egregius.be

Urban Exploration, PHP and others…

    • Enpass

    Enpass: the best password manager

    Enpass

    Enpass
    Enpass

    I’ve been using Enpass password manager for several years now. I’ll try to explain why I choose this one and why I find it the best password manager available.

    First of all, why should you use a password manager?
    The answer is quite simple. Every week one or more databases with email/password combinations are hacked and leaked on the internet. Those combinations arrive in lists for dictionary attacks. Therefore, any ‘normal’ password is already in it, those lists contains millions of passwords.

    The solution to not arrive in such lists, or at least not to worry about it: use random passwords with the maximum length the site or application accepts. I try to use a length of 100 characters wherever possible. For example:

    N5rq_McM9KCxTiB&UGFGQRkT2gLjo-TXYPXUVEsnVL2EqX_RcM7vgv4B3Y-4_&87o2$M#iZeq&J&_XNpn3djp$yf_$PZNce2ouXM

    A password like that is almost impossible to arrive in dictionary attack lists and is too long for a brute force attack.

    Why do I need a password manager if I can store them in the browser?
    Well, you don’t want to lose all your passwords when you change computer, right? Or what if you use multiple computers and/or smart devices?
    Let the browser sync them? Oh no! Then they go to the cloud, not a good option either.

    There are lots of password managers available. I could be difficult to choose the right one, you can’t try them all right? Mostly you’ll choose one that you heard of already, thru friends or colleagues. That’s where this post is for, then you heard of Enpass from me ;) In the past I tried lot’s of others: LastPass, 1PassWord, Bitwarden, LogMeOnce and others I don’t even remember. All of them couldn’t keep up with my high demand for software and features.

    Several password manager are cloud based, like for example Lastpass. I don’t like that for the same reason I don’t store passwords in a browser. The cloud can be hacked. Databases like that are the walhalla for hackers. The question is not if but when it will happen.

    That’s instantly the main reason I chose Enpass, your passwords are stored in an encrypted file on your computer. You’re in control of it. You chose where the file get’s synced if you need it on multiple devices.
    The password file, or vault, is encrypted with 256-bit AES with 100,000 rounds of PBKDF2-HMAC-SHA512 using SQLCipher. That makes that even if your file got compromised there’s no way to read it.

    For syncing between devices a lot of options are available: Onedrive, iCloud, Dropbox, Google Drive, Box, Nextcloud and WebDAV.
    Because I have my own webserver I chose WebDAV over https.

    Next, up to some of the features I like the most in Enpass:

    Multiple vaults: You can create multiple vaults for storing your passwords. That’s a very interesting option. I have a primary vault for my personal passwords, a second shared vault with my wife and a third one shared with colleagues. All I have to do when storing a password is choosing the right vault.

    Categories: The items you create are stored in a category. That way you can easily find them. You can even store other stuff than just usernames and passwords. Credit cards, identities, financial information, licenses,… A lot is available.

    If the categories aren’t enough, you can even add tags to the items.

    Multi-factor authentication, two-factor authentication in short 2FA is built-in with auto fill. Everywhere I can I activate 2FA. It’s just a very good system for protecting your accounts. Even if someone gets your username and password they can’t use it because they need the 2FA verification code. That’s mostly a 6-digit number which is only valid for 30 seconds.
    OK, there are other tools available for that too, but then you always need your phone to view and type the number. With Enpass it all happens automagically.

    Audit: the Enpass app automatically does an audit on your passwords. Weak, identical, old and compromised passwords are easily found so you can change them in a strong new password.

    Multi-platform: Enpass exists for all major platforms: Mac OS, Windows and Linux for desktop. iOS and Android for mobile.
    To use it comfortably in a browser you’ll need an extension. This is available for all major browser: Chrome, Firefox, Edge, Safari, Opera and Vivaldi.

    Favorites: Add a star to the items you use the most and they’ll be instantly found.

    Search: you can search in any field of any item to find it fast and easily.

    One-Time license possible. Pay only once and receive a lifetime license. In the end a lot cheaper than any annual subscription plan.

    Convinced about the features and advantages? Head over to the website of Enpass, download and choose your license.
    Because I was about to write this post Enpass was so friendly to sent some promo codes for my readers:
    Use ENX3D-QPDT6 to get a 35% discount on the one-time license,
    use EN69K-S9H17 to get a 40% discount on the family plan or
    use ENHMN-ADA3V for a 60% discount on the subscription plans.
    https://www.enpass.io/pricing/

    Tags: