Passwords are one of the most annoying things to deal with in online life. These days you need them for almost every site, and they can become quite a hassle to memorize and manage — because if you're not using different passwords everywhere you're just opening yourself up to a world of hurt. That's why I rely on a password manager; you create one ridiculous password to store them all.
Which password manager is the best? Like operating systems, the answer is usually what you first used and are most familiar with versus what may be better for you. When you're like me and have over 400 passwords (some likely not in use) switching to a new manager seems like a hassle.
I recently switched to Enpass, and I think you should consider it too. Here's why.
Enpass loves Windows 10
The first thing that got me to consider using Enpass is their support for Windows 10. To wit, they have a really well done UWP app available for Windows 10 Mobile and PC. Sure, LastPass has timeworn, and kind of lazy, Windows 8.1 apps on the Store, but I have said it over and over again: given the choice between UWP and a Windows 8.1 app, I will always choose UWP for design, performance, and features.
I also like to support companies that are embracing UWP right now. Granted, if LastPass comes out with a shiny UWP app – and they may – I'll give them reconsideration, but for now I go where the future of app development is for Windows.
In comparing the Enpass Windows 10 app to iOS and Android as far as I can tell there is full feature parity. There are no second class citizens here.
The Windows 10 app has the standard features in a password manager you would expect, including a password generator, timed and minimized auto-locking, managed wiping, and cloud sync, as well as a few others you wouldn't expect, like a secure built-in browser. There's even Light or Dark theme for those who have a preference and yes, a translucent Tile for your Windows 10 Mobile Start screen. Enpass also has a well done Win32 desktop application for those who prefer a more traditional manager.
Enpass loves Windows Hello
I have a Surface Pro 4, Surface Book, a Lumia 950, a Lumia 950 XL, Intel RealSense camera, and a few laptops/tablets that have built-in fingerprint readers. I'm not bragging. I'm just saying I'm all in with Windows Hello, the biometric authentication system for Windows 10.
Once you start using your face, iris, or fingerprint to log into Window 10 you want that feature in apps too; Windows Hello allows developers to do exactly that. We've seen it with 8zip and Fenice for Twitter, but where I want to see it is banking and security apps like LastPass.
Well, Enpass has had Windows Hello support for a while now and last night it was updated so that you can use it as the primary login method on Mobile (On the desktop, you still need your master password for initial login, but when minimized you can use Hello).
My master password is around 20 digits long and typing it in each time is a challenge unto itself. But now I can use my face, iris or fingerprint? Yes, please.
Extension support for Edge is almost here
LastPass did make some waves recently by releasing an extension for Microsoft Edge (coming for the Anniversary Update this summer). Many users are rightly quite excited about that addition as it bodes well for more users adopting Edge for everyday use.
I'm excited to reveal that Enpass also has an Edge extension coming in the next few weeks. I'm using it now and while it certainly as buggy as LastPass's offering, it at least completes the password manager experience. After all, password managers are only as good as the browser extensions that are offered. And if you don't like or prefer Edge, you can use Enpass in Chrome, Opera, and Firefox.
Importing from LastPass was easy
Putting aside Enpass support for Windows 10, UWP, and Windows Hello the real big test was going to be whether I could actually switch from LastPass without retyping some 400 entries? Because even if Enpass is the better app, if I can't easily make the switch, then the switch isn't going to happen.
Enpass here gets flying colors. I was able to use the LastPass Export feature (see their instructions (opens in new tab) and then with a few clicks import all the data into Enpass. The only thing that I had to recreate were my credit card entries, which by comparison to all the sites logins I had was quite trivial.
For myself, this was the biggest hurdle in changing to alternative password managers. I was actually surprised that this was that easy to do as I have had difficulties with 1Password in the past.
*Remember, when you are exporting and importing your data is not encrypted on your PC. That file is open, so please take the necessary precautions to delete (and preferably wipe) that master file after you have imported the information!
Enpass is local
For some users, the big worry over having a master vault with all of your passwords is where that information is stored. Everyone encrypts it for you, but LastPass hosts your file on their servers while Enpass does not.
Enpass, instead, lets you keep the file locally, or you can store it encrypted on your own cloud. Options include Dropbox, OneDrive, Google Drive, Box, or WebDAV/ownCloud. Everyone is satisfied. The file automatically syncs whenever you make changes, and when you set up the app for the first time on a new computer and it grabs the file you'll have to use the master password to decrypt it. While I was concerned that installing Enpass on multiple devices would require jumping through hoops, the experience was fluid, precise, and — most importantly — easy.
I won't preach to you about which system is more secure (they all use 256-bit AES Encryption, at least; LastPass uses a Password-Based Key Derivation Function (PBKDF2)), but I think for some users that ability to store the file yourself is important. LastPass was "breached" back in 2015 and "hashed user passwords, cryptographic salts, password reminders, and e-mail addresses" were stolen. No open passwords were compromised, but it does give you pause.
As a side note, LastPass was also recently acquired by LogMeIn. I have no strong opinions on the matter, but many users have a strong dislike for LogMein due to their bad reputation on customer service and frequent price hikes. Once again, I'll leave that to you to investigate, but it was not a reason for me to switch — the quality of the product is what concerns me.
