Skip to main content

Why I dropped LastPass for Enpass on Windows 10 — and why you should too

Passwords are one of the most annoying things to deal with in online life. These days you need them for almost every site, and they can become quite a hassle to memorize and manage — because if you're not using different passwords everywhere you're just opening yourself up to a world of hurt. That's why I rely on a password manager; you create one ridiculous password to store them all.

Which password manager is the best? Like operating systems, the answer is usually what you first used and are most familiar with versus what may be better for you. When you're like me and have over 400 passwords (some likely not in use) switching to a new manager seems like a hassle.

I recently switched to Enpass, and I think you should consider it too. Here's why.

Enpass loves Windows 10

The first thing that got me to consider using Enpass is their support for Windows 10. To wit, they have a really well done UWP app available for Windows 10 Mobile and PC. Sure, LastPass has timeworn, and kind of lazy, Windows 8.1 apps on the Store, but I have said it over and over again: given the choice between UWP and a Windows 8.1 app, I will always choose UWP for design, performance, and features.

Enpass

Enpass

I also like to support companies that are embracing UWP right now. Granted, if LastPass comes out with a shiny UWP app – and they may – I'll give them reconsideration, but for now I go where the future of app development is for Windows.

In comparing the Enpass Windows 10 app to iOS and Android as far as I can tell there is full feature parity. There are no second class citizens here.

The Windows 10 app has the standard features in a password manager you would expect, including a password generator, timed and minimized auto-locking, managed wiping, and cloud sync, as well as a few others you wouldn't expect, like a secure built-in browser. There's even Light or Dark theme for those who have a preference and yes, a translucent Tile for your Windows 10 Mobile Start screen. Enpass also has a well done Win32 desktop application for those who prefer a more traditional manager.

Enpass loves Windows Hello

I have a Surface Pro 4, Surface Book, a Lumia 950, a Lumia 950 XL, Intel RealSense camera, and a few laptops/tablets that have built-in fingerprint readers. I'm not bragging. I'm just saying I'm all in with Windows Hello, the biometric authentication system for Windows 10.

Once you start using your face, iris, or fingerprint to log into Window 10 you want that feature in apps too; Windows Hello allows developers to do exactly that. We've seen it with 8zip and Fenice for Twitter, but where I want to see it is banking and security apps like LastPass.

Well, Enpass has had Windows Hello support for a while now and last night it was updated so that you can use it as the primary login method on Mobile (On the desktop, you still need your master password for initial login, but when minimized you can use Hello).

My master password is around 20 digits long and typing it in each time is a challenge unto itself. But now I can use my face, iris or fingerprint? Yes, please.

Extension support for Edge is almost here

LastPass did make some waves recently by releasing an extension for Microsoft Edge (coming for the Anniversary Update this summer). Many users are rightly quite excited about that addition as it bodes well for more users adopting Edge for everyday use.

I'm excited to reveal that Enpass also has an Edge extension coming in the next few weeks. I'm using it now and while it certainly as buggy as LastPass's offering, it at least completes the password manager experience. After all, password managers are only as good as the browser extensions that are offered. And if you don't like or prefer Edge, you can use Enpass in Chrome, Opera, and Firefox.

Importing from LastPass was easy

Putting aside Enpass support for Windows 10, UWP, and Windows Hello the real big test was going to be whether I could actually switch from LastPass without retyping some 400 entries? Because even if Enpass is the better app, if I can't easily make the switch, then the switch isn't going to happen.

Enpass here gets flying colors. I was able to use the LastPass Export feature (see their instructions and then with a few clicks import all the data into Enpass. The only thing that I had to recreate were my credit card entries, which by comparison to all the sites logins I had was quite trivial.

For myself, this was the biggest hurdle in changing to alternative password managers. I was actually surprised that this was that easy to do as I have had difficulties with 1Password in the past.

*Remember, when you are exporting and importing your data is not encrypted on your PC. That file is open, so please take the necessary precautions to delete (and preferably wipe) that master file after you have imported the information!

Enpass is local

For some users, the big worry over having a master vault with all of your passwords is where that information is stored. Everyone encrypts it for you, but LastPass hosts your file on their servers while Enpass does not.

Enpass, instead, lets you keep the file locally, or you can store it encrypted on your own cloud. Options include Dropbox, OneDrive, Google Drive, Box, or WebDAV/ownCloud. Everyone is satisfied. The file automatically syncs whenever you make changes, and when you set up the app for the first time on a new computer and it grabs the file you'll have to use the master password to decrypt it. While I was concerned that installing Enpass on multiple devices would require jumping through hoops, the experience was fluid, precise, and — most importantly — easy.

I won't preach to you about which system is more secure (they all use 256-bit AES Encryption, at least; LastPass uses a Password-Based Key Derivation Function (PBKDF2)), but I think for some users that ability to store the file yourself is important. LastPass was "breached" back in 2015 and "hashed user passwords, cryptographic salts, password reminders, and e-mail addresses" were stolen. No open passwords were compromised, but it does give you pause.

As a side note, LastPass was also recently acquired by LogMeIn. I have no strong opinions on the matter, but many users have a strong dislike for LogMein due to their bad reputation on customer service and frequent price hikes. Once again, I'll leave that to you to investigate, but it was not a reason for me to switch — the quality of the product is what concerns me.

Enpass is everywhere

Another consideration for people thinking about switching is where Enpass is supported. While I may live (almost) exclusively in a Windows 10 world, many people mix and match operating systems. Luckily, you can find Enpass support for all major platforms, including:

  • iOS (iPhone, iPad)
  • Android
  • Windows PC and Windows 10 UWP
  • BlackBerry
  • MacOS
  • Linux (yes, even Linux)

They also support Safari, Chrome, Opera (my preference), Firefox and soon Microsoft Edge with browser extensions.

Enpass is free (mostly)

LastPass costs $12 a year for their premium service, which frankly never bothered me. Enpass as a service is free to use, which is obviously preferable. 1Password is a one-time purchase of $64.99 or $5 a month for families.

That said, Enpass is not completely free — they are charging $9.99 for their Windows 10 app. That pricing matches their Android and iOS apps — a reasonable fee for the app and the service is free, so it's a small overall price to pay. There are no signups, you don't even have to give Enpass your email, and the service is free, so I'll pay the $10 for the convenience.

(Keep in mind, that is $9.99 per platform. You'll need to buy it twice, for example, if you use an Android phone and a Windows 10 PC, though that should be expected.)

Of course, there is a free trial, so the risk is low if you just want to try it all out.

Anything missing?

So far, Enpass is what I have wanted in a password manager. Strong support for Windows 10? Check. Windows Hello-enabled? Done. However, one thing I did prefer with LastPass was the two-factor-authentication for the master account.

Right now, if you tried to log into my LastPass account with a password, you would then be asked to insert a YubiKey to generate a special one-time use password. A YubiKey is a physical USB-enabled key that is linked to my LastPass account and without it you cannot do anything with my LastPass account. That level of security, while a pain when you travel, is something I prefer to have for my password manager.

I use such a feature when logging onto a new computer with LastPass for the first time. I verify the login using the YubiKey after my master password. Afterward, I have it optionally marked for 30 days without requesting the key again. I happened to like that method and would love to see Enpass (and others) adopt a similar strategy.

I should point out that Enpass does support Time-based One-time Password (TOTP) authentication for sites that support that standard, such as Evernote. TOTP is available in all Enpass apps including the Windows 10 UWP apps as well as desktop. That's an impressive feature and nice to see.

Overall, however, I am very pleased with Enpass. Switching was easy, the price was right, and as a Windows 10 and Windows 10 Mobile user, I am getting the best app experience while utilizing the best Microsoft technology with Windows Hello.

Download Enpass for Windows 10 and Mobile

Having said that, I'm just a regular user like you and not a security expert. Let me know in comments why you like (or dislike) Enpass and what they could do better, as I'm genuinely curious. Also, shout out if you think I missed anything in this review — there's a lot to process here!

QR: enpass

Daniel Rubino is the Executive Editor of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft here since 2007, back when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, Microsoft Surface, laptops, next-gen computing, and arguing with people on the internet.

300 Comments
  • $9.99 ?????
  • I can better help you answer this question if you use words. LastPass is $12/year, 1Password is $65. Enpass mobile apps are a one-time $9.99 but the service is free. What's the problem?
  • My sign of shock didn't require words.
  • It would best be served you made an actual argument, however. By comparison to other major password manager apps and services, Enpass is cheap making your "shock" seemed uninformed.
  • Have you had a chance to comprehensively compare it to OneLocker? IIRC it's not as multi-platform as Enpass, but it seems very solid in Windows.
  • I have not, but will check it out. I'm assuming most Windows 10 users are not Windows 10 Mobile users as well, hence why I started with the widest support. Also, this gives people who are thinking of switching to iOS/Android something to consider as it works there exactly the same.
  • I wasn't interested in trying it until I got to the bit where you mentioned the storage options. I use an open source application for this very reason but it's traditional Desktop software and I've been wanting something more modern for a long time now. Never had time to write my own but now I don't have to, this looks really good
  • Wow man, thank you so much for your support, I'm happy to know you like the app! :)
  • Sorry. Wasn't arguing. I honestly was just a little taken back by the price. Thanks for the explanation.
  • Please, argue. For my benefit.
  • _..|..
  • Paying 10 bucks just once for a lifetime of use on your phone, desktop(s), laptop(s), tablet(s), etc. (assuming they're all running Windows... not to mention likely xbox and HoloLens support will come soon, since it's UWP) for what this offers is honestly incredibly cheap. Sure, if you have a device in another ecosystem (e.g., iOS) then that'll cost you again... but there too, that'd be a single one-time purchase to cover that whole ecosystem...
  • As a developer myself it's tough when people want everything for free. I think this is a fairly priced app that the developer has put a lot of effort and time into. I'm not saying its just you specifically but since the rise of app stores everybody wants something for nothing :-(
  • You can't afford $10 to pay the Devs that made this? What WinPhone you using? Lumia 510?
  • I can afford $10. Doesn't mean I'd buy one French fry for $10. Has absolutely nothing to do with it.
  • Why do people think that software on a phone has to be free or at most 99 cents?  On my computer, I pay hundreds of dollars for photo and editing software. We pay 10 times this amount for Office on subscription.
     
