Enpass

Update: It has been two years since they told me that they are planning to add csv or other standard export option in near future. But it looks like they never want to create an export option. I do not understand why it is necessary for a software that is a one time purchase. If you start using EnPass you will struck with it.

Enpass is a good password manager which is updated on all available platforms. For example, it has an UWP app for Windows mobile and Windows 10 which includes all features in its android counterpart. It aslo takes full advantage of the OS it is made for. It has a option to add Windows Hello biometric authentication. I really like that one.

Best of all it allows us to store the data in our own cloud or local storage. No sign-in required. I really like it. My data's security is in my own hands.

[Edited by kolappannathan, September 12]

Enpass says it has the following advantages over competitors:

• unlike Lastpass, Dashlane, 1Password, Roboform and Keeper, Enpass doesn't store your encrypted password database on their servers. Therefore they can't be hacked and lose your data (like, e.g. might have alread happened to Lastpass).
• they use SQLCipher, which is open source, as the method for encrypting your data.
• Enpass works on Mac, Linux, Windows, Android and iOS

But there are problems with Enpass:

• because Enpass isn't open source, we don't know what the rest of their code is doing. They say users can verify that Enpass isn't sending sensitive data out by using a packet sniffer, like Wireshark. But that's meaningless because an update tomorrow could change all that and they could capture millions of people's passwords.
• The Enpass people say the reason they haven't open sourced their app is because they want to make a bit of money. This is misleading because plenty of open source applications make money. Ironically, Invision Power Board, the open source software Enpass use to run their own forums proves this: when you buy Invision Power Board, you get the source code. Moreover, quite a few people on their forum have told Enpass that the reason they're not paying is precisely because Enpass isn't open source and they can't have the same level of trust as if it were. These people say they would happily donate/pay if the app was open source. Enpass have no answer to this. They go quiet when all this is pointed out to them (read the discussion here). Not a good sign.
• Enpass uses a unique format for their password database, which isn't compatible with any other software. They make importing your passwords (E.g. from rivals like Lastpass) very easy. But if you want to export it, the options are much less convenient.
• Enpass has no 2-factor authentication options (unlike Lastpass, Dashlane and the others)
• Enpass doesn't support using a keyfile to strengthen the password strength (unlike open source alternatives like Keepass, MacPass, KeepassX, KeepasXC and Keeweb).

Why there is no reason to use Enpass:

You can get better functionality of Enpass in an open source solution, like KeepassXC.

• KeepassXC is open sourced, so you don't have to worry that it's snooping on you - you can inspect the code
• It supports using keyfiles to strengthen your password
• It uses a format for your database that many open source apps can open (it's compatible with Keepass, MacPass, KeepassX and Keeweb). It's also compatible with mobile apps like KeePass2Android and MiniKeePass (iPhone/iPad)
• It has all the advantages of not giving your data to third parties
• KeepassXC works on Mac, Linux and Windows exactly the same way
• It integrates with Firefox and Chrome-related browsers via either the PassIFox or ChromeIPass extensions.

So forget Enpass; you can be more secure and confident and have all the same/better functionality with open source software.

A Quick Guide to Configuring PassIFox with KeepassXC:

Install the PassIFox addon & restart the browser. Open your password database with KeepassXC. On Linux/Windows go to Tools > Settings > Http and check "Enable KeepassXC HTTP protocol". (On Mac it's KeepassXC menu > Preferences > Http for the same option). Go to a website you want to log into (e.g. Protonmail.com). Try to login. You'll get a popup at the top of your Firefox window saying that PassIFox isn't configured. Click to configure it. It will ask for a link to be established between it and KeepassXC. You can call that whatever you want. Once you do this, you can attempt to login again. It will ask you to confirm that the plugin is allowed to get the info from the password manager for the website it detected. You can choose to allow and set it to be remembered. From that point on, it will always be autofilled. Every website you go to that it detects you have a login for it will ask this permission. But once you tell it to remember, it will remember forever. So you only have to give permissions the first time. That's it.

This used to be a great app. It was expensive, but very good. Especially their UWP app on windows. Now though, they are rescinding their UWP app and forcing you to use a sub... and I mean sub standard Windows App. Their new Windows app doesn't scale at all and half of my passwords are now unaccessible due to the poor implementation. To make matters worse, despite having paid a premium for this app a couple of years ago, in order to get some of the features that I used to get with the expensive version I originally bought, it would appear that I have to give the developer more money. This is a classic bait and switch move from a cynical developer. Use anything other than this

First things first, let me copy-paste a comment by /u/nohrei via reddit:

"Let me start by saying that LogMeIn[me: LP was sold to LogMeIn, they are responsible for LastPass now] isn't an honest company.
They have been fighting battles in courts against "complaining" customers(private/enterprise), have a bad reputation, a shitty customer service, are known to be one of the most unethical companies in existence, security/privacy-wise not so cool. You'll find many people complaining and many people looking for alternatives to LP. I'll be frank, I won't support assholes. Good it isn't Adobe and there are alternatives to password managers... like Enpass, Keepass, whateverpass. I'm not saying don't use LastPass, you're your own judge. I really hope LP will be managed by the LP team although I highly doubt they'll stay there forever; they will probably get laid off at some point too. Even if they stay the management and the attitude will change, LP had a good reputation(excellent customer service, good PR, great with security, everything that LogMeIn isn't.) whereas LogMeIn has none of it.

I was using KeePass before I made the switch to LP and now again before switching to Enpass, decided to go full cloud again. Enpass is really nice & the UI's elegant and clean. There's also 1password but I'm not a big fan,— no particular reason other than "not into it"— just not my cup of tea. Sorry for the quicktype answer but I'm on the run."

That said LP is not good enough for me anymore— plus it has a serious security issue. We switched to Enpass and are not looking back!
The U.I's much nicer and it just works! It isn't a cluster of trash like LP and just feels nice to work with. The popup password window seeminglessy comes to foreground whenever it's needed. I had KeePass too but decided on Enpass. If you're looking for a good and free alternative to LP, it's either Enpass(local/cloud) or KeePass(local)!
**

Important Features:**

• Database can be stored locally or in the cloud
• Encryption method: Twofish Cipher
• passwords/logins/forms/documents/miscellanous info
• privacy-minded

Give it a try!

I hadn't even heard about the LostPass vuln until I saw the warning here on Alternativeto.net. Clicked through to the Betanews article and was shocked at what I saw. Someone mentioned Enpass in the comments below, I gave it a spin and ended up deleting my Lastpass account a few days later. It was a pretty simple matter to export all 1000+ plus Lastpass entries I had accumulated over the years and import them into Enpass using .csv file.

Only thing lacking is support on some more esoteric platforms such as Snow Leopard and BSD. I actually prefer it to Lastpass in many ways.