Enpass was recently mentioned in the thread on
recent LastPass vulnerabilities so I figured it was a good time to update any interested party on my use of it since I last mentioned it in this thread.
I've been using Enpass
since August 2015, so about 1.5 years. (Which is also almost as long as it has been since anybody posted in this thread.)
It does enough right that I'm still using it. But the experience can be somewhat cumbersome at times, especially on mobile or where browser extensions come into play (at least on Windows). I've found it works great on Linux, and will quickly fill out forms with the press of a hotkey (Ctrl+\ by default). But that hotkey doesn't work for me on Windows, and the browser extension requires many extra clicks just to copy the password to the clipboard compared to LastPass.
Often times when there's a new update, a dialog will pop up telling me there's an update, and showing the changelog. Except the changelog text area is almost always completely blank.
And on mobile I have it configured to allow me to unlock my database with a PIN within X hours after I use my master password to unlock it. But because my device is getting a bit long in the tooth (Nexus 7 2013) it often closes Enpass in the background to free up memory/resources for whatever app is currently in use. This means I frequently have to type my long and secure master password on my mobile device, which isn't fun using a mobile keyboard, and is made even worse when using Enpass' provided keyboard, because it hides numbers and symbols behind "alternate character" displays. So even though Enpass does provide a mobile keyboard that technically supports autofill, I most often find myself switching tasks to the Enpass app itself to login and copy my username/email then switch back to the app and paste, then switch back again to Enpass to copy the password, then switch back to the app to paste and finally login. And maybe a third switch back and forth if the site/app also requires 2FA TOTP.
Mostly I just wish things were more streamlined in it. Especially the browser extensions. As I said, on Linux, it's great. I just press Ctrl+\ and if I've logged into Enpass recently it will autofill. Otherwise a small dialog will popup where I type in my master password and then it autofills. I rarely interact with the main application itself on Linux, and I wish the experience was similar on Windows (and Android). As it is, getting a password from the browser extension often requires:
- Clicking the extension icon.
- Searching for the site if it didn't find/list it automatically.
- Clicking on the little "i" symbol on the side of the list for the site to display the saved login details (with password(s) still masked).
- Clicking on the two overlapping rectangles symbol which represents copying to the clipboard.
- Clicking into the form and pasting.
- The previous step closes the extension popup, which means I may have to repeat the process 2-3 times in order to fill out username, password, and sometimes 2FA TOTP.
Whereas with LastPass, it takes two clicks. I really wish Enpass would get me straight to the info I want instead of hiding it behind extra clicks. One or two clicks doesn't seem like much of a difference, but multiply it by 2 or 3 for each login and then consider all the times you ever have to login to anything and they add up and become frustrating over time.
All that said, I'm still using Enpass. I like the cost (free on desktop, one-time purchase on Android). I like that it handles
TOTPw so I don't need yet another app/device. I like how it all runs locally and doesn't require a connection to some master server. I like how it can also optionally sync across devices using a variety of cloud storage options. I like how it allows you to customize how it generates your password, or add other fields to be saved with your passwords, etc. There's a lot to like about it. But there's also plenty of room for improvement.
If you're looking for a password manager, I'd recommend giving Enpass a try. But if you're satisfied with your current password manager, I certainly can't say it is by and large the best one out there and worth transitioning over to.
Perhaps we could also hear from 40hz to see if he's still using Enpass, and why or why not.
Recent Posts