  • @dailydose I think it's because software is something abstract which makes it difficult for most people to grasp what its value is. For these people the value of software is based on nothing other than their comparison to other software in the store, most of which are either a) built by hobbyists who don't need/want money b) monetized in other ways than direct paymets c) games with mass market appeal that sell millions of units (which is what makes it possible to sell something that requires a LOT of time to create for $1.99). Something like a password manager, specifically if it's for Windows Mobile, doesn't fit into any of those categories, but few are aware of that, or even think about it.
  • And a french frie is comparable to a piece of software that a team of developers invested multiple years to build and bring to so many platforms?  
  • Hi Daniel, thank you it was very interesting read, one question... Do you know how EndPass will maintain the secure and reliable service with such little income compared to others? it always concerns me when something which requires ongoing maintenance and upgrades is too cheap from experience.
  • The only thing they really pay for to maintain is the mobile app development, which they charge $9.99 for on all platforms. Since they don't actually host anything and there are no accounts with them, their overhead is comparatively low I imagine. LastPass costs $12 a year because you're paying for all mobile apps plus their servers/backend hashing, encryption, and hosting. Just a different model.
  • Thank you, just read the part about them giving option to users to use OneDrive and etc... which is actually a great idea. Personally don't mind paying for a good service however rather invest in a service/app that is contributing towards Windows platform/ecosystem as much as they do with other main platforms which EndPass seems to do based on your report therefore will test it out. There is always the conspiracy theory that maybe they get your passwords and access to your OneDrive data ;-) (Smileys in comments didnt work! please consider using Disqus)
  • There is always the conspiracy theory that maybe they get your passwords and access to your OneDrive data
    Yup, but it is encrypted there with 256-bit, so some protection still.
  • @nitsuk In this case they can't access your passwords, much less access OneDrive. The master password isn't stored anywhere but in your head. Everything that is written to the disk is encrypted. It will be quite some time before a computer is built that can brute force break the encryption in a reasonable amount of time (i.e. in the time span of a human life). It's secure enough that you could publicly share your password file on OneDrive and be fully confident that no one will decrypt its contents. On the other hand, if you forget your master password, there is no way to recover either it or your password file. Nobody has the master password except you, so if you forget that all your passwords are gone. IMHO that's a good tradeoff though, as only by not having your master password can Enpass swear that nothing they do will endanger the confidentiality of your passwords. The only way the developer could start messing with you is by sending your passwords back to their headquarters while you're working with the program, and that's far to easy for IT people to notice and report. Most of the safety of this app is built in, simply by the concepts it uses, which takes everyone but you completely out of the picure.
  • Got the app and so far so good, the fact that it uses iris scanner on Lumia 950 and 950 XL is great bonus and once I have my hands on the HP Elite x3 Fingerprint even faster access, thank you for the tip.
  • When you say " they charge $9.99 for on all platforms" is there a separate charge for WIndows 10 Mobile (phone) AND Windows 10 Desktop?  Or does the $9.99 cover both?
  • It appears to be UWP therefore only one charge, tested and is great however I'm still concerned as is free on all other platforms, there is no ongoing charge which raises questions on how they will maintain the app going forward. Would like to see a security company checking this in detail before I can commit to it.
  • I don't think math is his strong suit...
  • So did I understand you correct, can I use enpass with only windows hello or do I need to have that password generator on my usb dongle?
  • LastPass - 12$/y for Premium other wise is FREE, no such fees. On the way how the article is writen I can tell that is SPONSORED one.
  • The first thing LastPass Premium gets you is sync across more than one device, not ecosystem, device. So, if you you only have one device, have fun with the free LastPass.
  • Great article!!  When you say 9.99 "per platform" does that mean paying 9.99 for the windows app that I can install it on any windows PC where I'm signed into the purchasing Microsoft account?  Same question for Android as well. 
  • Don't be cheap
  • Most people who are serious about security use a password manager and so have been paying for years, therefore 9.99 is a bargain.
  • I would rather it be say $4.99/year or even $9.99/year.  As a developer I know that creating a revenue stream makes for the best long term experience.  While a one off app purchase feels great for a user, for a security product especially, knowing that there is a continuous development cycle bringing the latest fixes etc. is important.
  • I agree completely. I would much prefer to pay a yearly fee in order to see active development. Too many devs do a one-time charge in hopes of making some quick money, but then the next year rolls around and they lose interest in their app since there's no more revenue. 
  • Three things.... 1.You didn't mention form filling which is the most important feature for me. 2. I prefer a US based company.
    3. 1password recently came out of beta on WP and works good. They also have desktop app and uwp.
  • Regarding #2 not sure what that means here since they are not a service? They don't host or manage your files. Regarding #3 check again. I'm pretty sure they gave up on UWP and are only doing Win32 due to legacy users. Also, I won't use 1Password simply because there is no easy way to import my LastPass data. I have to start from scratch. That's not happening.
  • I've often wondered, with these password programs, is there anything preventing a dishonest developer from sending the password info to his server? Is there more protecting us than just trusting the developer? I know the file is encrypted but when its displayed on the screen could he send it?
  • Nothing prevents that. Supposedly the Windows Store approval process should weed out malicious apps, but it is largely automated so I'm not sure if it could catch a few lines of code that transmit the password file over.
  • #2 There could still be a backdoor, you'd have to check your firewall logs to be sure no data was being sent out.  The security of the app matters as well in case someone were to hack your PC or cloud storage.  I trust 1password the most as I've been using them for a while now.  The release notes they provide with their updates do have the occasional security fix. #3 1password on Windows Mobile just came out of beta and I still see it in the app store on PC.  It has mobile and PC screenshots so it seems like UWP. You should check it out. It sounds like they do have a way to export \ import from lastpass but it might not be as straight forward as you'd like. Also, both 1password and lastpass have business accounts with their own feature sets.
  • Trusting something the most because you're using it for a while?
  • You prefer an US based company for keeping your most critical private data? Hmm... Strange... ;)
  • I've been using keepass for a few years now. Stores my database wherever I want and if I feel my database is compromised, I can delete it.
  • So, there's no advantage then over this app as this can do the same. GTK.
  • I think the advantage would be that KeePass is free (and has free clients for WP) and open source.  I use KeePass at work and it is pretty good, I use LastPass for my personal stuff though.  I tried to switch to Enpass earlier this year but it just wasn't quite polished enough and had some annoying restrictions that ended up with me going back to LastPass (for now).  
  • Interesting. I'll take a look at KeePass, although if it doesn't have Hello support yet that will be something that hinders my adoption.
  • Yeah probably no Hello support.  The disadvantage to KeePass is they aren't in it for the money - so it lacks a lot of features/polish and uses third-party clients.  I don't use it for my personal stuff for the same reason I use Windows over Linux, lack of polish and consistency.  
  • But Keepass Windows mobile app are just horrible and lack many features. It is free. But this is the only thing it has for it.
  • I'm with these guys on Keepass, which I've been using for nearly ten years. I keep the Win32 app in a OneDrive folder and just point to the pw file from other clients. As mentioned by others, KP is open source. It's also solid, proven, and a fairly standardized password manager at this point (dozens of clients across all platforms, including a few good ones on WP). Best of all, it's free. Since KP is an underlying library as well, those clients can do as little or as much as they want. Hello support is definitely cool about Enpass. I don't know if there's a KP app with that yet, but if there isn't, I'm sure one or more of them will implement it soon. KP is too good for me to switch to any of the services, so I'll wait for one of the apps to implement Hello.
  • No Frills, but for KP app CodeSafe Pro on mobile has been working for me for a while with no issues.
  • I'll jump in on the KeePass bandwagon.  I've also been using it for years.  The fact that I can use it on all 13 of my Windows devices, plus the one iPhone and iPad - and all for free is kind of hard to resist.  It works great and I have no problem with WP interface. On the other hand I absolutely want to encourage devs who are putting effort into the WP environment, so I'll give Enpass a look.  The problem isn't so much the $10 - it's the $10 for me, $10 for my wife's account, $10 for my son's account ... you get the idea.
  • "The problem isn't so much the $10 - it's the $10 for me, $10 for my wife's account, $10 for my son's account ... you get the idea." The lack of app sharing between family members like Android and iOS has is probably the biggest issue I have with our Windows Phones.
  • KeePass user here too. No Hello support and no Edge extension means I should take a hard look at enPass. One show-stopper, will it import my KeePass db? No way do I want to rekey it!
  • I believe you mean free keepass clients by third parties? I don't think it's good to trust a third party for your password Db.
  • I've been a keepass user for years. The only feature resisting me to switch to enpass is.... Setting up password expiry. A very basic but extremely useful feature in keepass.
  • Yes, I also use KeePass. Free on desktop. I personally don't care if a password manager is UWP or not because I never feel I need it on my phone.
  • Hey Daniel Rubino, I've been enjoying EnPass for a month now since being discussed in an article a while back. One problem I have is: Windows Hello doesn't work when I open the app requiring me to use Master Password method all the time. (I have a Surface Pro 4)
