Hacker News new | ask | show | jobs
by Nadya 2689 days ago
I wasn't happy with how shady they were around their security audit or the fact they redesigned their entire program that made it super clunky and broke my workflow. I had been using Enpass since 2014 maybe 2013. I had even purchased a lifetime license. I didn't like the idea of a closed source password manager but never found anything better than Enpass. I wouldn't personally recommend it to anyone, even when I was using it, because of it being closed-source.

I've since moved to a self-hosted Bitwarden [0]. Open source and free and weren't shady with their security audit.

[0] https://bitwarden.com/

[1] https://blog.bitwarden.com/bitwarden-completes-third-party-s...
1 comments
rmurri 2689 days ago
What exactly is shady about the security audit? Are you referring to the audit linked below?

https://dl.enpass.io/docs/EnpassSecurityAssessmentReport.pdf

link
Nadya 2689 days ago
It was everything leading up to the audit really and some issues with the audit itself as pointed out by a user in a long-running forum thread about the need for an audit [0]. I share most of the concerns in the 3rd paragraph in regards to the audit - it seemed focused on restoring or capturing the master password and made no mention of countless other attack vectors that may or may not be problems.

Compare their security audit with the one provided for Bitwarden [1].

[0] https://discussion.enpass.io/index.php?/topic/404-security-a...

[1] https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assess...

link