Enpass review: An easy way to create strong, secure passwords
mercredi 29 mars 2023, 16:54 , par PC World
At a glanceExpert's Rating
ProsFree for desktop usersDoesn’t upload data to company serversIntuitive vault organizationConsMobile users require paid accountDefault sharing option is unsecureLimited multi-factor authentication featuresOur VerdictEnpass is a solid password manager with strong basic features and multiple secure syncing options. Most people will welcome its simplicity, but more-seasoned users may be put off by some of its limitations.
Best Prices Today: Enpass
Price comparison from over 24,000 stores worldwide
Handling the hundreds of passwords we need to manage our affairs is difficult enough without a complex password manager adding another obstacle. Enpass is a straightforward solution to help individuals improve their password hygiene and secure their most sensitive data even if they don’t have a high degree of technical know-how.
Enpass: Getting started
Enpass is offered as a desktop app for Windows, macOS, and Linux and a mobile companion app for Android and iOS. Once you download the desktop app, onboarding with Enpass is simple. You’re prompted to register a new account and then to create a master password. Once that’s done, Enpass launches a quick setup tab that lets you install its browser plugin, enable touch ID access, check for compromised passwords, and other options with a simple toggle. After that, you can import your passwords from your browser, a CSV file, or directly from more than a dozen other password managers.
Note: See our roundup of the best password managers to learn about competing products, what to look for in a password manager, and product recommendations.
Enpass allows you to store login credentials, credit card information, personal ID data, licenses, passports, and more in your vault and keeps everything organized in an intuitively labeled category menu. A search bar across the top of the interface helps with locating specific entries, which can be made more searchable via tags and sub-tags. Enpass automatically creates a primary vault when you set up your account, but you can create additional vaults to more cleanly separate work from personal logins, for example.
Desktop users can use all Enpass’ features and syncing capabilities for free.
Once you’ve populated your vault, Enpass can audit all your entries for compromised, weak, identical, or breached passwords. Any offenders can be replaced using Enpass’ password generator. By default, it creates passphrases rather than random character strings; phrases can be from two to 15 words—the default is six—and can include uppercase letters and digits and separate each word with a hyphen. Enpass also supports random-character-string passwords—you just toggle off the “pronounceable” option—of up to 32 characters. You choose what type of characters to use and how many of each.
While the Enpass desktop app stores and syncs your data, capturing and replaying login credentials are handled by its browser extension. Rather than dropping down from your browser’s toolbar like other password extensions, it displays as a separate window that floats over the page. The extension can display all your vault entries and when you click on one, it will fill in the relevant information on a page. Like the desktop app, the browser extension has its own search bar for quickly locating items. When you log in to a site for the first time, the plugin will capture your username and password. You can edit the entry and apply tags right from the extension.
Unlike most other password managers, Enpass doesn’t upload your data to its servers. It’s stored locally on your device. To sync your data across multiple devices, you need to either connect your Enpass account with a cloud service like Dropbox or Google Drive or set up Wi-Fi sync to keep your Enpass data up to date across devices on the same wireless network. Neither option is turnkey, and both require searching through Enpass’ support pages for instruction. That extra work may be a turnoff for some users.
Enpass encrypts your data with 256-bit AES and SQLCipher to better protect against brute-force and side-channel attacks. It does not, however, use multi-factor authentication. The company explains on its website that if you choose to store your data offsite with a cloud service like Google Drive or One Drive, you are already enabling multi-factor security: Your data is secured by your Enpass master password and your cloud-account credentials, plus any additional authentication your cloud provider requires such as one-time codes, biometric identification, or an app-specific password. In this scenario, Enpass argues, anyone trying to steal your passwords would have to get through three layers of authentication. It does support the use of Keyfiles, though, which can be required in combination with your master password to decrypt your Enpass data. Here again, users will need to search instructions for setting up a Keyfile in Enpass support documentation.
Enpass allows you to share items but you must create a personal preshared key to secure each one.
You can share passwords and other entries from the desktop app but doing so surfaces a warning that items shared outside Enpass aren’t encrypted. To secure them, you have to define a pre-shared key—essentially a password you create to share with the recipient of the item before you share the item itself—in Enpass’ advanced settings. In addition to this ad-hoc encryption, you can toggle off fields in the item you don’t want to share. Once you’re ready to share, you send the item via email or copy it to the clipboard to share a different way.
Password inheritance isn’t currently supported. Inheritance features, which are included with some other password managers including Keeper and LastPass, allow designated individuals to access your passwords and sensitive data in the event of your death. Given that Enpass is designed to primarily work offline, it’s not surprising it doesn’t support this capability. However, it’s worth considering if you need to designate a custodian for your data after you’re gone.
Enpass: The plans
Enpass is free to use on Windows, Mac, and Linux. You get access to all the desktop app’s features and unlimited syncing across desktop devices. You can sync up to 10 items in a single vault with mobile devices.
Enpass’ browser extension captures and replays your passwords on secure sites.
To do any more than that you’ll need a paid plan. The Individual plan costs $23.99 per year and removes all entry, syncing, and vault limits. It also provides security alerts for website breaches and will identify any accounts in your vault that support two-factor identification. The Family plan extends the same features to up to six users for $47.99 a year. You can also purchase a permanent lifetime license for an individual for a flat fee of $99.99.
Should you use Enpass password manager?
If you’re new to password managers or just want a solution that’s not overly complex, Enpass is worth the investment. Although it lacks the advanced capabilities found in some of our top picks, it provides all the foundational password management features you need to secure and safely use your sensitive data in an exceptionally easy-to-use app.
Personal Software, Security
56 sources (32 en français)
ven. 29 sept. - 16:24 CEST