Security of Your Data is Our Priority

Your data is protected by world’s leading cryptography algorithm

Your data is fully encrypted with 256-bit AES with 24,000 rounds of PBKDF2 using the peer-reviewed and open-source encryption engine SQLCipher, providing you with advanced protection against brute force and side channel attacks.

We don’t keep your encryption key or its derivative.

The key that encrypts your data is derived from your Master Password. Your master password is only recorded in your mind. There is no other record of master password (with which your data is encrypted) or its derivative anywhere in universe - not on your device (exception in case of Touch ID), not with us and not on any cloud. If you forget your master password, there is no way to recover your data.

Your data is stored locally by default

Enpass is designed to work locally even without internet connection. To use Enpass, you don't need to sign-up with us. Your data always remains on your device and never leave it until you choose it so by syncing through any of your cloud account.

Sync your data with your preferred cloud provider

Optionally, you can sync your data (AES-256 encrypted) across multiple devices seamlessly through any of supported clouds  such as iCloud (Apple devices only), Dropbox, Google Drive, OneDrive and Box. Your data is always transmitted in encrypted format. Encryption and decryption always happen locally on the device.

We never keep your data on our servers

We do not host your Enpass data on our servers. So, no signup is required with us. Your data is only stored on your device. If you prefer to sync your data between devices, you can use your preferred storage cloud, such as iCloud, Dropbox, Google Drive, OneDrive, Box etc.

FAQs

How much of my data is encrypted?

100% of your data is encrypted with Enpass everywhere. You can open data file inside a binary editor and see it yourself. All you will see is nonsense, gibberish data ( encrypted with AES 256).

What happens if I forget my master password?

If you forget your master password nothing can be done to recover it. There are no such backdoors and options to get back or reset your password as there is no record of it anywhere other than your mind. This is the only way we can make the data inaccessible to anyone except you.

How secure is my data while syncing with a cloud?

Your cloud always contains a copy of same encrypted data as on your device. We download the whole encrypted copy and decrypt it locally on your device for real sync operation to merge changes. Afterwards we upload the encrypted data on cloud. In a nutshell, your cloud is only a storage medium and no security related operation ( encryption or decryption ) is actually performed there. All such operations are performed locally on your device.

What if my cloud account is compromised?

Your data is encrypted using the same standard as on your device, i.e. AES-256 with 24,000 rounds of PBKDF2 using SQLCipher engine. Even if an attacker gains access to your Enpass data file, it is unusable for him until your master password itself is compromised; otherwise it will take him years to crack and peep through your data.

Is there any design details available for Enpass Cryptography Engine?

Enpass uses SQLCipher as cryptography engine which is used world wide for cryptographic operations. It is peer reviewed and open-source. Its design details are available here.

How can you unlock my Enpass data with Windows Hello on Windows 10 mobiles without using my master password?

Your Enpass data can only be decrypted by your master password. Please read more here to learn how we have used Windows Hello to unlock Enpass with best possible security.

How can you unlock my Enpass data with Fingerprint on Android without using my master password?

Your Enpass data can only be decrypted by your master password. Please read more here to learn how we have used Fingerprint to unlock Enpass with best possible security.

How can you unlock my Enpass data with Touch ID on iOS without my master password?

Your Enpass data can only be decrypted by your master password. Please read more here to learn how we have used Touch ID to unlock Enpass with best possible security.

How secure is sharing an Enpass item with others?

Please see this FAQ.

I have found a potential security threat with Enpass. What to do now?

If you have discovered a potential security issue with Enpass, we kindly ask you to go to this page right now..