Enpass comes with a feature that allows users to conveniently share an item with others. Well, your data is totally safe when it resides in Enpass but the security of item may be compromised when shared.
There are basically two ways of sharing the data from Enpass.
Using pre-shared key (Secure)¶
This is a secure way of sharing items with other Enpass users. You first need to create a pre-shared key for intended recipient from the advanced settings of Enpass. While sharing, the item can be encrypted with the created PSK that only you and the recipient knows. It is recommended to share the PSK with recipient through a medium different than the used for sharing the encrypted item.
Using pre-defined key (Insecure)¶
The data shared this way is not secure and can be imported by anyone having Enpass. This is because a pre-defined key is used to encrypt it that is known to every Enpass. Although, it takes cares of prying eyes very well, but is not secure.
While using insecure sharing, you better follow these practices:
- Always use a secure channel/medium for sharing. i.e. No one must listen in on or temper with the medium. Practically, it is hard to find such a channel. As a default medium we have enabled Mail and iMessage but you can always copy and paste the encoded URL into your own trusted software.
- Double check that you are sending it to the correct person.
- Delete the shared text after being sent and ask the recipient to delete the same as well after importing the item in their Enpass database.