Jump to content
Enpass Discussion Forum

Enpass vs. lastpass hack


spinedoc777

Recommended Posts

I've been a happy user of Enpass for years now, but this lastpass debacle has me concerned.  My main concern is how Enpass handles the type of user information which lastpass apparently did not encrypt, info like website URLs and other metadata, although I'm not clear if that metadata was part of their vault or just information lastpass had in dealing with customers. I'd like to learn more about how Enpass hands off the password vault to a cloud provider and any inherent risks with that.

This would seem like a very valuable discussion with your customers to feel at ease using Enpass going forward.

Edit: So from what I've been reading, it looks like part of the UNENCRYPTED data compromised was the URL site of each password entry (and possibly other site entry information)!  So i definitely have this question for Enpass, how is this information handled, is it also encrypted along with passwords and not stored anywhere else but inside the password vault?

Edited by spinedoc777
Link to comment
Share on other sites

Your answer is on the security page of Enpass’ website (in the FAQ):

https://www.enpass.io/security/

Your cloud always contains a copy of same encrypted data as on your device. We download the whole encrypted copy and decrypt it locally on your device for real sync operation to merge changes. Afterwards we upload the encrypted data on cloud. In a nutshell, your cloud is only a storage medium and no security related operation ( encryption or decryption ) is actually performed there. All such operations are performed locally on your device.
 

 

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...