Skip to content
  • Product
    • Business
    • Personal
  • Why Enpass
  • Pricing
  • Resources
    • Resource Center
    • Blogs
    • Trust Center
  • Help
    • Support
    • Help Center
    • Forum
  • Contact Us
Download
Security

Password Manager Breaches: Should You Worry as a User?

February 9, 2023
Password-Manager-Breaches-Should-you-Worry-As-A-User

Disturbing reports of high-profile data breaches involving popular password managers have become more frequent. LastPass and Norton Password Manager were recently hacked, which has raised concerns about the security and reliability of using such tools to store sensitive information.


These security breaches can naturally make anyone nervous about the safety of their data. But these concerns can be alleviated when you understand how to better protect your sensitive data by using a password manager like Enpass, which syncs your data without sending anything to Enpass servers. With Enpass, it’s impossible for your data to be stolen in a LastPass-style breach, where hackers attacked a single cloud server containing the passwords of every LastPass user.

Why do hackers target vendor-hosted, cloud-based password managers?

Password managers that store the data of millions of users in a central cloud, their proprietary cloud, are a honeypot for hackers. If they can break into these servers and steal millions of password vaults, they could potentially access every password of every user and then use those passwords to access bank accounts, email accounts, etc. 

This is what happened to LastPass users late last year.

Hackers were able to download the encrypted vaults, and now hackers only need to crack each vault’s master password — which can be accomplished by a computer in just a few hours when master passwords aren’t strong, unusual, and unique.

Vaults with weak master passwords are at a greater risk. The multi-factor authentication (MFA) you encounter when signing into an online password account will also not be able to protect these vaults as they’ve already been stolen from behind the company’s security.

So how can password managers still be safe?

You can take critical steps to safeguard your identity and sensitive information. For example:

1. Use a strong, unique master password

Your master password is the key to accessing your password manager, so it is vital to choose a strong and unique password that is difficult for hackers to guess or crack. Avoid using common words or phrases; consider using a combination of letters, numbers, and special characters. A 12-character password takes 62 trillion times longer to crack than a 6-character password, so even if your vault is compromised, a strong and complex password makes it much more difficult to decrypt and read your data.

2. Enable additional security measures

Many password managers offer additional security measures, such as account-key or keyfile support ( like in Enpass). These extra measures add more randomness to the vault encryption. Unlike multi-factor authentication, using a keyfile further protects your data from brute-force attacks if hackers have already copied your encrypted vault. So it’s wise to choose a password manager that supports the use of keyfiles along with a strong master password.

3. Consider using a password manager with decentralized data storage

This is perhaps the best step you can take to safeguard your passwords and protect your accounts. Password managers that give users a choice of where their data is stored are far less attractive to hackers because it removes the rich target of a single server full of password vaults for them to attack.

Enpass is uniquely feature-rich and uniquely secure

Enpass doesn’t even have a centralized cloud for storing user data. As an Enpass user, you have the freedom to choose your own trusted cloud accounts (like iCloud, Google Drive, Microsoft OneDrive, Dropbox, Box, etc.) to store and sync your encrypted password vaults, which provides you with multiple extra layers of security authentication. Alternatively, you can keep your vaults on your own server (using WebDAV or NextCloud) or even completely offline, syncing directly between your devices over your own Wi-Fi network at home or work.

If you’re using Enpass and syncing through a personal cloud account, a hacker would have to…

  • Target you personally (not a server full of millions of passwords)
  • Know which cloud services you’ve chosen for storing your vaults
  • Discover the credentials to those cloud accounts
  • Get past each cloud account’s multi-factor authentication
  • And know your Enpass master password
  • (Plus, there’s that keyfile option if you want yet another layer of authentication)

Enpass is not only based on truly zero-knowledge architecture but also has zero access to your encrypted vaults. Enpass has no way to reach your data since it’s stored under your control. So the risk to you is zero if Enpass’s company servers are breached. And Enpass Business clients, can choose to keep data within company infrastructure or on the company OneDrive/Sharepoint. This reduces the risk of your data being exposed. 

Enpass is available on Mac, Windows, iOS, Android, and Linux, and can even be downloaded in a portable format that lives on a USB drive, enabling access to your passwords and personal data from multiple devices and platforms, providing convenience and flexibility.

Enpass supports biometric authentication, including fingerprints and facial recognition, to help protect your passwords and personal data.

