Enpass servers never interact with user data in any way

Enpass servers never interact with user data in any way

When it comes to online security and conversations around data breaches, we often talk about the best practice of using password managers. Once you’ve come to the decision to use a password manager, you’ll need to make an informed choice between a number of password managers and that will ultimately come down to how secure your data is with them.

Hands-off approach

Enpass is built on a ‘zero-knowledge architecture’. This means that all the information you store on Enpass is only accessible to you. Our servers won’t interact with your data at any point – whether you save it locally on your device or on your network-attached storage (NAS) or sync it via your preferred cloud service.

Enpass Hands off approach

It’s your data, and it’s private. We will never have access to it for any kind of testing, analytics, or marketing.

Enpass was created as an offline password manager for this very reason and data privacy and security has always been a top priority for us and a cornerstone of our product roadmap and developmental efforts.

Encryption

Like all password managers, Enpass encrypts the data that you add. Moreover, both the encryption and decryption are done locally. Even in the case of cloud storage, the data is always transmitted in an encrypted format and decrypted locally.

Enpass encryption

Here’s a fun exercise. Open the Enpass data file on your device in a binary editor and all you’ll see is encrypted gibberish data.

Additionally, the key that encrypts your data is derived from your master password which is known only to you. Enpass doesn’t have any record of your master the password or its derivative, or store the encryption key or its derivative.

Security

Enpass uses one of the world’s leading cryptography algorithms to secure user data. All data is encrypted with 256-bit AES with 320,000 rounds of PBKDF2-HMAC-SHA512 using the peer-reviewed and open-source encryption engine SQLCipher.

Enpass security

This helps prevent your data against any brute force or side channel attacks. Even if an attacker gains access to your Enpass data file (like in that little exercise we did above), it’s unusable until they have access to your master password. And with brute force, it will take the attacker years to crack and access your data.

You can read more about our security practices in this white paper.

Download Enpass, and if you have any queries about your data privacy and security, drop us a line at support@enpass.io or give us a shout out on Twitter or Facebook.