Why I dropped LastPass for Enpass on Windows 10 — and why you should too
I've recently switched to using Enpass for Windows 10, and I'm not going back to anything else. Here's why.
Passwords are one of the most annoying things to deal with in online life. These days you need them for almost every site, and they can become quite a hassle to memorize and manage — because if you're not using different passwords everywhere you're just opening yourself up to a world of hurt. That's why I rely on a password manager; you create one ridiculous password to store them all.
Which password manager is the best? Like operating systems, the answer is usually what you first used and are most familiar with versus what may be better for you. When you're like me and have over 400 passwords (some likely not in use) switching to a new manager seems like a hassle.
I recently switched to Enpass, and I think you should consider it too. Here's why.
Enpass loves Windows 10
The first thing that got me to consider using Enpass is their support for Windows 10. To wit, they have a really well done UWP app available for Windows 10 Mobile and PC. Sure, LastPass has timeworn, and kind of lazy, Windows 8.1 apps on the Store, but I have said it over and over again: given the choice between UWP and a Windows 8.1 app, I will always choose UWP for design, performance, and features.
I also like to support companies that are embracing UWP right now. Granted, if LastPass comes out with a shiny UWP app – and they may – I'll give them reconsideration, but for now I go where the future of app development is for Windows.
In comparing the Enpass Windows 10 app to iOS and Android as far as I can tell there is full feature parity. There are no second class citizens here.
The Windows 10 app has the standard features in a password manager you would expect, including a password generator, timed and minimized auto-locking, managed wiping, and cloud sync, as well as a few others you wouldn't expect, like a secure built-in browser. There's even Light or Dark theme for those who have a preference and yes, a translucent Tile for your Windows 10 Mobile Start screen. Enpass also has a well done Win32 desktop application for those who prefer a more traditional manager.
Enpass loves Windows Hello
I have a Surface Pro 4, Surface Book, a Lumia 950, a Lumia 950 XL, Intel RealSense camera, and a few laptops/tablets that have built-in fingerprint readers. I'm not bragging. I'm just saying I'm all in with Windows Hello, the biometric authentication system for Windows 10.
Once you start using your face, iris, or fingerprint to log into Window 10 you want that feature in apps too; Windows Hello allows developers to do exactly that. We've seen it with 8zip and Fenice for Twitter, but where I want to see it is banking and security apps like LastPass.
Well, Enpass has had Windows Hello support for a while now and last night it was updated so that you can use it as the primary login method on Mobile (On the desktop, you still need your master password for initial login, but when minimized you can use Hello).
My master password is around 20 digits long and typing it in each time is a challenge unto itself. But now I can use my face, iris or fingerprint? Yes, please.
Extension support for Edge is almost here
LastPass did make some waves recently by releasing an extension for Microsoft Edge (coming for the Anniversary Update this summer). Many users are rightly quite excited about that addition as it bodes well for more users adopting Edge for everyday use.
I'm excited to reveal that Enpass also has an Edge extension coming in the next few weeks. I'm using it now and while it certainly as buggy as LastPass's offering, it at least completes the password manager experience. After all, password managers are only as good as the browser extensions that are offered. And if you don't like or prefer Edge, you can use Enpass in Chrome, Opera, and Firefox.
Importing from LastPass was easy
Putting aside Enpass support for Windows 10, UWP, and Windows Hello the real big test was going to be whether I could actually switch from LastPass without retyping some 400 entries? Because even if Enpass is the better app, if I can't easily make the switch, then the switch isn't going to happen.
Enpass here gets flying colors. I was able to use the LastPass Export feature (see their instructions and then with a few clicks import all the data into Enpass. The only thing that I had to recreate were my credit card entries, which by comparison to all the sites logins I had was quite trivial.
For myself, this was the biggest hurdle in changing to alternative password managers. I was actually surprised that this was that easy to do as I have had difficulties with 1Password in the past.
*Remember, when you are exporting and importing your data is not encrypted on your PC. That file is open, so please take the necessary precautions to delete (and preferably wipe) that master file after you have imported the information!
