> someone was playing on my account - it was stolen and WOT support didn't gave a fck about it.
Computer Security 101: Don't use the same password across multiple accounts. Seriously dude. It's nearly 2018. Download a free pw manager and start using 30 char passwords.
> For 2-factor authentication for WOT you need to have a smartphone and install an extra app
No you don't. You can download a Win32 app that works just like Google Authenticator 2FA app. I use WinAuth. It's opensource and works perfectly.
Enpass.io is a password manager w/ a 2FA token generator built-in it so you don't need separate app. I've never used Enpass so can't vouch for it but there are tons of reviews online.
Enpass is amazing. using them for 2 years - absolutely great. I sync over iCloud (one can choose google drive and many others as well)
Should get much more love
Relevant generator for said method.
This is a password method I've used since I read this article. it's a secure way to generate passwords that you'll actually remember. this, with 2 step verification, is basically the best you can do.
Otherwise, be sure not to use the same password for Everything, so if someone breaks into your amazon account that doesn't mean they have the password for everything you use. Try to use different passwords for all the sites/etc you use.
I normally store my passwords in a manager like this: Enpass. I like to store my passwords off the cloud, on my phone only, and since the app can be opened with your fingerprint reader (at least on Android), it's still an easy yet secure access point to all your passwords.
I suggest looking into https://www.enpass.io/
I was a keepass user for many years as well. Enpass has everything that made me comfortable to switch from keepass, plus a bunch of quality-of-life improvements.
like a chrome extension, much easier to sync (built in owncloud integration for self hosting), shareable logins, a much better looking UI, and support for each platform.
Using enpass on Android (Nougat+) is the best because it has native login support. you can open an app that shows a login screen, and you can select enpass from the notifications and it'll enter your credentials for you. saves you from switching windows back and forth. Which you can still do with android split screen, for the more complex copy/paste situations.
It seems like Enpass is generating some interest. I'm currently evaluating this as a replacement for 1Password.
Pros: Cross-platform (Windows, Mac, Linux, iOS, Android). Free for some platforms, one-time fee for others. No subscription. Can sync via a choice of cloud providers. Cloud/sync is not required.
Cons: Closed source. May not support your cloud provider of choice. Not free on all platforms.
Mobile App is excellent, it does have fingerprint unlocking: https://www.enpass.io/apps/ios/
They do support syncing via Dropbox. (And iCloud, Google Drive, Box, OneDrive etc)
The migration from my 1Password vault was perfect for all logins, no issues at all. However my secure notes that were in 1Password became Logins in enpass, this is easy to remedy by dragging them to secure notes in enpass though.
Try it out, it's literally Free for Windows and Mac. $9.99 for iPhone/Android. So you can try the desktop version, migrate your data, if it's not good enough for you, you didn't spend anything and can continue using 1Password :)
I use Enpass. It’s quite simple, but what made me choose it over 1password is the fact it has no subscription. Pay upfront for the iOS app(macOS app is free) and share your passwords over iCloud(or some other cloud like Dropbox).
The subscription model does not inspire confidence when I’m storing all of my secrets in the app. But that’s just me.
I haven't used it myself so I can't comment on it, but here's an option for USB: https://www.enpass.io/apps/portable/
As far as I know Enpass is closed source. This won't be acceptable to the most security-minded or paranoid out there, but it's good enough for me.
If all you want/need is “1Password 7” functionality with iCloud synchronization, you might want to take a look at Secrets. It’s available for iOS and Mac, and supports importing .1pif files. It does require a $20 in-app purchase (per platform) though.
If you need more platforms, Enpass also works well, though I don’t have much experience with it.
I’m currently evaluating Secrets, but I might just end up using iCloud Keychain with a separate app for 2FA codes.
A newer, prettier, alternative to Keepass2 if you don't require additional plugins is Enpass. It has all the browser plugins and is similar to 1Password in its use. Much easier, IMHO, for the uninitiated.
reused login info.
it isn't necessarily CR being hacked but if another website has login details found then they'll try it everywhere.
http://haveibeenpwned.com will try to find out if your email address has been found on dark net sites or on pastebin.
best thing to do is get an open source Password Manager like Enpass (https://www.enpass.io/) and log in everywhere and change your password.
Io uso enpass
Sono un ex utente Lastpass premium e cercavo un servizio simile senza la spesa annuale.
