Leaderboard

Enpass plays a lot on the card that their infrastructure doesn't hold any vaults, and therefore is more secure and compliant. Might be true. But any modern and proper password manager implements zero knowledge anyway, meaning that even with access to your vaults, they would never gain access to the keys needed to decrypt. In both cases (Enpass with local /sync vault) and cloud based managers with vaults on the vendors cloud, it's imperative that the software lifecycle is secured. Enpass being closed sourced and with more and more bells and wizzles that makes outbound calls, it's especially crucial. Also known as supply chain vector They've partially addressed that by recently getting iso27001 certification.