As 1Password has changed their licensing policies I'm looking elsewhere for a more affordable solution and came across Enpass, as well as LastPass and DashLane. With 1Password numerous 3rd party audits are available on the internet, and also with DashLane I could find a pretty interesting 3rd party audit alas for an older version. For LastPass it was more difficult fo find such audits (although I did find several mentions of vulnerabilities) but I discovered hackergroups discussed the security of LastPass and appear to feel safe with it - that's a good second best for a security audit.
So I started looking for a 3rd party audit onto Enpass and stumbled upon this discussion and got surprised about the reluctance of Enpass to have the 5 version audited. In my opinion it's just ridiculous to postpone an audit because of a new version is going to be launched. Why not having version 5 audited? Isn't it secure enough to be audited? I actually don't care about the last version of your software being audited. Audits are about gaining trust. I would be very interested to read 3rd party audits for any older version even though you might have several vulnerabilities in those fixed already. Each and every audit tells something about you, the company writing the software.
If you are really serious about getting a 3rd party audit involved then do so immediately, with the current version of the software. Right now this discussion reads like a joke. I cannot take Enpass as a serious alternative to 1Password. I'd rather pay the hefty fees for 1Password.
Security audit
in Data Security
Posted
As 1Password has changed their licensing policies I'm looking elsewhere for a more affordable solution and came across Enpass, as well as LastPass and DashLane. With 1Password numerous 3rd party audits are available on the internet, and also with DashLane I could find a pretty interesting 3rd party audit alas for an older version. For LastPass it was more difficult fo find such audits (although I did find several mentions of vulnerabilities) but I discovered hackergroups discussed the security of LastPass and appear to feel safe with it - that's a good second best for a security audit.
So I started looking for a 3rd party audit onto Enpass and stumbled upon this discussion and got surprised about the reluctance of Enpass to have the 5 version audited. In my opinion it's just ridiculous to postpone an audit because of a new version is going to be launched. Why not having version 5 audited? Isn't it secure enough to be audited? I actually don't care about the last version of your software being audited. Audits are about gaining trust. I would be very interested to read 3rd party audits for any older version even though you might have several vulnerabilities in those fixed already. Each and every audit tells something about you, the company writing the software.
If you are really serious about getting a 3rd party audit involved then do so immediately, with the current version of the software. Right now this discussion reads like a joke. I cannot take Enpass as a serious alternative to 1Password. I'd rather pay the hefty fees for 1Password.