I'm a huge fan of Enpass, simple and does exactly what it says on the tin. I've convinced friends and coworkers to switch over to it and they're all very happy with it from what I've heard. What I don't like, and one of the reasons I'm looking at moving away from it, is that the code isn't open source. It also conveniently enables the sending of analytics/data usage by default and hides the option to turn it off at the very bottom of the Preferences / Advanced tab. The only reason I even noticed this was from Little Snitch popping up to tell me. Maybe not a massive problem, but I'd rather a password manager didn't phone home every time I open the damn thing up.
I started using Enpass a few months ago and am mostly happy with it, but I'm not sure it'll work for me long term.
A few of the issues:
- It crashes periodically on Linux. Though it has never wedged the database.
- On ChromeOS, it is "supported" via the Android app, which does not integrate with the Browser plugin from what I can tell. I was really hoping for something that would work there.
- You can't have multiple password databases at all, from what I can tell. I'd really like something that could manage my personal passwords, work passwords that I share with 2 other people at work, and family passwords that are shared with my fiance'.
For the last decade I used a gpg encrypted file on my laptop, combined with passwords saved in the browser on my encrypted file-system. That worked fairly well, until I was in Mexico and my laptop decided to take a vacation too. I couldn't access ANY of my passwords until I got home and could get to my desktop or move my drive to another machine.
Enpass has some benefits:
- The syncing using Google Drive works well.
- Fingerprint unlocking of the vault on my phone works well.
- I've always had a pain point with apps on my phone that update and then need the password again (front door smart lock, car, bank), and I can't access them anymore until I get to my laptop and type in the 30 character random password.
- You can add fields to the records, the default "login" record has "security question" and answer, but for sites that have 3 security questions I can add them as custom fields. (My mothers maiden name? It's "mCxK7JszjJ5Mq29")
- It is available on Linux and Android and kinda on ChromeOS.
I do feel like a web-based one would work better with ChromeOS, but I'm still experimenting with whether ChromeOS can replace my laptop. I'm typing this on my laptop, so...
I use this. My only gripe is that I need to unlock each day for the browser integration to work, and I need to open the app to (not have a service in the background).
I'm a happy Enpass user too. The best thing I like about Enpass is it's built on Open Standard, you can decrypt the database file easily if Enpass dies
They use SQLCipher which is OSS. I understand they don't release the UI code as it is what they use to make money. If you are afraid that they secretly copy your passwords you can easily check this. As you keep the file on your device or place it at a third party service it is more secure than a service like LastPass. Also don't use browser plugins but copy and paste the password