Table of Contents Categories
  Encyclosphere.org ENCYCLOREADER
  supported by EncyclosphereKSF

Enpass

Topic: Software

 From HandWiki - Reading time: 6 min

Enpass
Developer(s)Enpass Technologies Inc.
Operating systemWindows, Windows Phone, macOS, Linux, ChromeOS, iOS, Android, Wear OS, WatchOS
PlatformChrome, Safari, Edge, Firefox and Brave
TypePassword manager
LicenseFreemium
Websiteenpass.io

Enpass is a freemium password manager and passkey manager from Enpass Technologies, available for MacOS, Windows, iOS, Android and Linux,[1] with browser extensions for all major browsers,[2][3] and pricing plans for both personal use and business.[4][5][6]

Enpass stores and syncs encrypted password vaults on users’ personal cloud accounts, or within a business's internal cloud infrastructure, [2][7][8] as opposed to keeping vault data on company servers.[9][10] The app is designed to comply with data sovereignty and data security regulations such as GDPR.[11]

Functionality

Features include[12][13][14]:

Enpass vaults are usually stored on Google Drive, Box, Dropbox, OneDrive, iCloud, or on business's Microsoft 365 or Google Workspace storage. Enpass also supports self-hosted WebDAV solutions such as ownCloud and Nextcloud, as well as storing data on device and syncing via via Wi-Fi or folder sync.[18][19][20]

Availability

Enpass is available in four editions: Personal, Family, Business, and Enterprise.[21][22] The Business and Enterprise plans include administrative controls, identity provider integration, security audit tools, security event logging, access recovery, and password-less vault sharing between invited co-workers.[23]

Encryption and Whitepaper

The entire database is protected using AES-256 encryption. SQLCipher is used to technically implement the AES-256 encryption.[24]

In addition, the encryption key is derived from the master password using PBKDF2-HMAC-SHA512 with 320,000 iterations, which makes brute-force attacks extremely difficult.[24]

Enpass provides official security whitepapers[25] that explain the security architecture and encryption methods in more detail. These whitepapers are available for download on the Enpass website and are part of the official documentation on security and encryption.

Security Criticism

2024 Evaluation of Password Checkup Tools

A 2024 study by Hutchinson et al. examined the “password checkup” features of 14 password managers, including Enpass, using weak, breached, and randomly generated passwords. The authors found that the evaluated products reported weak and compromised passwords inconsistently and sometimes incompletely. No manager successfully flagged all known breached passwords. The study concludes that such inconsistencies may give users a false sense of security.[16]

2025 DOM-based Extension Clickjacking

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers, including Enpass, at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click.[26] The affected password manager vendors were notified in April 2025. According to Tóth, Enpass version 6.11.6 (released August 13, 2025) addressed this issue.[27]

See also

References

  1. "Download Password Manager" (in en-US). https://www.enpass.io/downloads/. 
  2. 2.0 2.1 Graw, Mike Jennings; Hale, Craig (2021-03-23). "Enpass Review: Pros & Cons, Features, Ratings, Pricing and more" (in en). https://www.techradar.com/reviews/enpass. 
  3. "Enpass - Download Password Manager" (in en-US). https://www.enpass.io/downloads/#extensions. 
  4. Millares, Luis (2024-02-05). "Enpass Review 2024: Pricing, Security, Pros & Cons" (in en-US). https://www.techrepublic.com/article/enpass-password-manager-review/. 
  5. "Pricing & Free Trial" (in en-US). https://www.enpass.io/pricing/. 
  6. "Pricing for Businesses" (in en-US). https://www.enpass.io/pricing-business/. 
  7. "Syncing and accessing Enpass data across devices". https://support.enpass.io/app/sync/sync_and_access_enpass_data_on_all_devices.htm. 
  8. "Enpass Business integration with Microsoft 365 and Google Workspace". https://support.enpass.io/business/kb/integration_googleworkspace_microsoft365.htm. 
  9. Singh, Karandeep (2023-01-03). "Why Enpass is my perfect LastPass replacement password manager" (in en). https://www.androidpolice.com/enpass-perfect-lastpass-replacement/. 
  10. "About" (in en-US). https://www.enpass.io/about/. 
  11. "Enpass Compliance & Assurance | Enpass Help" (in en). https://help.enpass.io/business/latest/microsoft-365/enpass-compliance-assurance. 
  12. "Why Enpass? | Enpass Help" (in en). https://help.enpass.io/personal/latest/desktop/why-enpass. 
  13. "Enpass Key Features" (in en). https://www.enpass.io/enpass-key-features/. 
  14. Gilbertson, Scott. "The Password Managers You Should Use Instead of Your Browser" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/story/best-password-managers/. 
  15. Thorp-Lancaster, Dan (28 December 2018). "Enpass 6 rolls out to all with multiple vaults, new design, and much more". Windows Central (Mobile Nations). https://www.windowscentral.com/enpass-6-rolls-out-all-multiple-vaults-new-design-and-much-more. 
  16. 16.0 16.1 Hutchinson, Adryana; Munyendo, Collins W.; Aviv, Adam J; Mayer, Peter (2024-05-11). "An Analysis of Password Managers' Password Checkup Tools". Extended Abstracts of the CHI Conference on Human Factors in Computing Systems. CHI EA '24. New York, NY, USA: Association for Computing Machinery. pp. 1–7. doi:10.1145/3613905.3650741. ISBN 979-8-4007-0331-7. 
  17. "SQLCipher" (in en). https://github.com/sqlcipher. 
  18. "A Full Enpass Review for 2024 — Features, Pricing, Pros and Cons" (in en-US). 2024-09-13. https://techreport.com/password-managers/enpass-review/. 
  19. "Using folder sync in Enpass". https://support.enpass.io/app/sync/using_folder_sync_in_enpass.htm. 
  20. "Offline syncing via Wi-Fi | Enpass Help" (in en). https://help.enpass.io/personal/latest/desktop/offline-syncing-via-wi-fi. 
  21. "Pricing & Free Trial" (in en-US). https://www.enpass.io/pricing/. 
  22. "Pricing for Businesses" (in en-US). https://www.enpass.io/pricing-business/. 
  23. "Enpass Key Features" (in en). https://www.enpass.io/enpass-key-features/. 
  24. 24.0 24.1 "Security and Data Encryption". https://support.enpass.io/app/kb/data_security_and_encryption_in_enpass.htm. 
  25. "Enpass Security Whitepaper". https://dl.enpass.io/docs/whitepaper/enpass-security-whitepaper.pdf. 
  26. "Multiple top password managers vulnerable to password stealing clickjacking attacks - here's what we know" (in en). 2025-08-22. https://www.techradar.com/pro/security/multiple-top-password-managers-vulnerable-to-password-stealing-clickjacking-attacks-heres-what-we-know. 
  27. Tóth, Marek (2025-08-09). "DOM-based Extension Clickjacking: Your Password Manager Data at Risk" (in en). https://marektoth.com/blog/dom-based-extension-clickjacking/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Software:Enpass&oldid=4395048"
Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/Software:Enpass
11 views |
↧ Download this article as ZWI file
Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF