On 12/1/2016 at 3:09 AM, Hemant Kumar said:

We also thought of getting a third party audit of Enpass but eventually had to drop this idea for some time (so far). All this because Enpass supports so many platforms with a high frequency of updates (all together) and it is not possible for us to get every update audited because every successive update will invalidate the last audit done. Also getting the source code audited is very hefty in terms of time and expense.

It's even more expensive to lose many potential customers who will not buy because YOUR SECURITY APP HAS NEVER BEEN AUDITED.

As of 2023 January 160,800 people have read this post because they are interested to know if your password software is safe. Clearly this topic is "of great interest" to customers and potential customers. Clearly additional effort and money put into this area will pay returns. Or by ignoring this area and by not funding it you will continue to turn away interested potential customers.

I read your audit from 2018, the audit did not include the Enpass MacOS app, nor iOS app. Only the Windows & Android apps were audited. The audit found some serious vulnerabilities and they were able to crack the Enpass master password in 40 minutes. That's terrible news for a password manager.

I would expect that Enpass team would want to quickly fix those problems and retest with a new audit. Instead, in 4+ years there is no new audit. The Enpass MacOS & iOS apps have never been audited. Very unsettling. Please meet this challenge and you will be on your way to being a major profitable app.

I love the feature set of Enpass, I want to be a buyer, but I can't because the app needs to be built with strong security, or it is less than nothing. Enpass needs to prove itself to win customers.

Edited January 17, 20233 yr by DrDave
add minor details & encouragement to audit

https://www.enpass.io/security-audit-report/

Okay, so when we talk about a security audit, it's basically like giving your digital and sometimes physical security a really thorough check-up. Think of it as having a doctor examine your health, but instead of your body, it's your company's or your own digital "health." Here's the gist of it:-

The main goal is to find any weaknesses or vulnerabilities in your security. That could be anything from outdated software to easily guessed passwords, or even how secure your physical building is.
A lot of industries have rules and regulations about how they need to protect data. A security audit helps make sure you're following those rules.
Ultimately, it's about making sure your important information and systems are protected from people who might want to cause trouble. That could be hackers, or even just accidents.
there are internal audits, where your own company does the checking, & and there are external audits, where a specialist company comes in to do it.

Why has the third-party audit page been removed?

https://www.enpass.io/security-audit-report/

 

Does Enpass no longer believe in these reports?

Is there any plan to have a third-party audit soon? 

Hi,

this is a very important question which requires a clear statement and transparency by the Enpass team to the customers, since security and reliable audit checks are the highest priority for the Enpass product. I am really interested to hear the answer from the Enpass team and also to read some audit reports!

Cheers

Hello all!

I just purchased my product and migrated my password from the open source tool KepassXC to Enpass and was proud to have a very safe solution. Now since I read this thread and found in another post (https://discussion.enpass.io/index.php?/topic/31849-third-party-audit-deleted/) that the official audit reports have been deleted and can't be checked I am seriously worried if I did the right decision to go for Enpass! I hope this is just a matter of clarification with the Enpass Team - please keep the good work up and let me know/respectively please provide transparency on the audit reports!

@all users/memerbs: Please help us product users/buyers and the Enpass team to revive this high priority topic and contribute to the post with your questions & answers if possible! 

Cheers

We completely agree that security, transparency, and regular audit practices are of utmost importance especially for a product like Enpass that is built around protecting sensitive data.

As part of our ongoing efforts to enhance transparency and user trust, we’ve recently revamped our website and are currently working on launching a dedicated Trust Center. This will be the central place where we’ll share detailed information about our security practices, third-party audits, certifications, and compliance measures.

We truly value your interest and feedback, and we assure you that audit reports and all relevant security-related certifications will be made publicly available through the Trust Center once it goes live.