  • This was covered in the article. Open the app. Enter your master password. Leave the app minimized. Then, when you use it, Windows Hello will be sufficient. I assume now that they have it working properly on the mobile side, that'll benefit desktop soon too. Posted from Windows Central for Windows 10
  • Doesnt work on 950XL here
  • You have to turn on HELLO in the ENPASS settings>security (probably need to turn on HELLO on the 950 XL as well - mine is turned on so I didn't check that). Using HELLO in ENPASS does require you to turn off the PIN in ENPASS, it is one or the other.
  • The Hello Prompt they pop up verify that you are the user of the phone, maybe that PIN that you have to turn off is their own PIN entry page they've built into the app (2 different mechanisms' of logging into the app so can se why they'd force one or the other)
  • I also used keepass and liked the way you can customize the folders and what they are named. I'm slowly switching to enpass for 2 reasons. It's a UWP app and I want to support the platform. Number 2 KeePass doesn't have windows 10 Mobil app.
  • Your last statement isn't true. I've been using KeePass with Windows phones since WP7. There are multiple KeePass clients, some that work on WP8 and later, and others for WM10 only. Each has its pros and cons. Just search the store for KeePass, download a few, and pick the one you like. The few I've used will read your kdb file from OneDrive.
  • Ditto what jcutting said.  I've been using 7Pass on my Windows phones for years.  Love it.
  • You pay per platform, but I'm guessing as it's a UWP you just pay once for phone and PC?
  • That is correct. Still just a UWP 'buy once, run everywhere' situation.
  • Does Enpass support a Family Plan and Sharing across them like LastPass?  
  • No family plan as there is not "account" with Enpass. All local, all in your control, no emails or signups.
  • Ok, thanks!
  • After you guys did an article (or announcement) about LastPass Edge Extension... I checked it out. Prior to this I used eWallet, then morphed into eWallt Go!, then Password Padlock. So after reading about LastPass I decided to go with it, mostly because of the ability to share! The wife and I just went to out of the US for a trip and I wanted her to have access to all my important passwords in case of an emergency. So for that one little advantage, I'm going to stick with LastPass... but if I didn't need to share, Enpass looks good. Thanks for great reviews, articles, and elightenments Daniel!
  • This is becoming more important to me as my kids get older, so same question.
  • To solve this you could make a DB with their passwords and have them simply retrieve it from OneDrive, your HDD, or your personal home cloud solution.
  • I have the same request and I went like Daniel through 1Password and LastPass. Several things :
    - 1/ if you choose OneDrive on a Windows device, you are automatically connected to the OneDrive of your session. So if you want to share the DB with someone else on a Windows device, it is not possible (as you cannot choose which OneDrive account on Windows). Solution is to use another 3rd party cloud (in my case, DropBox).
    - 2/ the 2nd problem is sharing the same Master Password. The solution to do that (I had discussion with the Enpass developer on this) is to install on 2nd device, change the MasterPassword from there (to the one you want to use on this device), then install on the 3rd device and do the same for all devices. When done, you come back to the 1st device, and you changed the MP to the original one. When you do so, each device will still be able to log with their MP they set on their device because this one remain on their device even if the DropBox MP of Enpass is only the last remaining one.
    Hoe it helps.
  • OneDrive on Win10 allows you to get a local copy of shared files now so it appears as if it's directly In your OneDrive
  • You can also email password entries to someone else, at least using the Windows desktop version. It is some sort of encrypted text for the whole record. Not sure how easily it could be read by someone other than the recipient, however.
  • I agree that Enpass sounds wonderful...if I were still young and single and passwords only mattered to me.  Sharing is wonderfully simple with Lastpass and crucial for my wife and I to manage banking and other household accounts.  Too bad it isn't simpler with Enpass.
  • See above how to do it with Enpass. I share the same database with my son and wife that all have their own Master Password (formerly LastPass user speaking).
  • Yes, I read it and understand it, but it's not nearly as simple as Lastpass.  Lastpass lets us each have our own accounts with our own personal passwords while having shared passwords between them.  Daniel's solution means all passwords from all family members exist in a single DB that is shared.  I just like Lastpass's sharing solution better is all.
  • I personally chose 1Password. The new desktop beta is out (though it only supports teams/families at this point) and the UWP app is nice, even supports Windows Hello to unlock your vault.  As for importing from LastPass, I will concede that's an issue for 1Password on Windows, since you need 1Password 6+ to do so. Luckily I had a Mac to do that step when I switched. Once the new desktop verison is released, that will no longer be an issue. The killer feature for me with 1Password was the two factor authentication support. For example, I go to Microsoft and there's my username/password and two factor code. This syncs across devices so I can open 1Password anywhere and get my code. Huge since I sometimes leave my phone in a different room or something. I love being lazy.
  • the UWP app is nice, even supports Windows Hello to unlock your vault.
    Their alpha/beta app that was just updated to say they have discontinued it? I thought they dropped UWP in favor of standard Win32 because of "legacy users"?
    The killer feature for me with 1Password was the two factor authentication support. For example, I go to Microsoft and there's my username/password and two factor code. This syncs across devices so I can open 1Password anywhere and get my code.
    This supports Time-based One-time Password (TOTP), which I believe is the same.
  • Oops, guess I better check my Lumia when I get home. Hadn't seen that. Sounds like it's the same. 1Password uses similar wording. Well then, just forget I said anything!
  • I was hoping it was different as up until last week I was looking to move to 1Password (but the conversion from LastPass was a huge pain, IIRC).
  • Yeah, 1Passwrod 4 for Windows doesn't import LastPass, neither did their UWP app. You had to use 1Password 6 for Mac. The new desktop application should change that, but with the UWP app news I would no longer recommend it to anyone with Windows Mobile. If you're just using Windows on a laptop/tablet then maybe. Enpass sounds like a better solution though.
  • Yeah, if LastPass comes back with a killer UWP app, Hello, etc. I will reconsider them. My only issues with them were their lack of innovation on Windows 10, which frankly is a bit understandable. However, Enpass did all I wanted and it was easy to import, so done and done (for now).
  • LastPass works fine on Windows 10 as addins to Chrome and FireFox. No need to have an app run in the background. No need to copy/paste. The only thing they haven't brought to market yet is an Edge plugin and that's because Edge hasn't supported them. Your objection to LastPass appears to be because they don't have a stand-alone univerasl app. I'm not sure why you feel that hosting a password management service in a UWP container is better than hosting it an a browser container. I do know that I wouldn't give up browser integration if I were to go looking for a new password manager
  • This.  I'm using on two work pcs and one home.  All in browsers.   Also I can share passwords with small business and hubby.  He's not going to go for anything complicated.  If I tried the Rube Goldberg (sounding) process for multiple users and Enpass, he'd go right back to his 'password binder.    
  • If they did not update it, the 1Password app on W10M was not even allowing to edit. Maybe it is at last the case. But TOTP is also supported on Enpass. All in all, 1Password is great but Windows support has been very poor.
  • The TOTP support may be great for convenience but not for security in my opinion. The purpose of two-factor authentication is to provide for two ways of verifying your identity, and I would argue the request for secure content. If your 1Password, or Enpass, database is compromised your password AND two-factor authentication would be available to the malicious user - and worse, you wouldn't be notified until after the damage is done. Whereas if your two-factor requires you to actually acknowledge the request by your phone or secondary device for TOTP it prevents compromises to your account if you database is compromised and it forces you to acknowledge the request in two places - the login form and your TOTP application. Therefore, if a malicious individual even guessed your password it would notify you that a request was made and your TOTP is needed to complete the request. You would simply deny the request at this point. Just my .02
  • Dont use 3rd party password managers. My important ones are memorized and backed up in an encrypted file, other passwords for sites like forums are handled by Windows and that syncs to my phone. Not really seeing why I would put such sensitive information in the hands of a 3rd party.
  • I would appreciate it if you read my article first before commenting. Enpass is local. There are no accounts, they don't host anything, you don't sign up for it. You keep your DB local on your HDD, on your personal cloud, or OneDrive, DropBox, etc. The choice is yours except there is no choice to store it on their servers, which I argue is a good thing.
  • Any password that you can memorize is more vulnerable to brute forcing than the risk of your passwords being stolen from a breech from a password manager, who's entire existance is staked on them keeping your data safe.
  • Good point. I use a manager because my PWs are random digits/symbols/numbers 12-20 characters long. No way could I memorize all of them.
  • http://xkcd.com/936/ Posted via the Windows Central App for Android
  • I can't click the link in the app but I know exactly which one this will be a link to...involves hitting a man with a $5 wrench?
  • Correct horse battery staple :) Posted via the Windows Central App for Android
  • No longer good advice. Password hackers aren't stupid and can also read xkcd, and devise a cracker that can check combinations of dictionary words, different languages, the most common password strategies etc. The only secure way is long+truly random.
  • I didn't look at his link tbh...But I thought he had linked to this one: https://www.xkcd.com/538/ If somebody wanted your password specifically this would be the easiest way to get it - Of course having secure passwords that are truly random really is necessary to protect against general attacks against services. Just hope nobody ever gets hold of your LastPass (etc.) password and your golden - If they do then you're screwed in one go anyway - No other option though unless you can remember tons of truly random strings, which most people can't
  • I was somewhat being facetious in posting the link (hence the no comment beyond the comic), but in reality 1FA in general is no longer secure, no matter how long or complex the password is. The best method is to have a password suitably complex but also have it a second factor auth on the account. Posted via the Windows Central App for Android
