Leaderboard

I understand that you do not wish to open-source your product, but I am reluctant to use it because of the fact it is closed-source, the company is based in India (yes, this matters) and there is no information about the development team. Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? Thanks, Gili

please would like to implement a key or file for authentication beyond just the password ? and can also add 2 -factor authentication to open the keychain sorry bad english

I messed up a bit, sorry, just woke up. I mean that as soon as someone has you password database most common 2FA isnt going to stop anyone. a keyfile in contrast only adds a superlong password and a dedicated keyfile, with randomized contents is something that for example a virus or stuff could easily snoop up. in combination with the fact that enpass would be installed a virus could snatch the key file and pw database and get out, and the password could be then bruteforced. other than a real second factor, the key file can be copied a thousand times over and no one would notice.

Hi @cholq Thanks for reporting this issue and I apologize for the inconvenience. We are aware of this issue and it will be fixed in the next update. Meanwhile to get rid of this issue, please disable the option Match URL hostname from Enpass browser settings. Hope this helps!

If I may offer my opinion. I am happy to pay reasonable license costs for software. I am happy to pay again for major releases eg version 5.xx to version 6.xx. I think your current pricing is at the low end when compared to competitors of similar products. ie products under ongoing development, with ready access to techical support, user forums etc. But if your happy with your pricing model it thats fine by me as long as it means you can continue developing and supporting Enpass. I dont like (and so far have avoided) paying monthly 'subscription' fees for any software. I wont use a password manager that mandates customers store their data on their controlled servers. Why? ...For me, I do not want to be put my login data, credit card information, banking access codes etc on honeypot of servers and I see no advantage that compells me to take a risk and add my data to such a hacker target. I appreciate that I can sync my devices via iCloud or Box or Onedrive etc..... please dont change this ability.

Hello, everybody! I truly understand your concern for a software holding critcal information and not being open sourced or audited by any credible third party agency. Well guys, thanks for all your comments and we've decided to get third party audit of Enpass. But all we need is just some more time as after the upcoming release of Attachments (beta is already there), we'll work on some key features like multiple-vaults with a need of refactoring the core engine, and I think that would be that best time to go for audit, all at once. Till then, please bear with us and all I ask for is your co-operation. Cheers!

wait a sec, dont google's guidelines Marshmallow iirc enforce the use of the Android native API for fingerprinting on devices with it?

Hemant, Thank you for your response. I don't think anyone is expecting frequent audits. Once a year or every 3 years should be enough. As to the cost... that's the cost of doing business. The primary reason I skipped over this product was because it was both close-sourced and unaudited. Otherwise, I would have purchased a copy. Gili

They miss the important thing : They must add TOTP with Master password for Enpass itself ...

I don't agree with you. To give you an example: When you buy a software, you normally get a serial-number (which you can already save it in Enpass). But some software are providing a license-file instead of a serial number. This files are very small and I don't want to store dem separate in a encrypted folder. As I have written previously, for bigger data we can use encrypted folder, but license-files or key-files have in opinion the same priority as passwords. Another point is the sync with the cloud. I don't know, how the development-team have implemented the sync function, but nowadays it's possible to sync only the changes between two files. Next today we have highspeed Internet and so the sync takes some seconds. The last point (I don't want to attack you) if this feature is implemented, nobody forces you to use it. So if you don't attach documents to Enpass, the DB of Enpass will stay at the same size as it is now. It's fine that you only store passwords in Enpass, but in my case some files(cert,...) are used to authenticate me on some services. These files are used like passwords and for this reason I also want to store it in the same location as all my other passwords.