Can Enpass see my passwords in Data Security Posted July 25, 2019 · Report reply Hi @Magnus_Carlsen Thanks a lot for liking Enpass and sharing your thoughts with us. I do understand your concern about the security of your data. You can be assured that here at Enpass, we are always on our toes making sure that Enpass stays secure and trustworthy for our users. It as only for the peace of mind of everyone that we switched to use SQLCipher (an open-source engine for cryptography) a while back. I also understand that by only using an open-source technology in software, one can't vouch for overall security of software. It's more about the implementation and interaction with and around the SQLCipher. To check how prudent Enpass is, in dealing with your data saved in SQLCipher, we got the first audit done for version 6. I do agree with you that it's been 9 months since then and Enpass has been updated a couple of times after that, and as a user you would like to see audits happen more frequently. Even though we at Enpass, share the same desire of frequent audits to gain credence with our user base, its recurring cost is just not viable at current stage. However, we assure you that our future plans aim to cover these drawbacks and deliver audits at a more frequent pace. On 7/22/2019 at 8:30 AM, Magnus_Carlsen said: Why aren't you making Enpass open source like Bitwarden. I would like to see the coding of this software to feel more confident about this. I take your point that if Enpass would have been open source, you would have checked the code by yourself for your satisfaction from security perspective and we would not need to pay for audits as well. But in reality, the possibility of your data at risk would stay the same if you install the binaries downloaded from our website and app store accounts. Furthermore majority of Enpass users would not have time to compile the source for all platforms, sign it and then use. At the end of the day, it all comes down to the intentions of the software provider and whether they are actually using the same source code in software as published. I am not saying that companies following the open source practice are not trustworthy but just want to communicate that we are working with benign intentions and would favor getting the audits done more frequently that going for open source. I hope that helps in answering your queries.