If Enpass is an offline password manager then why does it connect to Internet and shows network activity?
Indeed Enpass is an offline password manager and saves your data locally on your device and in any case, we do not (and we can not) access any of your data. If you have seen a network activity for Enpass, it could be due to any of the following reasons:
- Cloud Syncing: If you have enabled sync with any of your cloud accounts, Enpass will connect to that cloud account to check and perform sync operation.
- Checking for alerts: Enpass connects (anonymously) to one of our domain (https://rest.enpass.io) to check if there is any message for the users like important security news or update. It is a GET query and doesn’t send any kind of information there except the version number and OS name.
On Android, the query also fetches the association of domain name definitions with their Android app package name for better auto-fill experience.
- Audit: Enpass connects (anonymously) to one of our server(https://rest.enpass.io) to retrieve data for compromised passwords, breached data and 2FA supported logins.
Why we recommend to keep this setting ON? Being offline in nature without any information about our users (except those who have signed for our Beta program or newsletter) makes it impossible for us to contact you in case of any urgency (informing about security breach like Heartbleed, FREAK Flaw; ) which might require immediate action by you. That is where this becomes the only medium through which Enpass can pull any such information. And most importantly, we respect your privacy the most, and in any case, we don’t keep any of your personal information on our servers.