When it comes to online security and conversations around data breaches, we often talk about the best practice of using password managers. Once you’ve come to the decision to use a password manager, you’ll need to make an informed choice between a number of password managers and that will ultimately come down to how secure your data is with them.
Enpass is built on a ‘zero-knowledge architecture’. This means that all the information you store on Enpass is only accessible to you. Our servers won’t interact with your data at any point – whether you save it locally on your device or on your network-attached storage (NAS) or sync it via your preferred cloud service.
It’s your data, and it’s private. We will never have access to it for any kind of testing, analytics, or marketing.
Enpass was created as an offline password manager for this very reason and data privacy and security has always been a top priority for us and a cornerstone of our product roadmap and developmental efforts.
Like all password managers, Enpass encrypts the data that you add. Moreover, both the encryption and decryption are done locally. Even in the case of cloud storage, the data is always transmitted in an encrypted format and decrypted locally.
Here’s a fun exercise. Open the Enpass data file on your device in a binary editor and all you’ll see is encrypted gibberish data.
Additionally, the key that encrypts your data is derived from your master password which is known only to you. Enpass doesn’t have any record of your master the password or its derivative, or store the encryption key or its derivative.
Enpass uses one of the world’s leading cryptography algorithms to secure user data. All data is encrypted with 256-bit AES with 100,000 rounds of PBKDF2-HMAC-SHA512 using the peer-reviewed and open-source encryption engine SQLCipher.
This helps prevent your data against any brute force or side channel attacks. Even if an attacker gains access to your Enpass data file (like in that little exercise we did above), it’s unusable until they have access to your master password. And with brute force, it will take the attacker years to crack and access your data.
You can read more about our security practices in this white paper.