Enpass è gratuito su desktop e lo paghi una sola volta su Mobile, ha estensioni per i maggior browsers.
I've been using EnPass for the longest time and the pricing was amazing, but they changed it at some point for new customers.
It used to be free or something like £5-15 for a lifetime license, but now has a subscription model or a one-off £64 for a lifetime license.
Pricing aside it's been really great, although I prefer to keep my 2FA separate.
Enpass is what I use, might be better since you're not storing data on their cloud platform. Even the best password managers are susceptible to hacks (see the Lastpass breach in 2015 for example)
Edit: it's also free!
Oh, it will connect, but it sounds ok: https://www.enpass.io/support/if-enpass-is-an-offline-password-manager-then-why-does-it-connects-to-internet-and-shows-network-activity/
Here a user found a recent article about password managers leaking data. One of the Enpass guys gives as reply some information about how Enpass works: https://discussion.enpass.io/index.php?/topic/6625-news-some-password-managers-expose-the-data-theyre-designed-to-protect/
Being India based was also part of discussions some time ago. Enpass can't access your data because it's all encypted on your device, stored at the location you choose.
I use Enpass. It allows for syncing to WebDAV (owncloud/nextcloud) and has mobile apps and web browser extensions! I moved to it from 1Password and have been thrilled with Enpass.
Ich verwende Enpass, ist nämlich ohne herstellereigene Cloud, d.h. synct über google drive, icloud & co und damit kostenlos. Nur die Mobile-Version kostet einmalig €10 wenn man mehr als 20 Elemente hat.
> what's stopping you from syncing the entire password database to your smartphone though?
It has to do with the free mobile apps' limitation to 20 passwords.
With the free app, the sync selects randomly 20 passwords (or select the 20 more recent, I don't remember) so I split my database in two with one part being the 20 passwords I was the more likely to use everyday, and the second not being synced on the cloud and only accessible from my main desktop computer.
It's actually more of an historical reason as I bought the full Android app when I got my new Blackberry. I still haven't merge the two databases because 1) I'm as lazy as the average IT guy and 2) It seemed like a good security practice to compartmentalize. But maybe I will merge it some day.
But there's no technical reason anymore do to that, other than wanting to keep the overall thing free of charge.
I always thought Keepass was outdated and had a lot of useless forks, so I found Enpass which has the same principle as KeePass but with a more modern, simplified UI and Android/iOS/Windows mobile apps and a browser plugin (tested on Opera and Chrome, but probably compatible with all modern browsers). Has been using it for more than a year, with Windows app (and Blackberry, then Android app).
Free but some mobile apps aren't.
I especially like that (contrary to Lastpass, Dashlane...) the sync doesn't require any account or subscription, but instead is just an encrypted file that you can sync through cloud providers or manually. Also, the apps have native support of a lot of cloud providers so you don't have to install their dedicated app.
> suppose you need to log in to stuff on a device that is not your own...
I always have my smartphone with a partial list of useful account/passwords through the Enpass app. I just type in my master password and have access to the relevant passwords that are 12-20 characters so I can write them. Having 64 characters passwords is a bit overkill IMO, but maybe you work on sensitive things and really need this kind of security?
If you need to buy it to use it, then that means you can't just reproduce it and run it yourself; it means at least in some capacity, it's not open source or has a proprietary back end.
Edit: a quick glance at their legal page confirms that it's not fully open source, and they include segments that the software is non redistributable and not allowed to be reverse engineered, making it firmly proprietary in some regard.
Relevant sections are 2ii, 4i, and 5.
Also included in their privacy policy is the following:
> Sinew may track the user's behavior on our products using the third party analytics tools to make our products better to use.
Not fully relevant, but anything that I need to be secure that phones home is a turnoff.
Another update: having a lot of trouble finding what is open source, actually. One post from a dev nine months ago saying there's no plans to open anything. Their robots.txt advertises as proprietary.
A very good password manager that I've adopted is Enpass. It's not entirely free, but it's definitely the most cost-effective manager I've found. I've also opted to host the synchronized files myself using an ownCloud server attached to my personal website (because I like having as much control as possible).
