Everything you do online from browsing, shopping, communicating and even banking is totally based on safety of your passwords and identities from rest of the world. Recent Heartbleed bug was a big blow on that safety and everything that meant to be very personal and secure was at risk. Did I say everything? OK , let me elaborate the word “everything”. Everything means the information that supposed to be encrypted and inaccessible during communication with most of the secure websites. In other words, heartbleed bug removed ’S’ for security from HTTPS protocol).
What is Heartbleed?
Heartbleed bug is a mistake written into OpenSSL—a security standard encrypting communications between you, the user, and the servers provided by a majority of online services. OpenSSL’s Public-Private key cryptography algorithm is responsible for this secure communication. The mistake makes it viable for hackers to access the private key and see secured traffic in communication containing user names, passwords and other sensitive information like credit cards and banking information.
Enpass is not affected.
Fortunately your data in Enpass is not affected at all as your data is stored locally in your device and is protected by AES-256 bit encryption. If you have enabled Sync in Enpass then also your data is secure. Before your data is actually synced with your own cloud accounts it is encrypted locally and then transmitted, so there is nothing like anyone can have access to your master password and unlock your database. We never store your master password (which is the only key to your data) anywhere so YOU ARE SAFE and don’t need to change your master password.
But you still need to change your login passwords of affected websites.
The statement Enpass is safe from Heartbleed, doesn’t mean that the websites whose information is saved in Enpass are also secure. They might be affected with Heartbleed and you need to change your all associated passwords (if they have updated their OPENSSL implementation with latest bug-free version).
You can check the affected websites from this link provided by McAfee. If you found them affected you must immediately confirm whether the bug in OPENSSL has been fixed at their end. There is no point is changing the passwords if the bug is still open because your new password will be as vulnerable as old one.
Changing passwords is not pain with Enpass.
Enpass for all versions (Mobile and Desktop) provides you with built-in password generator that can generate sting, unique and unguessable passwords with a click.
You can create a recipe with specification of length and ingredients in password as Digits, Symbols.
We at Sinew are always working to improve Enpass with foolproof safety. Be friend with us on Facebook or follow @sinewsoft on Twitter to help us improving Enpass with your valuable suggestions.