Jump to content
Enpass Discussion Forum

Out of curiosity a question remains


Recommended Posts

What if my computer and mobile gets reset same time and my cloud password is saved in Enpass. How am i suppose to access my cloud backup? When i think of that situation it scares me badly. Enpass Individual subscription is just fee for the software but there is no ease of mind. I have premium subscription which cost everyone 21.49 Euro yearly which does not have any cloud storage so if we are paying just for an offline password manager with so called security then why don't we just use keepass? it also comes with several plugins to sync with cloud. what makes enpass so special? I am roboform user since last 12 years but now i wanted to move to any other better option but after reviewing all features and situations i have decided to stick with Roboform. Today i installed Enpass on my mobile device and after loading application it gave me option to restore my existing data. It asked me to login to my cloud which login is saved in enpass and my mobile does not have that login saved. i had to access my computer and grab main password for cloud from there then login to mobile and then i was able to login. Really? come on i don't think this password manager worth paying 21.49 Euro for very slow support and no cloud storage.

Why you are charging people 21.49 Euro for? I think instead of securing our passwords you are making them too much easy to lose in case of damage to both devices and once you lost your cloud storage access and you don't have password for that then this so called secure password manager is no more use.

I think if i will have to go through all this struggle then i would probably use KeePass for free which also has same options or even maybe more.

Now i know why people use other password manager which have built-in cloud storage with good encrypion and never been hacked and which costs less then half price of this password manager and not using enpass. i am not going to mention other password manager here but trust paying 21.49 euro for enpass is my worst decision i made 10 days ago.

Edited by Fadi
Link to post
Share on other sites
On 2/26/2021 at 8:04 PM, Fadi said:

What if my computer and mobile gets reset same time and my cloud password is saved in Enpass. How am i suppose to access my cloud backup? When i think of that situation it scares me badly. Enpass Individual subscription is just fee for the software but there is no ease of mind. I have premium subscription which cost everyone 21.49 Euro yearly which does not have any cloud storage so if we are paying just for an offline password manager with so called security then why don't we just use keepass? it also comes with several plugins to sync with cloud. what makes enpass so special? I am roboform user since last 12 years but now i wanted to move to any other better option but after reviewing all features and situations i have decided to stick with Roboform. Today i installed Enpass on my mobile device and after loading application it gave me option to restore my existing data. It asked me to login to my cloud which login is saved in enpass and my mobile does not have that login saved. i had to access my computer and grab main password for cloud from there then login to mobile and then i was able to login. Really? come on i don't think this password manager worth paying 21.49 Euro for very slow support and no cloud storage.

Why you are charging people 21.49 Euro for? I think instead of securing our passwords you are making them too much easy to lose in case of damage to both devices and once you lost your cloud storage access and you don't have password for that then this so called secure password manager is no more use.

I think if i will have to go through all this struggle then i would probably use KeePass for free which also has same options or even maybe more.

Now i know why people use other password manager which have built-in cloud storage with good encrypion and never been hacked and which costs less then half price of this password manager and not using enpass. i am not going to mention other password manager here but trust paying 21.49 euro for enpass is my worst decision i made 10 days ago.

The Cloud Synchronization-feature is just that, a sync. It's _main purpose_ is to provide all devices with a central point of data. It can not be conscidered a secure disaster backup. That's a general thing, files in sync are in constant motion and prone to be deleted, corrupt or such. On Desktops, Enpass creates backups per default on your device. These are versioned and should be at least copied to a separate drive, location or something once in a while. That's a generic recommendation for these kind of data.

If your phone and computer are being reset at the same time (they're on your nightstand and your bedroom catches fire), you can of course restore your data from Google\DropBox... you'll have the latest version of the vault for sure, but you won't have much alternative if the cloud-version is corrupted, missing or whatver.

You should also _always_ have alternative recovery methods for your primary cloud identities like Google or Microsoft. This can be printed out codecheats, recovery email-address or Security Questions (which I reaally hate, but still) or other means..

While documenting the password for your chosen sync-provider (Google,OneDrive) in Enpass is one thing, I'd even vote against using a random password there. Use something you'll remember that's still unique but still memorable and make sure to use additional factors like OTP, FIDO, or other device security.

 

Enpass' sellingpoint is a local software which does (most) it's logic on your devices with crossplattform, coherent support for mobile- and desktop.

You can't really blame them for what they're not claiming to be.

 

I use Enpass _only_ for TOTP-items (since it nicely shows them in my smartwatch), and for passwords and other secrets I use keepass-derivates like you mention.

That gives me cloud-sync, Yubikey-support (2FA) and AutoType, all on both mobile and desktops using free software (as in speech).

And besides it feels stupid to store OTP together with passwords in a software that doesn't allow a true second factor since data syncs to cloud etc.)

Think your disaster-strategy through, it's not the software's responsibility to do so :-)

Edited by Ivarson
typo
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...