Getting locked out of an important site because you forgot your password is a pain, even when the site offers a simple way to reset it.
It's tempting to just use the same password everywhere, but doing so is setting yourself up for being hacked.
Use a password manager such as Enpass to set up a unique, strong password for every site, instead.
You should know upfront that Enpass only stores your passwords locally by default; if you want to sync between devices, you need to attach a cloud storage account.
On one hand, that means your important details are in one less place online, but this introduces inconveniences and may confuse newcomers.
A lack of intuitive two-factor authentication options, limited sharing features, and usage quirks related to filling passwords and identities are other drawbacks to this service.
Pricing and Platforms
Enpass’s pricing structure is different than that of most competitors.
Desktop users on Windows, macOS, and Linux devices can use Enpass for free.
On those platforms, you get all of Enpass’s features and full syncing capabilities between those devices.
There’s also a portable version you can run from a USB drive.
On Android and iOS devices, Enpass is free for up to 25 items and one vault.
If you go over those limits, you need to pay for Enpass on either an annual ($11.99 billed every year) or half-year ($7.25 billed every six months) basis.
Alternatively, you can pay a one-time fee of $59.99 to permanently unlock all of Enpass’s features across all platforms.
The price might be cheaper if there’s a sale, as with most such services.
Enpass is priced aggressively compared to competitors.
For example, its one-time tier costs the same as an annual Dashlane subscription ($59.99 per year).
Enpass’s annual rate also compares favorably.
Keeper Password & Digital Vault’s Personal account is $29.99 per year, while 1Password’s Premium account costs $35.88 per year.
Other free password managers, including Editors’ Choices LastPass and MyKi, do not restrict the use of multiple platforms.
MyKi works similarly to Enpass in that it does not include any sort of cloud storage; instead it stores entries locally on your mobile device and makes everything available on other platforms via P2P sharing.
Account and Device Setup
We downloaded Enpass’s Windows app from the Microsoft Store to get started.
The good thing about Microsoft Store apps is that they run in a sandboxed mode; more apps should take advantage of this platform.
We primarily tested the Enpass app on a Windows 10 laptop and a Google Pixel 3 running Android 10.
Once you download and install the desktop app, you need to set up an account by providing and confirming your email address.
Next, you create an all-important master password, which encrypts all of your data.
This password should be memorable, but not guessable by anyone else.
Enpass rates your master password and offers specific advice for improving a bad one, for example, noting that what you've typed contains a name or a common password.
Your master password is irrecoverable, so make sure to write it down in a safe place.
Security-conscious users can optionally generate a Keyfile for their accounts, which is used alongside the master password to encrypt your data.
Keyfiles are also irrecoverable.
Unlike most other password managers, Enpass does not offer app- or security key-based two-factor authentication options to secure your account.
We discuss this limitation more in a later section.
Once you get past the initial setup, Enpass encourages you to install its browser extension, which is available for Edge, Chrome, Firefox, Safari, and Vivaldi.
The web extensions need to be used in conjunction with the desktop apps and are required for password capture and replay.
1Password’s 1Password X extensions can function independently, by contrast.
We installed Enpass’s extensions on Chrome and Firefox for testing.
Linking an extension to your Enpass app requires entry of a passcode generated by the extension, much as Myki requires snapping a QR code from the extension.
This prevents someone who shoulder-surfs your password from using it to log into your account using the extension.
Another advantage of this method is that you don’t need to keep typing in your master password to use the extension.
Getting all your passwords into a password manager is a significant investment of time.
Therefore, switching from one password manager to another needs to be as seamless as possible.
Fortunately, Enpass can import from a dozen competitors, among them LastPass, RoboForm Everywhere, and Sticky Password.
It can also import from Chrome and other instances of Enpass.
If your old password manager isn't on the list, never fear.
You can export from the old guard to a CSV file, format it to Enpass’s standards, and then import it.
Enpass supports importing logins, credit cards, and secure notes.
Desktop App and Password Organization
When you set up your account, Enpass creates a primary encrypted vault for password storage.
You can create additional vaults, perhaps adding a separate vault for work-related passwords.
1Password operates similarly.
Apart from vaults, you can organize entries by creating tags and sub tags for more precise organization.
We appreciate this flexibility.
Across the top of the desktop app interface, there’s a cloud icon in the top-left area that shows your cloud storage status, a search bar, a plus icon for adding a new entry, a button for locking the application, an icon for the password generator, and a settings area.
Oddly, the settings section appears in both the top bar and as an item under the application’s menu.
Notable settings include the option to lock the application with a PIN, set up cloud syncing, creating backup files of your passwords, generating pre-shared keys for securely sharing passwords, and customizing the interface categories and templates.
There’s also a dark theme option, which is always welcome.
On the desktop, Enpass uses the popular three-column layout.
You select an item type in the left column, view items of that type in the middle column, and dig into details for the selected item in the right column.
Enpass uses site-logo icons for popular sites and plugs in a generic icon for the rest.
Going down the left-hand side of the interface, you see a list of all entry categories (such as logins, credit cards, identities, and notes), a Tags section, the Password Audit Section, and an Others section.
Items in the Others area include Time-based One-Time Passwords (TOTPs), Attachments, Archived, and Trashed.
To edit an item, select it from the middle column and then hit the pencil icon at the top of the left-most column.
Make sure to save entries before leaving that page.
You can add custom fields and sections to each item as well as upload files.
Local Storage and Syncing
Enpass handles storage differently than many password managers.
Like Myki, Ascendo Data Vault, and a very few others, Enpass keeps your passwords in local storage rather than maintaining servers to store your encrypted data in the cloud.
