The last couple of years have seen a significant increase in online security breaches worldwide. While a password manager helps you manage your credentials and sensitive information securely, it was imperative for us to build more features on top of it to ward off other online threats as well to secure the digital lives of our users.
The latest Enpass for iOS update introduces a new premium feature that we’ve been working on for the past few months.
Breach Monitoring
Breach Monitoring is a new built-in threat-detection feature that keeps a tab on incidents of data breaches globally, and checks if any website saved in your Enpass vault is breached. You can then take proactive steps to safeguard your information before it is abused in any way.
Enpass is one of the best offline password managers available, and Breach Monitoring will act as a critical vanguard on top of it to keep your information safe from external threats.
These days, with our pervasive digital lives, we end up sharing a lot of our personal data with several organizations and government institutions. Often, because of a security failure or a deliberate intrusion, this data is exposed to unauthorized actors. While you should exert more control on your personal data and privacy and adopt better security practices online, you can’t really control data breaches.
Data breaches are an increasingly common occurrence these days. Our personal data, including names, email addresses, passwords, government identities, dates of birth, credit card information, medical records, et al makes its way to shadowy hackers who could use it for identity theft, financial scams, and other sinister real-world crimes across the globe.
The new breach monitoring service from Enpass will tell users about the breached website, so that they can change their passwords immediately before any damage is done. You can find Breach Monitoring in the Audit section, which acts as a security dashboard for Enpass giving you overall health of your credentials at a quick glance.
Here’s how it will work. Enpass will maintain a record of all data breaches on its servers, and the Enpass app would download this data. The app will check for breaches on the app locally without sending any user data to our servers. We will use a combination of haveibeenpwned, other authoritative sources, as well as manual addition to keep the records updated.
For the convenience of our users, the Breach Monitoring service is also available on our website to check for any breach: https://www.enpass.io/breach-monitoring
2FA Identification
Enabling two-factor authentication (2FA) on your online accounts is a great way to add an additional layer of security. It adds an extra step to your basic log-in process, requiring an additional bit of information apart from the password.
As part of the new update, Enpass will now identify your accounts that support 2FA but do not have one-time codes saved. This enables users to recognize and filter out websites that support 2FA and enable second-factor authentication as an extra layer of security and add one-time codes for these accounts. This will, essentially, allow you to use Enpass as an authenticator app.
Similar to how Breach Monitoring is set up, the Enpass app regularly fetches the latest definitions regarding 2FA supported websites from its server where an updated repository of websites is maintained using TwoFactorAuth.org as its source. Enpass then compares each item in your vault with the retrieved information and flags the items that support 2FA but don’t have a one-time code saved in Enpass. Everything is checked locally on your device during this process, and your passwords are never sent to Enpass servers.
Of course, if you’ve enabled 2FA using other mediums like text, email, or a security key, you can choose to select ‘Don’t save in Enpass’ and not save the TOTP in Enpass.
Summary
We can’t recommend good password habits enough – use a strong, unique password, that is – along with taking adequate precautions online to secure your digital lives. You can check out our easy tips to supercharge your password manager as well as perform periodic audits of your passwords to weed out weak, old, and duplicated passwords.
However, once your information is leaked due to an external data breach, unfortunately, the password strength is immaterial. Hence, Breach Monitoring is a handy addition against any reported data breaches or hacks. In case of a data breach incident, do take countermeasures to avoid any repercussions.
Building, and maintaining, a Breach Monitoring service takes considerable effort and resources but we’re happy to bring a premium service like that to offer additional security to our users and add more value to their subscription. The feature is now rolling out to iOS but will soon be available on Android as well as on our desktop apps.
Drop us a line at support@enpass.io or give us a shout out on Twitter or Facebook if you have any feedback about this new feature or if you require any assistance.
6 Trackbacks