Enpass includes Breach Monitoring, so you can stay one step ahead of hackers by receiving alerts when breaches are reported for sites you’ve stored in Enpass. This allows you to take swift action, such as changing your password, to prevent any damage before it’s too late.

Enpass enables users to share vaults with other users within their organization or family. This can be helpful for teams that need all need login access for shared accounts or resources.

Enpass automatically audits passwords, alerting you of weak or duplicate passwords so you can take steps to improve your security. For business users, this can decrease the risk of password-related security breaches within your organization.

Enpass is ISO/IEC 27001:2013 certified, and undergoes periodic security audits, and complies with regulations and data protection laws, like GDPR and CCPA. This helps organizations to meet their compliance requirements and ensure the security and privacy of their sensitive data.

Quote-Enpass-is-ISO-IEC-27001-2013-certified

Enpass uses AES-256 encryption, a widely used and trusted standard for data encryption. Read about security in Enpass. 

Experience the Enpass advantage for yourself

Download the free desktop app and try it for yourself. It’s time to give your data the security it deserves.

  • Cybersecurity
  • Data breach
  • password manager
  • Security

Post navigation

Previous
Next

Search

Categories

  • Announcement (35)
  • Browser Extensions (12)
  • Enpass Portable (4)
  • Enpass-Android (15)
  • Enpass-BB (3)
  • Enpass-iOS (14)
  • Enpass-Linux (8)
  • Enpass-Mac (7)
  • Enpass-Windows (18)
  • General (42)
  • How-To (25)
  • Press Releases (1)
  • Security (39)

Recent posts

  • Enpass Adds Support for Importing Data from Dropbox Passwords, Microsoft Authenticator, and ESET Password Manager 
  • From Password Policy to Practice: Enpass Helps Businesses Get Passwords Strong
  • 16 billion login credentials leaked — including logins for Google, Apple, Facebook, and more. Here’s how Enpass helps you stay safe

Tags

Access Recovery Browser Security Cybersecurity Data breach Data Sovereignty Enpass6 Enpass Business Enpass Enterprise Enpass hub Lastpass passkeys password manager password theft Phishing Security Security Audit Spear Phishing Vault Sharing

Related posts

Enpass iOS Passkey blog image
Security

Enpass steps into the passwordless future with passkey management for iOS

September 19, 2023

Great news! Apple has just released iOS 17, which includes a major leap forward in security: Opening up passkey management to password managers like Enpass. Even better news! Enpass has just released an update to go along with this change. You can now create passkeys in Enpass and sync them between devices, along with your […]

Strong Password
Security

Why Are Strong Passwords Still Crucial Even with MFA Enabled?

May 15, 2023

In 2021 alone, 6 billion user accounts suffered data breaches, setting a new (not so happy) record for data breaches. 2022 was no better. The bottom line is that individuals and businesses must better protect themselves against cybercrime. The two most effective ways to safeguard sensitive information are strong passwords and multi-factor authentication (MFA). Together, they […]

Google-Introduces-Passkeys-What-Does-That-Mean-for-Password-Managers
Announcement

Google Introduces Passkeys: What Does That Mean for Password Managers?

May 6, 2023

Passwords are still widely used and will continue to be for some time. However, last year, Google made an important announcement in collaboration with the FIDO Alliance, Apple, and Microsoft. They expressed their commitment to supporting passkeys as an alternative to passwords, providing enhanced security and convenience.  And yesterday, just in time for World Password […]

Want to receive news and updates?

By subscribing, you agree to our Terms of Use and Privacy Notice. We do not send more than one email a month about the latest news of Enpass, special promotions and sneak peek of future releases.

Connect with us on social media

Explore
  • Business
  • Personal
  • Microsoft 365 Integration
  • Google Workspace Integration
  • Affiliate Program
  • Partners Program
  • Beta Program
  • Students
Features
  • Offline
  • Sync
  • Autofill
  • Passkeys
  • Password Generator
  • Password Audit
  • Import from others
  • Compromised Passwords
Resources
  • Comparison
  • Downloads
  • Security
  • Security Whitepaper
  • Press: Resources
  • Passkeys Catalogue
Company
  • About
  • Privacy Notice
  • Cookie Policy
  • Terms of Use

Copyright © 2025 Enpass Technologies Inc.

  • Terms of Use
  • Privacy Notice