Enpass

Last updated
Enpass
Developer Enpass Technologies Inc.
Operating system Windows, Windows Phone, macOS, Linux, ChromeOS, iOS, Android, Wear OS, WatchOS
Type Password manager
License Freemium
Website enpass.io

Enpass is a freemium password manager and passkey manager available for MacOS, Windows, iOS, Android and Linux, with browser extensions for all major browsers, [1] [2] and pricing plans for both personal use and business. [3] [4] [5]

Contents

Functionalities

It features:

  1. Multiple vaults
  2. Password generation
  3. Biometric authentication
  4. Form filling for all supported platforms
  5. Integrated software keyboard for form filling on Android devices
  6. Generation of time-based one-time passwords for online services [6]
  7. The Password Checkup tool uses zxcvbn to assess password strength. [7]
  8. It detects credential breaches by querying the Have I Been Pwned? database. [7]
  9. Privacy: The application features client-side encryption, using SQLCipher [8] to encrypt its keychain file locally with a user-defined master password. The Enpass app retains no user data on its company servers, [9] [10] instead storing and syncing encrypted password vaults on storage controlled by the end user.
  10. Synchronisation: Enpass vaults are usually stored on users' own cloud storage service like Google Drive, Box, Dropbox, OneDrive, iCloud. Enpass also supports self-hosted WebDAV solutions such as ownCloud and Nextcloud, as well as on browsers, plus offline synchronisation. [11] [12] [13]

Availability

Enpass provides multiple client applications, including desktop applications, browser extensions and mobile apps. The desktop apps are available for Windows, macOS, and Linux [14] , while browser extensions are offered for Chrome, Firefox, Safari, Edge, Opera, Vivaldi and Brave. [15] Mobile apps are available for Android and iOS. [16]

Enpass products include Personal and Family editions that feature vault sharing via personal cloud accounts, [17] and Business and Enterprise editions with users’ vaults stored within each clients’ business-cloud infrastructure. [18] For personal and family users, the desktop app is free, and the mobile app is free up to 25 records, with more records and additional features available with a software subscription. [17] [19] The Business and Enterprise editions are billed per user, per month, and include security audits, access recovery, and password-less vault sharing between invited co-workers. [18]

Security Criticism

2024 Evaluation of Password Checkup Tools

A 2024 study by Hutchinson et al. examined the “password checkup” features of 14 password managers, including Enpass, using weak, breached, and randomly generated passwords. The authors found that the evaluated products reported weak and compromised passwords inconsistently and sometimes incompletely. No manager successfully flagged all known breached passwords. The study concludes that such inconsistencies may give users a false sense of security. [20]

2025 DOM-based Extension Clickjacking

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers (including Enpass) at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click. [21] The affected password manager vendors were notified in April 2025. According to Tóth, Dashlane version 6.11.6 (August 13, 2025) addressed the issue. [22]

See also

References

  1. Graw, Mike JenningsContributions from Michael; updated, Craig Hale last (2021-03-23). "Enpass Review: Pros & Cons, Features, Ratings, Pricing and more". TechRadar. Retrieved 2024-09-30.{{cite web}}: |last2= has generic name (help)
  2. "Enpass - Download Password Manager". Enpass. Archived from the original on 2024-10-02. Retrieved 2024-09-30.
  3. Millares, Luis (2024-02-05). "Enpass Review 2024: Pricing, Security, Pros & Cons". TechRepublic. Retrieved 2024-09-30.
  4. "Pricing & Free Trial". Enpass. Archived from the original on 2022-04-08. Retrieved 2024-09-30.
  5. "Pricing for Businesses". Enpass. Retrieved 2024-09-30.
  6. Thorp-Lancaster, Dan (28 December 2018). "Enpass 6 rolls out to all with multiple vaults, new design, and much more". Windows Central. Mobile Nations. Retrieved 23 January 2019.
  7. 1 2 Hutchinson, Adryana; Munyendo, Collins W.; Aviv, Adam J; Mayer, Peter (2024-05-11). "An Analysis of Password Managers' Password Checkup Tools". Extended Abstracts of the CHI Conference on Human Factors in Computing Systems. CHI EA '24. New York, NY, USA: Association for Computing Machinery: 1–7. doi:10.1145/3613905.3650741. ISBN   979-8-4007-0331-7.
  8. "SQLCipher". GitHub. Archived from the original on 2017-07-01. Retrieved 2019-02-22.
  9. Singh, Karandeep (2023-01-03). "Why Enpass is my perfect LastPass replacement password manager". Android Police. Retrieved 2024-09-30.
  10. "Syncing and accessing Enpass data across devices". support.enpass.io. Retrieved 2024-09-30.
  11. "A Full Enpass Review for 2024 — Features, Pricing, Pros and Cons". The Tech Report. 2024-09-13. Retrieved 2024-09-30.[ dead link ]
  12. "Using Wi-Fi sync in Enpass". support.enpass.io. Retrieved 2024-09-30.
  13. "Using folder sync in Enpass". support.enpass.io. Retrieved 2024-09-30.
  14. "Download Password Manager". Enpass. Retrieved 2025-11-21.
  15. "Download Password Manager (Browser)". Enpass. Retrieved 2025-11-21.
  16. "Download Password Manager". Enpass. Retrieved 2025-11-21.
  17. 1 2 "Pricing & Free Trial". Enpass. Archived from the original on 2022-04-08. Retrieved 2024-10-28.
  18. 1 2 "Pricing for Businesses". Enpass. Retrieved 2024-10-28.
  19. "Enpass Review 2024: Is It a Good Password Manager?". SafetyDetectives. Retrieved 2024-10-28.
  20. Hutchinson, Adryana; Munyendo, Collins W.; Aviv, Adam J; Mayer, Peter (2024-05-11). "An Analysis of Password Managers' Password Checkup Tools". Extended Abstracts of the CHI Conference on Human Factors in Computing Systems. CHI EA '24. New York, NY, USA: Association for Computing Machinery: 1–7. doi:10.1145/3613905.3650741. ISBN   979-8-4007-0331-7.
  21. published, Benedict Collins (2025-08-22). "Multiple top password managers vulnerable to password stealing clickjacking attacks - here's what we know". TechRadar. Retrieved 2025-11-09.
  22. Tóth, Marek (2025-08-09). "DOM-based Extension Clickjacking: Your Password Manager Data at Risk". marektoth.com. Retrieved 2025-11-09.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.