Enpass does hit these qualifications: *free (with a mobile app caveat) *syncs across all computers and devices *Android app isn't broken *takes almost no time to log in to an account
EDIT: formatting help? idk why those asterisks aren't bullets
A good point with Enpass is that you can save your password data to the cloud, and by using WebDAV you can save that data to the Fastmail file storage:
https://www.enpass.io/docs/manual-desktop/sync.html#supported-clouds
Right I get that. If Enpass can offer both options then why can't AgileBits. I feel it's good to have options for those who don't want to subscribe. They'll make money either way.
Options are good. For example, Apple backtracked on the new Safari on iOS 15 as people were complaining and now there is an option to choose whether the address bar is on top or on the bottom.
Check out Enpass it has all the features of 1Password plus the option of a single license for those who want it based on a recommendation and what I've seen so far. It begs the question if they can do it why can't AgileBits?
When I saw an article on a Mac website, I came across the same question. In the search for an alternative, I found two-three options that met my needs. In my opinion, Enpass seems to be the best app because it offers a OneTime option - the same reason I am quitting 1Password.
have you read their privacy notice?
​
it has lovely privacy friendly points such as this one:
​
>We may track your behavior from device to device by gathering the following data
>
>Device name
>
>Install ID (UDID)
>
>Device type
>
>Installed OS and version
>
>Device Language
>
>Device Country
>
>We use the information we get from this technology to analyze traffic behavior, improve our marketing and advertising.
I have some more feedback. I use Vue not React but I'm happy to help you with this if you'd like it. I use EnPass for my password storage solution and one thing I love about it is that it can sync you data with the cloud, chiefly for me Google Drive. It would be so cool if you could transform this note taking app with "self-hosted" cloud-based capabailities such as being able to hook up the DB to your local cloud drive. Electron + this app + Google Drive cloud storage and you might just be on to a winner. Let me know what you think!
I use Enpass (https://www.enpass.io/). I've tried lastpass, keepass and butwarden, but I did not like the look and feel of either of them, and they all seemed too complicated for such a simple task.
​
I like Enpass because it just works, without issues, synchs across all devices and has browser integration so that when you visit a new site and sign up, it automatically saves the signup info and creates an entry in the password manager. Enpass is free, but if you want to synch more than 30 items on your secondary device (e.g. your smartphone), you must pay ($6/year -- a fucking steal!).
Subscription price
Enpass Lite subscription (priced at $0). The free plan allows you full access on desktop – Windows, mac OS, Linux – while you’re limited to 25 items on mobile – Android, iOS
Enpass Premium subscription allows you full access on desktop as well as mobile with a choice of the subscription period – 6 months or 12 months ($1.49/mo; $17.99 billed annually or $1.99/mo; $11.99 billed half-yearly). You can also get the same capability on all your devices with a one-time purchase for $53.99 if you’re so inclined.
https://www.enpass.io/blog/announcement/enpass-subscription/
I've been using Enpass ( https://www.enpass.io/ ) for a couple of years now. Benefits include support for Windows/Mac/Linux/Android and sync to a variety of cloud services. This allows my wife and I to share the same password base and always have the most current changes. Haven't had a single problem with this setup. Only down side is a $12 one-time fee for Windows, Mac, and Android. Free for Linux!
One thing not mentioned, if you are a Pro user, once the subscription model goes up, you will be a Pro user across all platforms, (currently you had to buy a Pro version per appstore, so if you had it for iOS, you had to buy it again on Android) .Link to ad-free actual post from Enpass themselves.
>I prefer that Enpass is a one time fee per platform
Not anymore... https://www.enpass.io/blog/general/why-is-enpass-moving-to-a-subscription-model/
I don't mind subscription especially for something like a password manager but Enpass subscription is kind of messed up. They're not using their own servers to store your vaults but instead keeping everything the same but charging you every month/year.
https://www.enpass.io/features/
It's an offline password manager, but makes syncing to the cloud very easy. I prefer this over others do the following:
Hey, thank you for your (off-topic) comment and suggestion. Sure, I'm not ignoring your comment, it's very valid.
BTW, I use Enpass as my primary password manager (I actually use / test several password managers, including KeePass), and yes, I prefer the managers that allow me to manage my passwords in offline mode (at the beginning I used a lot of LastPass, until I switched to Bitwarden, and now I use Enpass, which it is more "flexible" in terms of features).
The big thing for me is: no monthly/yearly subscription. You simply need to pay like $12 bucks for the iPhone or Android phone version.