Skipping the expense of cloud servers is one reason the company can offer the desktop version for free.
Note that while the free editions of LastPass and LogMeOnce Password Management Suite Premium use in-house cloud storage, users of the paid editions effectively finance the server farm.
If you only use Enpass on a single system, local storage is fine.
However, most people will want access to their passwords and other data from more locations.
To do so, click the cloud icon in the upper left area of the desktop app and select Set Up Sync.
You need to give Enpass permission to set up a folder in your OneDrive, Dropbox, Google Drive, Box, or iCloud account.
You can also use a shared network folder.
If you're a total network geek, you can even connect to Enpass to your own server using WebDAV.
KeePass also supports WebDAV for syncing, but it's just too arcane for most users.
The trade-off for potentially better security from big-name cloud service providers comes at the expense of usability.
Especially people new to the idea of password managers may not want to involve their cloud storage accounts in the process.
If anything, storing passwords in a folder in a cloud storage account you use frequently makes the data more visible (and thus more likely to be accidentally deleted).
Enpass heavily leans on these other cloud providers, to the extent that it doesn’t offer typical two-factor authentication options.
Instead, Enpass reasons that since these cloud providers all offer two-factor authentication, your synced data is secured that way.
Still, while you need to remember two logins to store your data, access to your Enpass data isn’t actually protected in two ways (you just need to enter your master password to sign in.) It’s also recursive if you use Enpass to store your credentials for that cloud storage account.
Protecting local app access with a second factor of authentication is important too, since the potential password data at stake remains the same, regardless of whether it is stored locally or online.
In Enpass's explanation of why it does not include 2FA options, it points users towards setting up a Keyfile, which you would need in order to access your passwords in addition to your master password.
A Keyfile thus could function as a second factor.
If you keep the Keyfile on the same device where your passwords are stored, however, this is not ideal.
As such, we would like to see more mainstream two-factor authentication options (such as via an authenticator app or security key) for protecting access to Enpass's apps.
Web Extension and Password Handling
The Enpass desktop application stores and syncs your passwords and other personal data, but that's all it does.
If you want the expected password capture and replay (and you do!) you must install the browser extensions.
Note that there Enpass does not offer a dedicated web dashboard.
Enpass’s web extension is pretty standard.
It shows a list of your logins, favorites, credit cards, and identities.
You also get access to the password generator and a search bar for quickly finding items.
Clicking on a login item fills that information in on a relevant page, but you can’t edit entries directly.
To copy specific fields or navigate to a login’s associated site, click the item once and then hit the information button on the right-hand side.
With Norton Password Manager, LastPass, and many other password managers’ extensions, you can just click on an entry once within the extension to open the linked site and log in.
This is one example of how Enpass requires a seemingly unnecessary step.
Any of the Enpass browser extensions can capture your username and password as you log in to each secure site.
You can give the entry a descriptive name at this point, but if you want to apply tags you must use the main application.
In testing, we found that, unlike with most competing products, if you click away from the offer to add an item before clicking Save (such as to enter a TOTP code), you don’t get another chance to do so.
We had to log out of the site and in again to capture the credentials.
Many password managers automatically fill in credentials when you revisit a site.
Some are more cautious, waiting to fill credentials until you request it by clicking in one of the fields.
With Enpass, you must either click the extension, press the magic key combo Ctrl+/, or right-click and select Enpass from the context menu to see what logins are available for the current site.
Once you select a login, automation kicks in.
It's very similar to the way 1Password works, though with 1Password the magic key is Ctrl+.
Despite some difficulties with multistep logins in previous tests, we found that Enpass worked fine with Gmail’s two-page login this time around.
However, with Eventbrite’s multistep login, we had to add our username manually; Enpass only captured the password.
If you notice a missing field at the time of capture, you can click the Show More option in the Save Password dialogue box and fill in the data manually or edit the item in the main app.
On the plus side, Enpass can pick up fields other than just the username and password.
Unlike Sticky Password, LastPass, and a few others that manage this using a special "collect all fields" feature, Enpass seems to do it automatically.
Password Auditing and Generator
Once you have all your passwords safely stored in the password manager, you're halfway secure.
To finish the job, you need to replace all your bad passwords.
Enpass’s Password Audit feature can help you identify those offending passwords.
This tool is accessible via the left-hand menu of the desktop app.
The Password Audit section breaks down into three sections: Pwned, Weak, and Identical.
The Pwned section checks if any of your passwords appear in the Have I Been Pwned? database of compromised passwords.
Enpass asks for your permission before checking your passwords against this list online.
The Weak section includes passwords that don’t meet Enpass’s definition of a strong password, for example, if they are too short, not varied enough, or otherwise guessable.
The Identical section lists passwords that are the same across accounts.
Other password managers, including Sticky Password, also have password audit sections with similar functionality.
There's no automation for the process of fixing bad passwords like you get in LastPass and Norton.
Other services, including 1Password and Keeper Password & Digital Vault, notably refrain from automated password changes for various privacy reasons.
You need to manually go to the site to change your password.
But what should your new password be? Don't worry; Enpass, like every other modern password manager, offers a password generator tool.
However, not all password generators are created equal.
For the best security, you want long passwords that make use of all four character sets (lowercase letters, uppercase letters, digits, and symbols).
But with some password managers, default settings give you weak passwords.
For example, RoboForm, SplashID, and Trend Micro Password Manager all give you eight-character passwords by default.
So does Ascendo, but its default passwords are all letters, no digits or symbols.
By default, Enpass generates passphrases like the XKCD’s popular Correct Horse Battery Staple example, rather than random strings of...
