Hi there,
I'm using Enpass for a few years now on Android Phones, Linux, macOS and Windows 10. I always loved, that it's available on all platforms, relatively painless to use and free except on mobile devices. I've been quite surprised by the update that arrived on my phone a few days, Enpass looking totally different and updating my vault (and breaking compatibility with older versions). A warning of some kind would have been nice. So I updated all my installations of Enpass and after setting up everything seemed to work okay-ish. But in the last couple of days of using it I ran into some issues.
sync seems to be kind of broken
I use Dropbox for sync and when I started to update a few passwords (because Enpass now considers them weak) I did the update on my mac. So the related apps on my phone got signed out. But Enpass to the rescue. Oh it's not synced and still holds the old, weak password. Let's "sync now". Oh, the old password is still there?! Let's check on the mac. Oh no, the new password is gone. What just happened? Doesn't the entires have a "last modified on" timestamp, so it should be easy not to overwrite the newer ones with older ones? After a round of "forgot my password" I could recover my account.
This did not happen for all of my updated passwords, but for about 10% of them I ran into this issue.
password history is gone?
iirc, there was a password history, so I could check older passwords used for an account. This would have solved the sync issue without resetting the password. I found the history button (bad UX btw) for the password generator. But that only shows the history of generated passwords. There used to be a history on the separate entries in my vault. It's gone or well hidden so I can't find it.
deleting entries seems buggy
When updating my passwords I also found some old accounts that did not exist anymore. So I tried to delete them. Sent them to the trash - they did not disappear from the weak/duplicated password list. After emptying the trash, they are still there - but as an empty entry without any details. If I delete them again they reappear after a second.
this happens on linux, mac and android (did not check on windows yet, but assume it's a general problem)
an option to 'refresh' or clean up the vault would be nice
password audit seems buggy
some of my entries in the duplicate/weak password list still show up there, even after updating the password. If I select the entry, password shows as excellent, un-hiding it shows the correct new password, but it still shows up on the audit list.
this happens on linux, mac and android (did not check on windows yet, but assume it's a general problem
an option to 'refresh' or clean up the vault would be nice
I still don't really get why Enpass now considers pronounceable passwords not excellent unless the consist of 8+ words and random passwords excellent if they are longer than 20 chars. For using dictionary attacks the attacker would need to know the password type and have access to the dictionary.