You can use iCloud, Dropbox, etc. to 'sync' between all your platforms. I use it on OSX, Windows, my iPhone, Apple Watch, and iPads. Love it.
If you want a password that works on everything, I can recommend Enpass. Native app for Osx, linux, win, android and ios + browser extensions. Syncs with dropbox, drive etc. and I think you can import from Dashlane if you want.
Bitwarden depends on server software to work, either with them or hosting your own. You might want to look into something like Enpass for iCloud sync. Part of the advantage of Bitwarden is the web vault and being available for free on pretty much any device so that’s something to consider where Enpass is paid for device and using iCloud sync limits you to personal iOS devices. All up to you though.
put your email address(es) in there to see if you're user/pass have been picked up somewhere. if so then change your passwords.
i suggest using a password manager, like Enpass, so your passwords can be unique for every website!
I am in the same boat as you. However, I am cheap and didn't want another month fee.
I am testing Enpass (https://www.enpass.io). I have it synced to my DropBox and pretty happy so far.
I will likely pay the $10 to unlock unlimited Mobile.
You could also look at Enpass which can not handle your password on multi-platform what iCloud can not do, but also retain notes, all is AES-256 encrypted and can be synced on platform of your choice with a portable version. For me, ideal companion to iCloud sync.
Have a look at Enpass. It's an offline password manager that includes TOTP per login. Windows app is free, mobile app $10 per platform (I think, but you don't care). Offline, so if you want sync, you choose your preferred option (includes "own server / webdav"). I've been using it for over a year now and I love it.
Get 2FA on everything possible. Also a nice looking password app I recently discovered -> https://www.enpass.io/
It has version for all OS, the ones for Windows/Linux/OS X are free and those for iOS & Android are $.
Some alternatives to those recommended here:
~~1Password~~ - Enpass (https://www.enpass.io/) - free on desktop and inexpensive for mobile devices.
~~Night Shift~~ / ~~F.lux~~ - Black Light (https://michelf.ca/projects/black-light/) - a little more customisable than either Night Shift or F.lux.
I have been using enpass with great pleasure!
it's locally encrypted
autofill
sync via your favourite cloud service (drive,onedrive,etc)
no subscription, one time purchase
responsive devs
Whether or not you ever get your WoT account back, I'd highly recommend start using a password manager. The best opensource, offline and free option is KeePass 2.x. Lastpass.com is a nice commercial option but still free; down side is it's closed source and cloud based. EnPass is another commercial option that's free on the desktop and gets good press... but it's worth mentioning this is a foreign company & it's closed source which is why I've never used it.
Enpass treats itself as an offline password manager, so the desktop application needs to be running and then the extension communicates directly with the application. I posted this in another comment thread:
Localhost websocket, I think. Here are some blog entries that touch on it: https://www.enpass.io/blog/enpass-extension-for-windows-microsoft-edge/ https://www.enpass.io/blog/enpass-password-manager-for-chromebooks/
Hope it helps!
I use an app called Enpass. It has a ChromeOS specific extension too.
https://www.enpass.io/apps/chromebook/
It costs a bit but worth it if you're concerned about security. The files are hosted where you choose (be it locally or in your GDrive/dropbox) so no one but you has access to them.
Personally I don't think anyone cares about my reddit login or blank instagram account but I went with it for the interface. It's a lot nicer than LastPass'
Enpass is local, can sync your "wallet" across multiple platforms (I use dropbox), has optional mobile and browser extensions for one click form fill and submission. Happy user for many moons now, basically the perfect fit for every requirement you listed.
Is it worth migrating to a cloudbased password manager like LastPass if I already use a non-cloud password manager like EnPass/Keepass?
What are the benefits of the subscription? How does it affect this "free" version? Does a subscription have additional functionality beyond lack of ads?
Enpass maybe? Have you tried KeePass? Or theChrome password managers from the Webstore? There's so much too choose from for Unix-based systems. Just by looking in Synaptics I see a few popping up in my search results. I use Enpass, was using KeePass/X before, you can store your stuff locally and to me it just looks better. It supports Linux, too.
Enpass calls the feature TOTP (Time Based One Time Password) and unfortunately, you're right in that it's available only on the desktop version of Windows (along with iOS/Mac, Android and Linux version).
https://www.enpass.io/blog/time-based-otp-support-for-enpass-now-available-for-more-users/