  • I just started using lastpass after considering 1password. I found lastpass worked better for windows 10. Lastpass also has two factor with their own app or even with with Microsoft authenticator, not the beta (yet). So I went with using their two factor app because it has tap to allow device. Having hello would be great, but what I want the most is edge extensions on mobile.
  • For me, the killer features are 1/ support of Windows Hello and 2/ work with Continuum. LastPass offers none of them. Plus, Enpass support also 2 factor authentification fields.
  • I love Enpass. The fact that they have an Edge browser extension coming soon is enough to finally make me buy the app. Great news!
  • I started out with Password Padlock because they didn't keep my info on there servers then tried OneLocker for the UI because there was a PC app. I switched to Enpass & stayed for both reasons. I got the full version a while ago when it was on sale & I love it
  • I got the app when it was free for a day a few months back and haven't been happier. I use it every single day. I love the intergration with Chrome and am looking forward to its coming to Edge. It's WELL WORTH the price!
  • I have been using Enpass for several years now.   Used to use a password keeper that has origins all the way back to Pocket PC.  Enpass even imported THAT file!  I bought it for my PC, WinPhone and my wife uses it on her Android.  Easy to use app, has a password generator which is great and I can copy/paste into websites to log in with ease.  The browser extensions are just going to make it that much easier.  I've tried them all... Dashlane, Password Keeper, Vault, etc. - Enpass is the one.
  • Been using LastPass for years but been suaded, gunna give Enpass a whirl
  • That's what's cool here, really no risk. For me, it was the ease at transferring my data that really helped. Shorter version: I'm lazy.
  • Enpass looks great, but I think I'll stay with OneLocker. It's a nice UWP app by a young italian developer, and does everything that Enpass do, except it doesn't have browser extensions, and is only available on Windows 10 and Windows Phone 8.1 (yet). But I only use Windows 10 on all of my devices, so it's not a problem for me (if it would be, it can export the databse in CSV). The service is also free, and the app is cheaper. And at last, but not least, I just bought the app like 2-3 weeks ago, and don't want to send more money on another password managers :D And yeah, I'm working with the developer on a Hungarian translation now (it's my native language), so it's my app now a littlebit too :D
  • Yeah, if you're all in on Win10 and that's it, OneLocker is a good choice too. I'm going by numbers here and recognise most users aren't all in on Win 10 ;)
  • Yeah, you're right.
  • I have a big pass, everywhere I go I use some part of this big password and even if someone know this, it is only one portion of this big pass. And I will never forget. I don't need an app to remember all my pass. That is a waste of money.
  • I can't risk that, sorry. If someone were to get my "one big pass" it would compromise all my accounts. I have a lot of social that could be heavily damaged if that were to happen. No one recommends, to my knowledge, your strategy for security.
  • Lastpass customer service has been very good to date, much better than roboform's was. It's very worrying if they have been bought by a company with a bad customer service rep, never mind price hikes. Great review, thanks Dan.
  • Yeah, Roboform used to be the big one, but they seemed to have slipped. I'm impartial on the buyout thing, but if you read the announcement/comments their customers were furious.
  • I never used password managers. I have very complex passwords all in my head. Heck I remember my credit card/debit numbers and everything. I have a good memory. I do however use less complex passwords for forum websites and things like that. So for me the only advantage would be the extension. What exactly is the point of the app though if you're not using an extenion on any browser? Does it just show you the passwords? Does it remember passwords for other apps? Or is it just for management?
  • I can call up my credit cards, license, frequent flyer info, passwords when I use apps on my phone e.g. Twitter, which is random numbers/symbols/letters, etc. But sure, the best use is for web browsers, etc.
  • Good article Daniel. I've never used a password manager. Here goes.
  • Hope you like it! Once you start, you never go back. Plus, better security if you use their PW generator.
  • I use LastPass and have been happy with it, but I'd consider changing if there was a compelling reason. I'll have to investigate.
  • For me I'm just tired of their 8.1 app. If you have used Lastpass on Android/iOS and see how they use biometric/fingerprint you'll want the same on a 950 or XL. The fact that Lastpass does not have a UWP, and I don't know that they will have one, and I was able to jump to Enpass in 15 minutes, is what changed my mind.
  • I attempted to use Enpass instead of LastPass earlier this year but ended up going back to LastPass as the browser integration just wasn't quite good enough in Enpass compared to LastPass for me and the login timeout requirements were too restrictive compartively.  Maybe they've made some improvements in that area since then, but for me at the time LastPass was worth the $12 a year for its ease of use and more polish.  
  • LastPass has a lot more fine-grained control, which can be a blessing or a curse depending on how many options you want to manage. Part of it is also because they manage your DB, so you can prevent your account from being accessed by countries, which is neat, but unnecessary with Enpass, I suppose.
  • I'm having some issues with LastPass right now where I have the 30 day timeout for 2FA disabled, but it is still making me reauthenticate occassionally.  I forget exactly what it was about the timeout on Enpass that drove me crazy, but I remember that it made me do something way too often (like multiple times a day) and the browser extension would get hung up and not work until I opened the Windows desktop client up.  I just want something that won't constantly be logging out and making me reauthenticate, I feel like having 2FA and strong base password should be enough for it to just always be available without me having to mess with it.
  • I'm having some issues with LastPass right now where I have the 30 day timeout for 2FA disabled, but it is still making me reauthenticate occassionally.
    I have seen that too, which is frustrating if I don't have my YubiKey at reach.
    I forget exactly what it was about the timeout on Enpass that drove me crazy, but I remember that it made me do something way too often (like multiple times a day) and the browser extension would get hung up and not work until I opened the Windows desktop client up.
    This is a good point and I have seen it happen as well. Their extension is dependent on the PC app being installed. I did uncheck 'Verify browsers' in settings and I think that helped with that.
  • I see this problem in Chrome from time to time. Firefox is OK so far. Unchecking the "verify browser" in my case did not do anything. I am actually using Firefox more and more often now...
  • If you have 2 factor enabled even with the 30 day portion disabled it will randomly require the 2nd factor authentication for any device.  Most commonly following an update where it needs to re-establish a proper authentication for the device, but lastpass support indicated it may occasionally request one for security concerns such as multiple incorrect password submissions.  
  • Still prefer Roboform- does so much more for me especially at work with all the remote\system logins it remembers for me.  Lastpass wasn't that great.  Giving Enpass a shot - for the Edge support mostly.
  • Can Enpass import Password Padlock data? I've used that for years just because they supported Windows Phone and PC...and like Daniel said, sometimes you just go with what you know. But I'm always willing to switch when it makes sense and is easy.
  • That i'm not sure as it depends on how PP exports data and whether Enpass can import it. May be worth exploring.
  • Downloaded the free version and read the manual. It does import from Password Padlock 7.4, but via text file (is that unencrypted? Yikes!) Will try the import in a dark, locked room with the WiFi turned off... ;-)
  • All export/import of password managers are decrypted ;) That's why I mention wiping the file when done. Only way to do it.
  • Exported/Imported flawlessly. I'm a convert! I had to download the (free) Windows Desktop PC version in order to do the Export/Import. Then I paid the $9.99 fee for the Window 10 version so I could sync my passwords with OneDrive and get them from the Desktop version to the UWP version. Finally I downloaded the Windows Phone version - it originally asked me to buy the $9.99 license, but when I logged in clicking "Restore my data" it seemed to bypass the paying part and just gave me all my passwords. If this is how they treat us - one license payment for UWP apps on all platforms - it's a glorious time to be in the MS ecosystem!
  • Yeah, we were hanging out in Slack when I tried the export/import thing and that is what really sold me. I tried switching to 1Password a few weeks ago but no import, so no dice. Then they gave up on their UWP app, so that sealed it for them.
  • I was attempting to export from 1Password and import into Enpass.... and the process was quite painful, I had so many duplicates and misformatted entries that I eventually just gave up. I wasn't aware that 1Password was giving up on their UWP app? Is there an announcement I missed? They just released an update pretty recently. https://discussions.agilebits.com/discussion/comment/314195/#Comment_314195   I'm still trying to decide if going through with the painful import is worth it.
  • Hey @danielrubino I still have to use the master password on my Lumia 950 for the first login. I hoped they would have fixed this to be my choice of using Windows Hello, but no dice as of yet...
  • They will fix that in future releases according to the description in the store. Quote: 'Unlocking through Windows Hello- Currently its not Full-time unlocking, so you have to enter master password once the App is closed. We will improve it in next update.'
  • A new update of Enpass has just been released in The Netherlands that fixes this... 
  • Nope....it didn't ;) (still not working). Are you sure that's not an Insiders app update?
  • Update: it does after all... The update just turned the setting off again. After reenabling it, it now works! Kudos to Enpass! :)
  • Great Marco! Prettige dag nog.
  • I dropped Lastpass for Enpass also, but I don't like relying on the desktop version for the Extensions. Also, the Lastpass extensions are better, with deeper integration, autologin, autocomplete...
  • but I don't like relying on the desktop version for the Extensions.
    Yeah, I found that weird too. I think it's because they don't 'call out' to an external server like LastPass. So the autologin is nice with LastPass, but I found sometimes I had multiple accounts with the same service (work, personal) and the autologin sometimes became confused. Granted, I could disable it, but it was just one of those 'bugs' that got to me.
  • Does Enpass work on Opera Mini on my W10 phone? If yes, I am sold...
  • No, I don't believe Mini takes extensions, sorry.