Enpass is everywhere
Another consideration for people thinking about switching is where Enpass is supported. While I may live (almost) exclusively in a Windows 10 world, many people mix and match operating systems. Luckily, you can find Enpass support for all major platforms, including:
- iOS (iPhone, iPad)
- Windows PC and Windows 10 UWP
- Linux (yes, even Linux)
They also support Safari, Chrome, Opera (my preference), Firefox and soon Microsoft Edge with browser extensions.
Enpass is free (mostly)
LastPass costs $12 a year for their premium service, which frankly never bothered me. Enpass as a service is free to use, which is obviously preferable. 1Password is a one-time purchase of $64.99 or $5 a month for families.
That said, Enpass is not completely free — they are charging $9.99 for their Windows 10 app. That pricing matches their Android and iOS apps — a reasonable fee for the app and the service is free, so it's a small overall price to pay. There are no signups, you don't even have to give Enpass your email, and the service is free, so I'll pay the $10 for the convenience.
(Keep in mind, that is $9.99 per platform. You'll need to buy it twice, for example, if you use an Android phone and a Windows 10 PC, though that should be expected.)
Of course, there is a free trial, so the risk is low if you just want to try it all out.
So far, Enpass is what I have wanted in a password manager. Strong support for Windows 10? Check. Windows Hello-enabled? Done. However, one thing I did prefer with LastPass was the two-factor-authentication for the master account.
Right now, if you tried to log into my LastPass account with a password, you would then be asked to insert a YubiKey (opens in new tab) to generate a special one-time use password. A YubiKey is a physical USB-enabled key that is linked to my LastPass account and without it you cannot do anything with my LastPass account. That level of security, while a pain when you travel, is something I prefer to have for my password manager.
I use such a feature when logging onto a new computer with LastPass for the first time. I verify the login using the YubiKey after my master password. Afterward, I have it optionally marked for 30 days without requesting the key again. I happened to like that method and would love to see Enpass (and others) adopt a similar strategy.
I should point out that Enpass does support Time-based One-time Password (TOTP) authentication for sites that support that standard, such as Evernote. TOTP is available in all Enpass apps including the Windows 10 UWP apps as well as desktop. That's an impressive feature and nice to see.
Overall, however, I am very pleased with Enpass. Switching was easy, the price was right, and as a Windows 10 and Windows 10 Mobile user, I am getting the best app experience while utilizing the best Microsoft technology with Windows Hello.
Download Enpass for Windows 10 and Mobile (opens in new tab)
Having said that, I'm just a regular user like you and not a security expert. Let me know in comments why you like (or dislike) Enpass and what they could do better, as I'm genuinely curious. Also, shout out if you think I missed anything in this review — there's a lot to process here!
Daniel Rubino is the Executive Editor of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft here since 2007, back when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, Microsoft Surface, laptops, next-gen computing, and arguing with people on the internet.
I can better help you answer this question if you use words. LastPass is $12/year, 1Password is $65. Enpass mobile apps are a one-time $9.99 but the service is free. What's the problem?
My sign of shock didn't require words.
It would best be served you made an actual argument, however. By comparison to other major password manager apps and services, Enpass is cheap making your "shock" seemed uninformed.
Have you had a chance to comprehensively compare it to OneLocker? IIRC it's not as multi-platform as Enpass, but it seems very solid in Windows.
I have not, but will check it out. I'm assuming most Windows 10 users are not Windows 10 Mobile users as well, hence why I started with the widest support. Also, this gives people who are thinking of switching to iOS/Android something to consider as it works there exactly the same.
I wasn't interested in trying it until I got to the bit where you mentioned the storage options. I use an open source application for this very reason but it's traditional Desktop software and I've been wanting something more modern for a long time now. Never had time to write my own but now I don't have to, this looks really good
Wow man, thank you so much for your support, I'm happy to know you like the app! :)
Sorry. Wasn't arguing. I honestly was just a little taken back by the price. Thanks for the explanation.
Please, argue. For my benefit.
Paying 10 bucks just once for a lifetime of use on your phone, desktop(s), laptop(s), tablet(s), etc. (assuming they're all running Windows... not to mention likely xbox and HoloLens support will come soon, since it's UWP) for what this offers is honestly incredibly cheap. Sure, if you have a device in another ecosystem (e.g., iOS) then that'll cost you again... but there too, that'd be a single one-time purchase to cover that whole ecosystem...
As a developer myself it's tough when people want everything for free. I think this is a fairly priced app that the developer has put a lot of effort and time into. I'm not saying its just you specifically but since the rise of app stores everybody wants something for nothing :-(
You can't afford $10 to pay the Devs that made this? What WinPhone you using? Lumia 510?
I can afford $10. Doesn't mean I'd buy one French fry for $10. Has absolutely nothing to do with it.
Why do people think that software on a phone has to be free or at most 99 cents? On my computer, I pay hundreds of dollars for photo and editing software. We pay 10 times this amount for Office on subscription.