Enpass is local
For some users, the big worry over having a master vault with all of your passwords is where that information is stored. Everyone encrypts it for you, but LastPass hosts your file on their servers while Enpass does not.
Enpass, instead, lets you keep the file locally, or you can store it encrypted on your own cloud. Options include Dropbox, OneDrive, Google Drive, Box, or WebDAV/ownCloud. Everyone is satisfied. The file automatically syncs whenever you make changes, and when you set up the app for the first time on a new computer and it grabs the file you'll have to use the master password to decrypt it. While I was concerned that installing Enpass on multiple devices would require jumping through hoops, the experience was fluid, precise, and — most importantly — easy.
I won't preach to you about which system is more secure (they all use 256-bit AES Encryption, at least; LastPass uses a Password-Based Key Derivation Function (PBKDF2)), but I think for some users that ability to store the file yourself is important. LastPass was "breached" back in 2015 and "hashed user passwords, cryptographic salts, password reminders, and e-mail addresses" were stolen. No open passwords were compromised, but it does give you pause.
As a side note, LastPass was also recently acquired by LogMeIn. I have no strong opinions on the matter, but many users have a strong dislike for LogMein due to their bad reputation on customer service and frequent price hikes. Once again, I'll leave that to you to investigate, but it was not a reason for me to switch — the quality of the product is what concerns me.
Enpass is everywhere
Another consideration for people thinking about switching is where Enpass is supported. While I may live (almost) exclusively in a Windows 10 world, many people mix and match operating systems. Luckily, you can find Enpass support for all major platforms, including:
- iOS (iPhone, iPad)
- Windows PC and Windows 10 UWP
- Linux (yes, even Linux)
They also support Safari, Chrome, Opera (my preference), Firefox and soon Microsoft Edge with browser extensions.
Enpass is free (mostly)
LastPass costs $12 a year for their premium service, which frankly never bothered me. Enpass as a service is free to use, which is obviously preferable. 1Password is a one-time purchase of $64.99 or $5 a month for families.
That said, Enpass is not completely free — they are charging $9.99 for their Windows 10 app. That pricing matches their Android and iOS apps — a reasonable fee for the app and the service is free, so it's a small overall price to pay. There are no signups, you don't even have to give Enpass your email, and the service is free, so I'll pay the $10 for the convenience.
(Keep in mind, that is $9.99 per platform. You'll need to buy it twice, for example, if you use an Android phone and a Windows 10 PC, though that should be expected.)
Of course, there is a free trial, so the risk is low if you just want to try it all out.
So far, Enpass is what I have wanted in a password manager. Strong support for Windows 10? Check. Windows Hello-enabled? Done. However, one thing I did prefer with LastPass was the two-factor-authentication for the master account.
Right now, if you tried to log into my LastPass account with a password, you would then be asked to insert a YubiKey to generate a special one-time use password. A YubiKey is a physical USB-enabled key that is linked to my LastPass account and without it you cannot do anything with my LastPass account. That level of security, while a pain when you travel, is something I prefer to have for my password manager.
I use such a feature when logging onto a new computer with LastPass for the first time. I verify the login using the YubiKey after my master password. Afterward, I have it optionally marked for 30 days without requesting the key again. I happened to like that method and would love to see Enpass (and others) adopt a similar strategy.
I should point out that Enpass does support Time-based One-time Password (TOTP) authentication for sites that support that standard, such as Evernote. TOTP is available in all Enpass apps including the Windows 10 UWP apps as well as desktop. That's an impressive feature and nice to see.
Overall, however, I am very pleased with Enpass. Switching was easy, the price was right, and as a Windows 10 and Windows 10 Mobile user, I am getting the best app experience while utilizing the best Microsoft technology with Windows Hello.
Download Enpass for Windows 10 and Mobile
Having said that, I'm just a regular user like you and not a security expert. Let me know in comments why you like (or dislike) Enpass and what they could do better, as I'm genuinely curious. Also, shout out if you think I missed anything in this review — there's a lot to process here!
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.