  • I am glad Daniel you tried as I made this recommendation not a long time ago on your article about moving to 1Password. Just a quick question : how did you get the Edge Extension ? Could we get it ? As far as I know, it is still not available for beta testers...
  • ETA I hear is a few weeks (less than 2?) but I'll leave it to the developer. I got the extension through some connections to the dev.
  • Been using Enpass for ages, I came from ewallet, definitely didn't regret it! Awesome app!
  • Thanks - this was a very helpful review. I started using KeePassX, which some consider to be one of the most secure password managers because it's open source (everyone can spot a bug). However, that also means that it's not the smoothest user experience, often requiring third party apps that feel like early 2000s software compared to the UWP apps of today. I wanted to try another password manager with easier, cross-platform operation, and after reading this I believe I'll give Enpass a try.
  • Good review, thanks.
  • I've been using Sky Wallet since I had my first Lumia 920. It's a decent app that only costs $5 or $6 if I remember correctly (no annual fee) and it includes a win32 desktop app. I got Enpass on a promotion for free a while ago (I don't remember if it was myAppFree or something else) and have been impressed with it so far because it's all in with W10. Little by little I have been transferring my passwords over and eventually I'll be all in with Enpass.The only thing I don't like about Enpass is that it doesn't let you rearrange the order of the fields in each entry. You have to rename and/or add fields in a particular order. Sky Wallet allowed me to do that easily.
  • Great Service...I love the fact they are on every platforms...including BB10! Been using Enpass for over 2 years.
  • I like that this stays local and I'm going to give it a shot to see how it is. You mentioned there is no 2 factor authentication. Would you say storing this in OneDrive that has 2 factor on it and using Windows Hello is sufficient in your opinion?
  • Man I would love this simply to have one app for mobile and windows as well as Edge support. Unfortunately, unless I missing something, it has very little actual function. I currently use RoboForm which automatically asks to learn (or update existing) credential for the site. So, if I logon to a new site, and I allow it permission, it will save the URL as well as username and password. I can also be in RoboForm and tell it to double click a login profile and it will go to the site and log me in. It would be such a pain to have to cut and paste every time. It seems like Enpasses Google extension can't be enable with UWP app but can with the classic desktop. I could go on, but as simply a repository to store passwords and allow you to copy and paste them into a site, this simply isn't worth it.
  • So, if I logon to a new site, and I allow it permission, it will save the URL as well as username and password.
    That's how this works. Pretty standard for LastPass, 1Password and Enpass and not unique to RoboForm. The UWP app is more for Mobile experience where extensions like RoboForm don't do anything either. So, on my phone I have to (1) Open an app (2) type in a ridiculously long password (3) copy/paste. That applies whether I use RoboForm, 1passowrd, or LastPass. At least with Enpass I cut out #2. RoboForm desktop/Extension is the same as Enpass desktop/Extension except you don't get a UWP app for Mobile or Hello support. Alternate questions is why would I use RoboForm? It has zero advantages.
  • Thank you for this article Dan! I've been wanting to take better control of my passwords lately and this article was extremely helpful. Cheers!
  • Does EnPass support IE in addition to the other browsers listed? I still use that sometimes when I need to do something in a different browser and already have Chrome and Firefox windows open. It also still provides the best UI for some older sites that use ActiveX controls. I like that LastPass works on all of those. But I strongly agree with wanting to support developers who are supporting Windows 10 and UWP, if for no other reason than to encourage more of them to do so, so I can eventually get more apps. For me, with a Lumia Icon on Verizon running Windows 10, it doesn't sound like I'm missing out on anything that I would benefit from yet. The right time for me to switch would probably be when I can move to a new phone that supports Windows Hello (HP Elite X3?). That gives LastPass a little bit of time to add that same support.
  • No IE, unfortunately.
  • Oh well. I'm sure it won't be long before that's irrelevant (maybe it already is) as it appears even MS is phasing out IE support. But it does give another (minor) argument to stick with LastPass for a little longer for users who can't take advantage of the Windows Hello support. Thanks for the great article, as always!
  • Well, that's unfortunate, and a deal breaker for now. Edge just isn't up to full time yet, and I don't Chrome as a rule. Seems odd with as wide support as they seem to have they didn't do IE before Win 10. Are they that new? Even with LastPass being marginal on W10M, I need a decent manager on IE way more than on the phone, so LastPass stays.  Maybe this will prompt LastPass to up their game on Win 10.
  • Can RoboForm be converted too?
  • I'm sure others posted but you should edit article. Enpass has a non Universal Windows application that's free and honestly just as high powered. So if you are windows/Android you don't even need to pay twice. Posted via the Windows Central App for Android
  • I use the free Windows desktop app and the paid Android app. Posted via my Nexus 7 2013 using the Windows Central App for Android
  • I mention the Win32 app. Also doesn't support Hello and you actually have to have the desktop app installed to use the extension.
  • This article less than a month after the article telling us to switch from Last pass to 1Password. Does Windows Central have some personal vendetta against Last Pass?
  • Nope. That was me wondering how the hell to switch to 1Password as I was interested in trying to support them. So I had one of our writers investigate how to do so (turns out, it sucks). Then I learned about the Windows 10 support with Enpass last week and we had an in with the developer, which is where I found out about the Edge extension. I tried it, imported my LastPass with ease and have been happy ever since. I have no real problem with LastPass except (1) they don't talk to us, give us updates on their plans (2) don't have a UWP app (3) I wanted something that worked with Windows Hello. No conspiracy, just one company meeting my needs and another failing to do so. As I said a few times already if LastPass gets their act together and puts a UWP app I'll reconsider them again.
  • One note works great. Why use a paid service?
  • lol, OneNote? So my passwords are just exposed and not encrypted? Yikes. Also, how do I autofill using OneNote in a web browser? Finally, not a paid service. There is no service. It's $9.99 for an app.
  • You can password protect sections in OneNote, with the same 256 AES encryption. I get the autofill issue, but that is a personal thing. I dealt with just using a manager for years that didn't do that. You may not be old enough to remember the good old days ;)  I notice it doesn't do that on mobile either (neither does anyone else as far as I know), so copy and past on a laptop or desktop isn't awful.
  • You store your passwords in plain text??? YIKES!
  • I'll stay with Lastpass -  a) I can sync Lastpass with my office PC, but my company blocks access to Onedrive and Dropbox. b) I like the "Security Check" feature of Lastpass c) Good experience with Lastpass
  • This sounds awesome
  • Been using Enpass on desktop and mobile happily for two years now. Highly recommend it, and $9.99 well spent. Their support for all platforms is welcome, and they have always consistently updated their Windows/Windows Phone apps.
  • Also the desktop app is totally free; even the sync feature is free with the desktop app.
  • Ive been using Enpass for about 1 year now, maybe a bit longer. I really like their new UWP apps. I use it on my 1520 and Surface Book. However, one gripe I have is that on the phone app and when the PC app is snapped beside another app its really hard to see all of your stored accounts. All of them look extremely crammed due to the way the app has 2 seperate tabs. Dan, do you have this problem? I'd also really like to see them open up Windows Hello for the initial sign in instead of just once the app is minimized.
  • Wjat about form filling in W10 mobile? I actually use Enpass on Android and you can just change the keyboard to Enpass keyboard whenever you need to input a password (that's more an Android feature than Enpass one). Do you have to go to the app and copy and paste username then password on Enpass UWP on W10M? Posted via the Windows Central App for Android
  • Copy paste. That's an OS level limitation for now.
  • Ok. I was expecting that, I thought it might be an OS restriction. I hope the OS will become slightly more flexible, maybe to allow autofill with notification (as in the new update of the Android app). Or if extensions come to Edge Mobile that would help for sure, even if not for login into apps.
    I'm interested because after 8 months on Android I really wants to go back to Windows Mobile and will probably buy a 950XL in a month or two. Thank you for your answer. Posted via the Windows Central App for Android
  • I had to switch away from LastPass due to a technical reason, and have been very happy with Enpass. With LastPass, something in my data file broke their .NET decryption algorithm (shared by the WP8 and Windows Store apps). While the website and browser plugins worked fine, the Windows Store apps failed trying to read the decrypted files. LastPass could not recreate the issue, and didn't seem all that interested in fixing their Windows apps. So... I had to move to something else. Enpass works well, looks good, syncs to OneDrive, and has browser plugins (I'm looking forward to the Edge plugin getting released soon). Everything I really want. 
  • Why do you need 400 passwords, I don't even think the government uses that much.
  • Because using one password is lame and unsafe. I have 347 passwords now. Every single one unique, long and complicated...
  • Why do you need 400 passwords, I don't even think the government uses that much.
    Kind of my business, but I do mention how many of them are older, maybe not in use. But that is beside the point. My argument still holds if I only had 100 passwords.
  • So... There's win10 app for enpass,how does that function differently than lastpass' 8.1 app from a use standpoint? Does enpass hook into edge or something that I should actually care about? I mean I might switch when my subscription is up due to the increased security, but it doesn't really seem to provide any tangible benefit in usability.
  • Usability for me is Windows Hello. If I want to log into my Bank of America app my password is like 20 digits. I need a password manager to use BoA, in other words. Now, I don't have to type a long password. Unlock the app with my iris scanner, copy password and paste into BoA. Same when I'm on my Surface Book. Also, I save $12 a year. Finally, I just don't like 8.1 app performance, design, and its inability to properly scale. I like UWP and as I say in the article given the choice between an 8.1 app and UWP, I will always go with UWP. I support companies that support the platform.
