Hacker News new | ask | show | jobs
by lake_vincent 1382 days ago
Wow, okay, yeah, I'm actually sold. There's a CLI for desktop, and it's on both ios and android. Damn. Will gleefully fork over $80 for a lifetime license if it's as good as it seems.

Why have I never heard of Enpass before? Anyone have any reason to not switch from Bitwarden to Enpass right now?
2 comments
Macha 1382 days ago
It depends if you feel happy entrusting your passwords to what is ultimately a closed source client.

I do not.

Moving to self hosted vaultwarden from keepassxc-in-syncthing was a big leap. A closed source client is a leap too far.

link
torstenvl 1382 days ago
It's a closed-source UI on top of sqlite/SQLCipher. You'll be fine.
link
CameronNemo 1381 days ago
I mean sure... But why go out of my way to use closed source software when the open source options are right there?
link
lake_vincent 1381 days ago
For me it's the features I mentioned above - having a CLI on desktop, and both ios and android apps is so huge because I have devices in all three ecosystems! One password manager that works seamlessly across devices is very appealing to me. The Bitwarden mobile experience needs a lot of polish, if Enpass is better I would switch.
link
Macha 1381 days ago
Bitwarden has a CLI also, both the official bw-cli and the nicer rbw. Can't speak for iOS but on Android bitwarden plugs into the OS password manager autofill API, same as everyone else, don't see why enpass would have a different experience.
link
lake_vincent 1381 days ago
Well, that's what I want to find out! Very rarely does autofill work for me on Bitwarden mobile - 80% of the time I have to open the app, copy, and paste my info. Not good password field recognition, and it's a regular friction point for me.
link
cycomanic 1381 days ago
But keepass has the same thing and it is open source. That's why the OP was asking.
link
derilok 1382 days ago
It is closed sourced and I am not sure that the code base was audited.
link
lake_vincent 1382 days ago
Closed source I can deal with, as long as a strong audit has been performed.

Found this: https://www.enpass.io/security-audit-report/

I'm not a security expert, so not sure if those audits are trustworthy.

link
jimmygrapes 1382 days ago
That's the problem though isn't it? Unless you're an absolute expert in every aspect of a thing, you gotta trust someone who claims to be the expert, eventually. Or never trust it.

When it comes to security audits of software I often prefer to see that software failed at this or that, and was corrected, with a reasonable explanation of both the problem and the applied solution. To me, this shows that 1) the audit was actually performed and not just bought/pencil-whipped; and, 2) the developers acknowledge their [inevitable] mistakes and correct them. It also teaches me what to be aware of for other, similar software.

In other words, I would rather see a pimple once in awhile than be convinced by makeup that everything is perfect.

link
replwoacause 1382 days ago
Well said, this is a reasonable way of looking at the situation.
link
lake_vincent 1382 days ago
I appreciate this perspective.
link