@dailydose I think it's because software is something abstract which makes it difficult for most people to grasp what its value is. For these people the value of software is based on nothing other than their comparison to other software in the store, most of which are either a) built by hobbyists who don't need/want money b) monetized in other ways than direct paymets c) games with mass market appeal that sell millions of units (which is what makes it possible to sell something that requires a LOT of time to create for $1.99). Something like a password manager, specifically if it's for Windows Mobile, doesn't fit into any of those categories, but few are aware of that, or even think about it.
And a french frie is comparable to a piece of software that a team of developers invested multiple years to build and bring to so many platforms?
Hi Daniel, thank you it was very interesting read, one question... Do you know how EndPass will maintain the secure and reliable service with such little income compared to others? it always concerns me when something which requires ongoing maintenance and upgrades is too cheap from experience.
The only thing they really pay for to maintain is the mobile app development, which they charge $9.99 for on all platforms. Since they don't actually host anything and there are no accounts with them, their overhead is comparatively low I imagine. LastPass costs $12 a year because you're paying for all mobile apps plus their servers/backend hashing, encryption, and hosting. Just a different model.
Thank you, just read the part about them giving option to users to use OneDrive and etc... which is actually a great idea. Personally don't mind paying for a good service however rather invest in a service/app that is contributing towards Windows platform/ecosystem as much as they do with other main platforms which EndPass seems to do based on your report therefore will test it out. There is always the conspiracy theory that maybe they get your passwords and access to your OneDrive data ;-) (Smileys in comments didnt work! please consider using Disqus)
There is always the conspiracy theory that maybe they get your passwords and access to your OneDrive dataYup, but it is encrypted there with 256-bit, so some protection still.
@nitsuk In this case they can't access your passwords, much less access OneDrive. The master password isn't stored anywhere but in your head. Everything that is written to the disk is encrypted. It will be quite some time before a computer is built that can brute force break the encryption in a reasonable amount of time (i.e. in the time span of a human life). It's secure enough that you could publicly share your password file on OneDrive and be fully confident that no one will decrypt its contents. On the other hand, if you forget your master password, there is no way to recover either it or your password file. Nobody has the master password except you, so if you forget that all your passwords are gone. IMHO that's a good tradeoff though, as only by not having your master password can Enpass swear that nothing they do will endanger the confidentiality of your passwords. The only way the developer could start messing with you is by sending your passwords back to their headquarters while you're working with the program, and that's far to easy for IT people to notice and report. Most of the safety of this app is built in, simply by the concepts it uses, which takes everyone but you completely out of the picure.
Got the app and so far so good, the fact that it uses iris scanner on Lumia 950 and 950 XL is great bonus and once I have my hands on the HP Elite x3 Fingerprint even faster access, thank you for the tip.
When you say " they charge $9.99 for on all platforms" is there a separate charge for WIndows 10 Mobile (phone) AND Windows 10 Desktop? Or does the $9.99 cover both?
It appears to be UWP therefore only one charge, tested and is great however I'm still concerned as is free on all other platforms, there is no ongoing charge which raises questions on how they will maintain the app going forward. Would like to see a security company checking this in detail before I can commit to it.
I don't think math is his strong suit...
So did I understand you correct, can I use enpass with only windows hello or do I need to have that password generator on my usb dongle?
LastPass - 12$/y for Premium other wise is FREE, no such fees. On the way how the article is writen I can tell that is SPONSORED one.
The first thing LastPass Premium gets you is sync across more than one device, not ecosystem, device. So, if you you only have one device, have fun with the free LastPass.
Great article!! When you say 9.99 "per platform" does that mean paying 9.99 for the windows app that I can install it on any windows PC where I'm signed into the purchasing Microsoft account? Same question for Android as well.
Don't be cheap
Most people who are serious about security use a password manager and so have been paying for years, therefore 9.99 is a bargain.
I would rather it be say $4.99/year or even $9.99/year. As a developer I know that creating a revenue stream makes for the best long term experience. While a one off app purchase feels great for a user, for a security product especially, knowing that there is a continuous development cycle bringing the latest fixes etc. is important.
I agree completely. I would much prefer to pay a yearly fee in order to see active development. Too many devs do a one-time charge in hopes of making some quick money, but then the next year rolls around and they lose interest in their app since there's no more revenue.
Three things.... 1.You didn't mention form filling which is the most important feature for me. 2. I prefer a US based company.
3. 1password recently came out of beta on WP and works good. They also have desktop app and uwp.
Regarding #2 not sure what that means here since they are not a service? They don't host or manage your files. Regarding #3 check again. I'm pretty sure they gave up on UWP and are only doing Win32 due to legacy users. Also, I won't use 1Password simply because there is no easy way to import my LastPass data. I have to start from scratch. That's not happening.
I've often wondered, with these password programs, is there anything preventing a dishonest developer from sending the password info to his server? Is there more protecting us than just trusting the developer? I know the file is encrypted but when its displayed on the screen could he send it?
Nothing prevents that. Supposedly the Windows Store approval process should weed out malicious apps, but i