  • If I could setup windows hello without requiring a lock screen and use it just for app authentication or store authentication, I'd be on board. But I'm frequently in situations where Hello isn't reliable, aka outisde with sunglasses on. And I don't have any real reason to lock my phone so requiring a pin number is a pain in the butt. But a few months ago I found that I could put a pin number on lastpass (that works above the master login) at which point I can tell the app to remember my password, which is over 10 characters long, and use the pin to secure the app. THAT was the moment that lastpass became acceptable on Windows phone/mobile. But if my only option with Enpass is that I use windows hello/pin my whole phone OR enter my long, dumb master password every time, that'll have to be a hard pass for me as it would be a step back in usability.
  • Weird, I use Iris scanning all the time with pilot sunglasses and outside.
  • Aviators? I could see how those would work better than my smaller sunglasses...
  • To answer to  your question, obviously, Windows Hello is a HUGE appeal but you somehow manage to reverse this advantage as an issue. Other than that : - LastPass store the encrypted db on their server which from a security standpoint is not as good as Enpass which store it locally or on a 3rd party cloud (with the possibility to 2FA) and LastPass has already been hacked - it is cheaper - it is a UWP so it works on Windows laptop / tablet and with Continuum on the phone (that is great) - it supports TOTP fields No matter how you sliced it, Enpass on Windows mobile is just far better than LastPass. This is why I switched like Daniel.
  • Seems like you didn't follow the whole conversation... Like I said, I might switch when my Lastpass subscription is up. But until Hello is more reliable it can't be listed as a PRO, but it is not a CON. And if I have to input a master password constantly when I have to use it instead of the PIN that I currently use with Lastpass the USABILITY of Enpass is at best (when Hello works) the same and at worst quite inferior. I'm still saddened how garbage the implementation of these password managers are when compared to their Android counterparts. Lastpass on Android is borderline better than it is on desktop. I never claimed that Lastpass was overall better, I acknowledged its benefits. But usability matters more than any of that, at least until browser extensions come to mobile.
  • Windows Hello works perfectly for me and it seems for many 950 users. My advice is to retrain Windows Hello. Do the "improve recoginition" several time, with glasses or not, at different angle. Also, best is to look at the front camera which is just on the left side of the middle speaker. Only time where Windows Hello does not work is in bright sunlight where I just have to find some shade to have it work. Regarding extensions support on mobile, that is clear that iOS (and you said Android) has a definitve advantage here, I cannot deny. I realize however that I usually used the embeded web browser in Enpass so I do not need to switch app and it works very good to consul the bank website or do something else. But yes, I am also dreaming of the day where W10M will support like W10 the extensions in Edge.
  • W​ell unless you closed the Enpass app, then you would have to enter in your master password which I would assume would be as long as your other ones.  I'm not seeing the advantage of the app versus the desktop program if you have to keep the app minimized all the time.
  • Does enpass support folder creation for organizing logins? I looked at enpass before but ditched it for some reason I can't remember...perhpas the folder thing. BTW, the new 1Password UWP is located here: Universal app is moved to https://www.microsoft.com/store/apps/9wzdncrdr64j
  • Yes, there is option to create folders. I have few and using them to separate my work and private passwords/logins...
  • I'm playing around a little with Enpass at the moment, and I like the folder option.
    But it seems I can't modify folders after they have been created. Also, is it possible to place an already existing item in a folder? It looks like the only way I can get an entry in a folder is to create a new item in that folder.
  • Yes you can. Go in your folder and click on the +. Here, on the top, you have the choice to add a existing elements (from there you see all the elements with a checkbox so you can select several at once).
  • Nice article. I was planning to go back to LastPass when my Dashlane subscription expires, but this gives me another option to consider.
  • I switched to opera browser, maybe I'll switch to enpass.
  • how to enable browser extensions in UWP ? "Enpass connection error" in chrome
  • You have to install the desktop client. Then enable it in the app settings.
  • When I first got on to WP I used a manger called SkyPass, which was great since it was built for Windows Phone. But after it became apparent that they abandoned it, I searched and found this when I found KeePass to be a little too difficult. This app has been great, it's constantly updated, and the UWP is awesome. Been using it for at least two years now, can't say enough good things!
  • Instructions are only for the desktop app ? The UWP version has none of them. How to enable chrome extension for enpass?
  • Hey Daniel, I know Enpass also has Edge Extension support, but give OneLocker a try when you have two minutes!
    I know as a single developer I can't really compete with an app developed by such a big company, but I'd love to know what you think.
    It's an UWP app, I also added support for Windows Hello, it syncs over multiple cloud services and the app offers much more customization than Enpass (as for card fields and items), and it has many more options :)
  • Will check it out. Wanted to start broad and go down from there.
  • Thanks man, I appreciate it :)
    Looking forward to hearing what you think, feel free to send me an email from the app if you want a gift code to try it out!
  • Daniel
    Enpass, instead, lets you keep the file locally, or you can store it encrypted on your own cloud. Options include Dropbox, OneDrive, Google Drive, Box, or WebDAV/ownCloud. Everyone is satisfied. The file automatically syncs whenever you make changes, and when you set up the app for the first time on a new computer and it grabs the file you'll have to use the master password to decrypt it. While I was concerned that installing Enpass on multiple devices would require jumping through hoops, the experience was fluid, precise, and — most importantly — easy.
    With this paragraph, can you clarify something.  If you retain information locally, can you do Wifi sync between devices or do you have to use a third party intermediary (Dropbox, OneDrive, etc) to transfer data between devices?   Thanks.
  • Enpass DB is a sinle file. If you can sync other files via this Wi-Fi sync you should be fine syncing Enpass. Hell, you can even copy Enpass DB to Floppy and sync between PCs that way :)
  • I grabbed Enpass when they were offering it for free and Love it.  Also convinced my wife to pay the one time fee so she could use it on her Android phhone.
  • Enpass is awesome! I've been using it for quite a while. Getting an Edge extension would just be the cherry on top.
  • Are there any password managers for W10M that has an in-app auto fill feature like LastPass does on Android?
  • No, it's an OS level feature not available yet to devs.
  • I'm confused, which is better, the UWP app, or the desktop app? Why do they have both?
  • UWP app on a Surface Book would be faster if you need to retrieve a password since you could just use Windows Hello instead of typing a 20 digit password (for example). UWP was mostly meant for Mobile use, but since it's trivial to make it work on a PC, there you go. Options are good. Leave it to the consumer to decide which is best.
  • Windows hello is a weak link (IMO) for a password manager.  If you have kids, they can hold your machine up to your face as you sleep, or if someone wants your passwords against your will they simply have to point the camera at you, id never recommend Windows Hello for this reason.  I use 2 step authentication via Yubikey with Lastpass and have found it to be perfect, just waiting for extentions for Edge and adios Chrome.  If price does change then I will revisit at that time, today there is no point changing, they were even hacked and no passwords compromised, that hole is plugged and more security poured into the system.
  • Windows hello is a weak link (IMO) for a password manager. If you have kids, they can hold your machine up to your face as you sleep, or if someone wants your passwords against your will they simply have to point the camera at you, id never recommend Windows Hello for this reason.
    You sound...paranoid. Couldn't your kid just grab your YubiKey when you sleep and have a keystroke recorder on your PC? I just sleep with a sleep mask anyway, so I just ruined the plans of these fictitious kids. #genius
  • That was just an example of Windows Hello weakness, and it IS a weakness.  As for sounding paranoid, erm the whole premise of using a password manager is for the paranoid no?
  • Im happy to give it a go though, can I use Yubikey as well?
  • Nvmd, reread the article :) Its a no go for me.  Lastpass will have extension for Windows 10 and UWP, most likely Hello support too at some point which will make it better than Enpass (IMO)
  • So don't use Windows Hello ! Seems Apple fan mentality that absence of a feature that you can decide to use or not is detrimental to the complete lack of it. Also, are you sleeping with the eyes opened ?
  • I exported my passwords from LastPass .. but I cannot seem to find the import option in Enpass ! :( HELP
  • LastPass should have generated a web page, which you then are to copy/paste into a document on your PC. You then import that document to Enpass.
  • It would be helpful if you elaborated on your second sentence, because based on the Windows 10 version I download this afternoon, there is no "import" button/setting/option on the UWP app.
  • Unfortunately, import feature is only available in pc non-uwp version. So you have to download it separately, which is sad. And Daniel, please update the article with this information.
  • Is it possible to import from Whisper32? Yes I know it's really old,but it works for me. But maybe it's time to take a step up :-)
  • Can you export passwords from Roboform to Enpass? I stopped using Laspass once it was hacked.
  • Thanks, Dan. ​I've never used LastPass or the likes because of the cloud hosted stuff. Obviously such services would be a constant target. So having it store on my OneDrive and still be able to be used on my iPhone... that's what I needed. Will start this trial and see how it goes. Looking forward to the Edge extension to see it all in action.  
  • Nice, hope it works out!
  • Isn't OneDrive cloud hosted? Not that I have any problems or concers with cloud hosting.
  • I will give a try
  • I love Lastpass and do not mind paying a little to ensure that they keep developing it. The idea of a free password manager scares me shitless! Also I am not interested in using an OS that shares my content with Microsoft. Posted via the Windows Central App for Android
