloud server, all of your passwords will be stored locally. Even if you decide to sync your program data with a cloud service, those files are still encrypted and can’t be unlocked by anything but your master password on Enpass.
My Thoughts
Overall, though, I really like Enpass. I’ve never been a fan of password managers, especially not the ones that exist as desktop-only applications and only really seem to exist to add an extra wall between you and your password storage. Instead, Enpass runs fairly smoothly after its initial setup, and while I don’t have enough passwords to make great usage of it, seeing how it managed my information was very nice. It’s definitely a lot more secure than Chrome’s default password management, which pretty much lets anyone who uses your browser open a file containing all of your passwords. There aren’t enough words in the English language for me to express how not into that I am. I hear that FireFox has good built-in password management, but it’s never something I’ve bothered using. I feel like Enpass is easy enough to use and offers enough extra special features to be worthy of your time and attention. I feel like it’s more than just a password manager. It offered me a better experience than I’ve ever gotten out of other password managers, and it did so while being painless to use and relatively easy to set up, minus a minor misunderstanding in the beginning. Due to its ease of use, its extensive customizability and its high-level AES-256 encryption, Enpass is easily my favorite password manager so far. What do you think? Sound off in the comments and let me know whether you use other password managers or if you have a better one for me to try!