Enpass Password Manager: A REVIEW
Strong passwords containing letters, alphabets and alphanumeric characters are highly recommended but hard to remember. If you find yourself always forgetting your passwords, then you need to use a password manager. Instead of using a simple one that can be guessed easily, it’s better you use a strong password and automate your login process through a reliable password manager. One of the best you can use for your Mac is Enpass.
Enpass manages your password and makes your login information available to you anytime you need it. This excellent password manager also works on other devices such as Windows, Android, iOS, Blackberry, and Linux. So no matter the device you’re using, Enpass password manager will fit right in.
- Desktop versions of Enpass are free.
- The browser extension allows Enpass to capture login data, as well as complete login data fields for you.
- Uses Open Source SQLCipher 256-bit AES encryption engine.
- Supports TOTP (Time-based One Time Password).
- It doesn’t store your data on any Enpass servers.
- Mobile pro versions require a one-time fee.
- Enpass for Mac comes in two different confusing versions.
Enpass from Sinew Software is a mostly free password manager for the Mac. The desktop version of the Enpass app is free, the mobile version is offered in a limited-use format for free, or in a pro version for a one-time fee of $9.99 per mobile platform.
Versions of Enpass you download from the Mac App Store can use iCloud to sync login information between multiple devices, your Mac and iPhone, for example, while the version directly available from the developer’s website doesn’t support using iCloud for login syncing.
Enpass is downloaded and installed automatically from the Mac App Store. There are, however, a few steps you need to take the first time you launch Enpass.
You start by setting up a secure AES-256 bit encryption vault to store your passwords, logins, and just about any other data you wish to keep encrypted.
This makes Enpass a good option for storing credit card data and banking information.
Enpass uses a master password to unlock access to the vault. You should pick a password that is easy for you to remember, but one that is long (at least 14 characters), has numbers and special characters and mixes upper and lower case letters. Enpass warns you that it has no way of recovering the master password, so make sure it’s something you’ll remember; perhaps you should also keep the password in a safe place, just in case.
Enpass doesn’t force you to use a complex master password, but since anyone who can guess your master password can gain access to all of your passwords, it’s a good idea to spend some time coming up with a secure strong password that you’ll remember.
Using Enpass – Enpass Password Manager
Once you have set up the master password and completed the launch of the app, Enpass will display its classic three-pane window. The sidebar includes various categories for items in your Enpass vault, including Login, Credit Card, Finance, License, Password, and more.
The center panel contains a list of items associated with the selected category, while the third panelists the details about the selected item.
You can use Enpass just as it is, with the simple three-pane interface and its encrypted vault to hold your information. But the real strength of Enpass becomes apparent when you make a visit to the app’s preferences to set up the browser extension, syncing options, and security settings.
The browser extension allows Enpass to communicate with your browser and use it to auto-submit logins to websites, with no need to copy/paste the login data; Enpass can fill in the necessary login information for you. It can also use the same technology to auto-fill credit card information when you’re shopping online, and it can save new login data whenever you sign up for a web-based service; Enpass can remember the website and the login data you created.
Enpass can also help you with picking a password on the web by generating strong passwords for you. This is one of the best features of any password manager; the ability to generate very strong passwords that you don’t need to remember, because the password manager, Enpass, in this case, will remember them for you.
The browser extension needs to be manually installed, but the Enpass preference settings can guide you through the process.
Enpass can sync your data using one of seven different methods. You can choose from Dropbox, iCloud, Google Drive, OneDrive, Box, Folder, or WebDev/ownCloud.
Selecting one of the Sync options causes Enpass to use the selected cloud-based storage system as the destination for its automatic backups. Backups are encrypted, and you control when Enpass syncs with the cloud-based backup.
Security options in Enpass’s preferences are a bit basic, but serviceable for most users. You can specify how long the Enpass app will remain unlocked after it has been opened, as well as how long before the clipboard is cleared. Remember, the clipboard is used to automate the copy/paste function of filling in or capturing login details. So, clearing out the clipboard needs to be performed to ensure your login or credit card data remains unavailable to others.
TOTP (Time-based One Time Passwords)
Enpass supports TOTP, a method for generating single-use passwords for an even more secure transaction over the Internet.
The idea of TOTP is simple enough; make transactions more secure by using passwords only once.
This way, should anyone intercept the password or login credentials, they’re of little value since they would have already been used and are no longer valid.
Enpass uses the TOTP system adopted by the Internet Engineering Taskforce. This system uses a secret key that is shared between the TOTP system running on Enpass, and a TOTP system running on the website you’re logging into. The TOTP system uses cryptography to combine the shared key with the current time on your Mac to generate a hash-based message authentication code (HMAC). It’s the HMAC that’s sent to the website as the one-time password.
The remote website verifies this is the correct HMAC by using the shared secret key and its own current time to generate a matching HMAC. Because the HMACs are time-sensitive, most TOTPs have a range in which the HMAC remains valid. Thirty seconds is a common valid range for HMAC-based passwords to remain valid. If not used within that time frame, a new HMAC has to be generated.
For TOTP to work, both the website and Enpass must first have agreed to a secret shared key to use. This usually occurs when you first sign up for a TOTP-based service. The shared key is commonly sent by email or text message and is then added to Enpass for future use.
Enpass handles TOTP-based websites by adding a TOTP field for storing the shared secret key. When you log into a TOTP site, Enpass knows to generate an HMAC and send it as the password.
enpass password manager review
enpass password manager pro
how to use enpass password manager