  • No offense, not much of what you wrote makes any sense? You pay LastPass because (1) they need a lot of customer support (2) their server fees (3) their backend support staff and engineers (4) their mobile app development. You don't pay Enpass because (1) No servers, no hosting, no backend at all to support (2) Smaller support staff (see point 1) (3) You pay the $9.99 for app support/development. Regarding, " I am not interested in using an OS that shares my content with Microsoft." I have no idea what that means. If are talking about Windows 10 in general, why are you even on this site? Second, your statement is just false. No one cares about your content (sorry, you're not anyone special) and Windows 10 does not store or collect your "content". If you mean the word telemetry, well, you need to learn how that is not synonymous with "content" in the least. Finally, your post ends "Posted via the Windows Central App for Android" which in light of your above statement about privacy and Microsoft is the most hilarious thing I have read all day, since Google does do things like scan your emails for advertising.
  • Daniel, I'm still using an ancient password system called Spb Wallet. I started using it originally because it supported a client on Windows Mobile (PocketPC). It hasn't been updated since 2008, and obviously there is no client for today's Windows 10. The reason I'm still using it is that it allows you to define custom templates for data. I have specialized data that I need to store, such as networking addresses, passwords, and server configuration. I can make a template to define what fields are needed for that type of data. Then when I create a new "card", I can select which template I want and then I have all those fields available to me. It's VERY flexible and I haven't found anything to replace it. You can even just say you want to store a "note", which is a template with just a memo field. I have tried to replicate this with LastPass, but it doesn't seem to support this tyoe of usage... it seems limited to just website passwords. Any thoughts on if Enpass has any features similar to these custom templates? Thanks!
  • I'm 99% sure you can do this on Enpass. You can definitely do just a secure Note (blank field). You can also manually add fields to entries. There is also a section called "Computer" and it has pre-made entries for DB, email, FTP, IM, ISP, Server, Web hosting, Wireless router, Other computer. Also, I remember SPB Wallet lol. So long ago, they were a fun company.
  • Not bad, but KeePass + KeePass2Android + BitTorrent Sync is completely free and doesn't require the cloud at all.
  • My system is simple, if not for everyone. But it has the benefit of being both secure and free to use. I use Windows Credential Manager, which roams my credentials across all of my devices, and, importantly, provides native auto-fill support on Edge mobile and desktop. This is way more convenient on a phone than having to use copy and paste, or an in-app WebView control to browse. WCM stores passwords locally in a securely encrypted store locked behind your Microsoft account credentials, but I strengthen my security be enabling device encryption on Surface Book and other devices. I reuse easy to remember passwords for thow-away site credentials, while I have long, complex, random passwords for essential services (Microsoft, Google, Apple, Facebook, PayPal, etc.), and I also enable two-factor authentication for all of these services, where possible. You can lookup, manage or delete your saved passwords using Credential Manager, but I also keep a backup OneNote notebook with the important credentials in an encrypted, password-protected section. This is hosted on OneDrive and shared with my wife, so we each have access to important information if needed. (I don't worry about Microsoft employees or the government accessing my OneDrive files, but using encryption in OneNote eliminates any risk short of the NSA, and I've got nothing to hide from them.) This is obviously a Windows-only, Microsoft browser-based solution, so it won't work if you use other operating systems or browsers. But it is surprisingly workable within that constraint.
  • Great article Daniel. As a longstanding Lastpass user I may just have to switch to Enpass instead.
  • I just converted over from KeePass. So far so good and well worth $10. LastPass might be the most secure company in the world, but they are also a huge target.
  • I've been a LastPass premium subscriber for a few years and have always been disappointed with their Windows apps. This article has convinced me to give Enpass a try. Thanks!
  • Daniel you said you have to pay for it multiple times across different platforms, but could you confirm if that's the case for W10 & W10M mobile, or if it's a UWP app where you only pay for it once across those 2? (as in buy on mobile and get the desktop app too or visa versa).
  • $10 gets you both w10 and w10m
  • Does it?  I made the switch, purchased the software through the mobile app and, in the Windows Store, it still asks me to purchase. Update: Yes, you are correct.  Thank you.  
  • Pay once for all devices with Windows 10
  • Do you have to pay for the version that plugs into IE and Chrome, separate from the Store app? Just wonder if we have to pay $20 to use both.
  • Just bought it for my laptop to see what it's all about. This will be my first password manager. Hitherto, I have been using an encrypted word document with a huge list of passwords.  
  • If this doesn't get Lastpass off it's ass to put out a better WP app, I'm joining Enpass.
  • I made the swutch after reading this article.  It was really easy to import all the Lastpass data and now I no longer need Lastpass.  So far, Enpass is far superior.
  • So there is UWP app for W10 and Mobile, Edge extension in works and close to release?.. Sold!
    Thanks for the article, I was looking for password manager to try out and will start with Enpass.
    At least I'll support developers' efforts :D
  • When I go to the Store, on PC it says "Built for Windows 10" but on mobile it doesn't and, in the new Store on the latest Insider build, it shows Windows Phone 8 as the minimum OS requirement.  Either they haven't updated their Store information or the UWP app is only available for PC at this time and the mobile app is still an old format.  If the mobile app supports Windows Hello though, that seems to suggest the former because I would imagine that only UWP apps can access that API, although I don;t know that for a fact.
  • It's a UWP app on both Mobile and PC for sure - The things you describe are just errors in the store.
  • Enpass has some online option? If I need a password on a computer that is not mine?
  • I think thats what your cellphone is supposed to handle. Otherwise, you would have to install the software locally to the machine, and access your own file from online storage. At least that is my understanding of the model. Similar to keypass, but without the cool authentication techniques. Keypass does have a portable version, so you could carry that on a USB drive along with the password file, but if you lose that it would probably be cracked given time.
  • This is the problem. With Lastpass I just access the site.
  • $9.99 to remember my passwords. Ill stick to my good old KeePass.
  • Great article, as usual. Thanks, Daniel. Waiting for Edge extension, but I'll give a try.
  • One thing that is strange is that if you use the UWP app it cannot also integrate with the browser extensions.  That means, if you install the UWP app and unnstall the desktop app (downloaded from their website) then the browser extensions no longer work.  Unless I am missing something?
  • I know the power of this App lil' early, so I got this app for free through MyAppFree deal long back
  • For non-Insiders, does Enpass have support at the desktop level for auto-fill in IE?
  • I'd love to try Enpass, however on my work-laptop I'm not able to install non-approved software. You'll need the desktop app for the browser extension to work. As that's not possible, I'll stay with Lastpass for now, which can be used without a desktop app. 
  • I noticed this too.  Apparently Enpass will add browser extension support in to the UWP app in the near future.  Lastpass is better integrated, with less components but, after having used both, I am actually enjoying Enpass.
  • Bah, more poor journalism from this guy.  The whole thing just reads like a paid-for article.  It's almost as if he has a vendetta against LastPass or something. And if you dare to suggest such things he'll openly get aggressive with his comments.  A shame because other great articles on this site just get dragged down by this guy.  
  • Go home; you're drunk.
  • 1.  Cant find the Edge Extension
    2.  Using it in Chrome REQUIRES the desktop version to remain open.  
  • Can't you just enable the option to minimise the app to the system tray when it is closed and still use the Chrome extension?
  • Thanks that worked.  However, it does not "fill" the credentials on a page when I click on the token in the extension.  I can see the credentials but I would like to be able to click and fill.
  • Daniel (or any informed user), does Enpass consider W8.1m to be a different platform from W10pc (i.e. requires additional purchase)? It will probably be a year before I upgrade to W10m, so I'd rather not pay twice.
  • I had asked them and they answered that you only have to pay once for all apps on Windows. I specifically asked if I bought the 8.1 version if the 10 version would be included, and they said yes. So you should be covered. Posted via the Windows Central App for Android
  • Is there an enterprise version?
  • I switched to Enpass over 1 year ago becuase of their support for Windows mobile and Win 10 UWP. I have tried tried LastPass and 1Password. Enpass does everything I need, and the price is acceptable. Looking forward to Edge support...    
  • I gave it a try, the version on windows store is not the same one you download from the website, so that was the first confusion, and I could not find any import option in the windows store version. So I installed the desktop version from the website, and imported everything from LastPass.
    The first annoyance was that it does not keep the categories, and puts everything under "imports". I then installed the chrome plugin, logged in, and it could not find any of the records I just imported and started froma  blank/empty file. So a pretty annoying first impression. It also is rather lacking in features and options, it really is very basic and doesn't hold a candle to the FREE version of LastPass. Yes there is a FREE version of LastPass, which it seems you missed, and it does everything that most people need. You really only need the paid version if you want to start sharing folders with other people.  
  • After updating my Lumia 640 to Win 10 I had to go back to Win 8 because Outlook and a number of other things wouldn't work. No help from MS except the tools to revert. That was good! Worked great. Back to Win 8 and that's fine for now. So I'm not concerned about Win 10 Mobile or anthing related until it works on my 640. Without a lot of "fixes".  Win 10 works fine on my PC.  
  • Amazing!  I wrote a comment earlier regarding the poor quality of the journalism by the author and it gets deleted!!!!!  I used no bad language, no agression, no insults - it was a honest and open comment.   Guess the journalist just doesn't like being critisied.   I simply suggested that the article felt more like a dig at LastPass than a genuine comparison.  When compared with the other anti-LastPass articles the journalist has written it feels like he has a vendetta against it.   I want news, but sniping.  It's a shame because the rest of the articles on this site are good, but get dragged down by this sort of nonsense.
  • If you mean this message:
      Bah, more poor journalism from this guy.  The whole thing just reads like a paid-for article.  It's almost as if he has a vendetta against LastPass or something. And if you dare to suggest such things he'll openly get aggressive with his comments.  A shame because other great articles on this site just get dragged down by this guy.  
    Perhaps you should scroll up just a bit to see that it was in fact posted.  I completely disagree with your point-of-view.  Does any positive review imply the reviewer is a shill?  Would a negative review mean the reviewer is a hired gun for the competition?  Clearly Daniel Rubino likes this product; just as clearly, you don't like Daniel Rubino.  For the record, I've not yet even tried Enpass - the lack of a convenient sharing facility is a big roadblock for me.  And no, LastPass did not pay me to say that.   They wouldn't pay me, because I'm looking for a replacement for LastPass because it has become less and less automated for me as time has gone by - I have to manully click "AutoFill" much more frequently than previously.
  • Has anyone taken a critical look at DASHLANE?  I'm running it on several different Windows10 machines, a Mac and my Android phone.  Always like that I can log in to their website to retrieve a password whe I'm working in a remote lab or have a enw machine temporarily. Having said this, my premium sub is about to expire and before I shel lout another $50 for a year ....
  • Sounds interesting. Wonder what Steve Gibson at www.grc.com would have to say about this product? Also, why does no one every mention Splash ID Safe? Been using it since my Palm Pilot days. (Old Nerd speaking here.)
  • I have rarely read such a bad article. I tried installing Enpass in Firefox. Guess what, it needs a Windows app to work. I had the Win10 app installed, but it needs the "old" app to work. This is a total mess to setup and I really can not understand (unless there was some payment involved) that this was written as it was.
  • Daniel or anyone else who has tried the app - was it successful at importing Secure Notes as well as site information?  I have quite a few software licenses stored within LastPass; manually moving them into Enpass would significantly decrease  my likelihood of migrating.
  • I'm intrigued by Windows Hello integration, but lack of two-factor authentication is a deal-breaker. We're talking about the keys to the kingdom here.
  • Could be nice to check out after the extension comes out. For now, PassKeep is compatible with my OneDrive -stored KeePass database and supports Windows Hello also. Happy with it so far.
  • Enpass' browser addon for firefox still sucks though. There's no autofill option, and you have to run enpass client for it to work. Is there any option to run it in the background?
  • Is it possible to import from Whisper32 ? Yes I know, it's really old, but it works for me. But maybe its time to take a step up :-)
  • This article reads like an advert for Enpass, it is far from a genuine comparison.  The whole "Why I dropped LastPass for Enpass on Windows 10 — and why you should too" argument is poorly rationalised, and isn't that objective.  Just because Rubino doesn't like Lastpass doesn't mean we should all follow blindly.  Lastpass is a good app, and far superior to Enpass in many ways.
  • For about 6 years now I have used One Note with a passwrod protected folder to save all my passwords, usernams and other criteria for accounts etc. I already have Office 365 with One Note so there is nothing else to buy. One Note files are encrypted so they cannot be read by a common hacker. Couple that with the convenience of the Chrome based browser experience I get for website access with my Torch browser and I find passwrod tracking to be something I don't even have to think about on a daily basis. I allow the Torch broswer to store passwrods to inconsequential websites and I store account type passwrods and information in the password protected One Note folder. The only inconvenience to me so far is that even though I have one note on all my devices, my password folder does NOT appear on my phones.
  • I switched to Enpass over a year ago and I love it. The developers have been very good at providing updates and new features. Sharing it with my wife has been a life saver. Keep up the good work!
  • Nice to see this review. Been considering moving from Dashlane due to limited device support. I might when the Edge extension come out. Only thing more ideal would be if there was IE support as well as I use that as my fall back if something isn't working right.
  • Looks like I'll be sticking with KeePass. It's 100% free and opened sourced.
  • Wonderful article, thanks for turning us on to this awesome program. Anyone else know if paying the 9.99 for the windows app lets you install it on any PC that you are logged into with your purchasing MS account? I'm also on the fence about the app due to the way Windows Hello is implemented. Seems that if you actually close the app, on re-opening it you have to enter in your master password, completely taking away the advantage of windows hello. If the app is backgrounded then windows hello works, but who wants an extra program on the taskbar and memory? I don't see it as a security issue because Microsoft deems it secure enough to allow you to login to windows from a full power boot with Windows Hello. Hopefully this is something the devs are considering.  Otherwise it seems like I should just use the free desktop program, the Windows Hello and UI seem to be the primary advantages. 
  • I've been using Sky Wallet for a while now, and bought Enpass. Was surprised that a couple of my items were recognized with specific icons: The Amazon account and the Microsoft ID popped up with corresponding icons rather than the default ones. On the W10M, it took a number of tries for the Windows Hello to work, but eventually it has. Nice app.      
  • One thing I noticed about Enpass is that in order to copy a password I have to go into the Edit mode first.
  • Oh dear. Spent a lot of time yesterday transferring from Dashlane and trying to get this app to work. Using W10 on a standard PC, just about everything I can think of is a problem. And I've already paid for it on my WP:-( I've reported it to Enpass, still waiting for a reply.
  • Can't seem to get iris unlock to work, it keeps saying "your PIN is required to turn on Windows Hello". My phone is unlocked and I'm in the app, Windows Hello is enabled, so I'm not really sure what to do. It gives me the option to log in using a PIN at this point, which works, but I'm trying to use the iris scanner so this doesn't really help. Any ideas?
  • A confusing mishmash... aside from the problems with Windows Hello, it would appear that you need the desktop app to allow browser extensions - is this right? So now I have two different versions of Enpass installed in Windows 10, an app and also a Win32 program. Am I missing something, do I need both installed to get the required functionality, or is the app version incomplete when compared the Win32 version?
  • It will not help but I have no problem with Hello on Enpass. Regarding the extensions, yes you need the desktop app, I think UWP do not allow extensions to "plug into them" for now.
  • Someone in this thread pointed to a thread where they've explained UWP support is coming, the required API's there, just being tested first.
  • I'm quite confused. What is the point of having the UWP on my Surface? I can't run the extensions from it.
    It doesn't minimize to the tray. All I can seem to do is login with my face and see a $#!+ load of passwords that I can copy or share. It is for all intents and purposes "useless." At this point, save yourselves the $10 I just wasted and download the free desktop version that does do those things except the cool face login bit. I'm so bummed. For this I could've just had an encoded OneNote page with all my passwords in it.
  • Made the switch after reading this article, but still waiting on that Edge extension.  :-(
  • Lastpass has just announched that you can use it free on desktop and mobile. There is a premium offering still but you don't need it. Looking at enpass you need to pay to use it on your phone.
  • There is one MAJOR disadvantage when speaking about Enpass - it does NOT have a real export version. Sure, you can export, but it's just plain text. No other password manager can import that non-structured text. You better think twice...
  • There is one MAJOR disadvantage when speaking about Enpass - it does NOT have a real export version. Sure, you can export, but it's just plain text. No other password manager can import that non-structured text. You better think twice...
  • This sounds like an Advertisement for Enpass more than anything.   The writer keeps saying "it's local" "it's local" but to have it do any form of syncing of passwords with other devices it can't be local.   So now you need to create a manual process to sync the different devices with your home machine making it labor intensive and creating points of failure.  Otherwise you have to store the password file somewhere, be it in a dropbox, skydrive, etc.  Then,gee wiz, it's not local anymore!  But is still a quazi manual process.  By that standard Lastpass originally could be used in a local only format and still can be backed up to your machine for offline access.  Yes your password file is stored in the cloud (and can be stored locally as well) but with hashing and rehashing using different data elements relative to the password file owner not elements held by lastpass.   Lastpass has repeatedly proven that they have no possible way to determine what your password key is because of the way info is sent to the lastpass servers.  Yes you can login on their website to get your passwords, but they supply one time passwords for that activity so your lastpass password does not need to be entered on a publically accessable site. Finally, LP supports 2 factor authentication, with various vendors.  Goog authenticator, duo, yubi are a few.   I out of curiosity installed this on a test environment and althoygh it is not horrid, it was underwhelming.  Needless to say I did not purchase it.  
  • If you are looking for an alternative password manager, take a look "Intuitive Password" online password manager. I have more than 200 passwords and they are all different for each site, I use it every day. It works on all devices including smartphones, tablets, laptops and desktop PCs without installation required. Intuitive Password provides a Data Restore Points feature so you can't lose your data using their service.
  • as soon as you start using enpass with onedrive or dropbox then you are pretty much in the same boat as lastpass.  the thing with lastpass is that the people working there are dedicated to security whereas at the other companies, security is a concern, but its not their main concern and probably have less people working on keeping your stuff secure. if you only need to sync/access your database when you at home then i would suggest using something like syncthing or resilio sync to sync your database over the network vs sending it to some servers in god knows where
  • Now that mSecure is moving away from cloud-based syncing with OneDrive, DropBox, etc. and using their own proprietary server (login/pw required) I need a new PWM solution. It's between Enpass and LastPass.
  • Hi Daniel, are you still using Enpass?  Just currious if its still the "top dog" of password managers for Windows.  Also, what do you do for the apps you access on your xbox?  Does Enpass work there too?  IMO that would be a HUGE advantage.