1Password migrants thread

[cubbie5150]

Weird... So back in Feb 2022, based on a discount code posted in this thread, I think, I bought a lifetime Premium license for Enpass.

Lately, I've been having issues using wifi sync. I finally got tired of it earlier today so I deleted and reinstalled my iPhone app (macOS desktop app was left intact, other than pausing wifi server so I could restart it upon iOS Enpass app reinstall.

I entered my registration email in iOS app, restarted wifi server on my desktop app, scanned the QR code to download/enable my vault on iOS app. I immediately noticed only 25 of my passcode items were showing on iOS app. I was also prompted, on my desktop app, to re-enter registration email, which I did.

After all this, my desktop app account no longer shows "Premium"; instead showing "Lite".

Anyway, sent an email inquiry to Enpass customer service about 6 or 7 hours ago, and thus far, nothing but an automated reply acknowledging my service request.

Scratching my head here. Just an opportunity to finally see if Enpass customer service is worth anything, I suppose.

 

[Jay-Jacob]

Scratching my head here. Just an opportunity to finally see if Enpass customer service is worth anything, I suppose.

I have used customer service from Enpass before. They are slow but when they do reply they are helpful. No problems with customer service. Just slow.

 

[MacBH928]

Weird... So back in Feb 2022, based on a discount code posted in this thread, I think, I bought a lifetime Premium license for Enpass.

Lately, I've been having issues using wifi sync. I finally got tired of it earlier today so I deleted and reinstalled my iPhone app (macOS desktop app was left intact, other than pausing wifi server so I could restart it upon iOS Enpass app reinstall.

I entered my registration email in iOS app, restarted wifi server on my desktop app, scanned the QR code to download/enable my vault on iOS app. I immediately noticed only 25 of my passcode items were showing on iOS app. I was also prompted, on my desktop app, to re-enter registration email, which I did.

After all this, my desktop app account no longer shows "Premium"; instead showing "Lite".

Anyway, sent an email inquiry to Enpass customer service about 6 or 7 hours ago, and thus far, nothing but an automated reply acknowledging my service request.

Scratching my head here. Just an opportunity to finally see if Enpass customer service is worth anything, I suppose.

I faced this. It has to do with something about registering the app as lifetime license. Its confusing how they did it. Any way, I did email them and got a response on how to fix it.

Btw, WIFI sync is an issue that does not get resolved.

Enpass team is probably very small and they dont seem serious about growing the project. Probably just keep their current customer base. There is no way any one in his sane mind would choose the subscription for this product as 1password is waaaay better , unless you insist that data stays on your local storage that is.

License purchase is much better option.

 

[Jay-Jacob]

Btw, WIFI sync is an issue that does not get resolved.

I am curious what wifi sync issue you having? I use wifi sync and never have problem with my mac to iPhone/iPad so far and hopefully stays that way!

 

[cubbie5150]

I have used customer service from Enpass before. They are slow but when they do reply they are helpful. No problems with customer service. Just slow.

I hope this is the case for me. More than 24 hours later, and still nothing except the automated response from Enpass customer service.

----

Yeah, I am far from a "power user" but one thing I have as a sort of deal-breaker is that I want my data to be stored only locally. As @Jay-Jacob notes, I likewise previously had no problems with wifi sync until relatively recently (not sure exactly when it started nor why).

 

[drumcat]

I feel it is best to take this to private message so we don’t fill the thread with off-topic content.

It was taken offline; he sent me an unsolicited direct message, and was duly blocked for good reason due to the message contents. ¯\_(ツ)_/¯

 

[MacBH928]

I am curious what wifi sync issue you having? I use wifi sync and never have problem with my mac to iPhone/iPad so far and hopefully stays that way!

it just doesn't sync. I open enpass+enpass ios app it just keep circling forever

are you using desktop app-to-ios app sync , or your sync to a cloud storage? that might work better.

even in 1password days I had this problem

 

[Jay-Jacob]

it just doesn't sync. I open enpass+enpass ios app it just keep circling forever

are you using desktop app-to-ios app sync , or your sync to a cloud storage? that might work better.

even in 1password days I had this problem

I use Desktop app to iOS app wifi sync. I never tried iOS to iOS app. I didn't know it was possible. Must have missed that info. I don't use cloud sync for my Enpass.

 

[Jordan Klein]

it just doesn't sync. I open enpass+enpass ios app it just keep circling forever

are you using desktop app-to-ios app sync , or your sync to a cloud storage? that might work better.

even in 1password days I had this problem

I still use 1Password 7 and use wifi sync. I've had to set it up many times because it will eventually just stop working. Never lost any data or anything but it's not perfect. Still will use it over any cloud sync though.

 

[bradl]

I still use 1Password 7 and use wifi sync. I've had to set it up many times because it will eventually just stop working. Never lost any data or anything but it's not perfect. Still will use it over any cloud sync though.

That's interesting. I'm using both 1Password 6 with WiFi Sync and have for years without a problem. Coincidentally, I also use Enpass with WiFi sync between my Mac, PC, iPad and iPhone, and have reinstalled it on both my iPhone and PC, and was able to successfully sync everything back from my Mac, as well as even syncing after a restoring a full backup. Both methods gave me no problems. I also do not sync to any cloud service.

I did notice that they have put out a few updates recently, so perhaps an app update is needed?

BL.

 

[TwoBytes]

Just holding out for the next macOS release to see if keychain access is updated and I'll be happy to use the inbuilt offering

 

[MacBH928]

mine just get stuck like this spinning forever. I actually deleted everything on my ios App and setup as new and that was actually faster way to sync.

Enpass does not even care to change the wordpress logo on their email profile. This is what I mean when I say they just do not care to put in the effort. very unprofessional. Sad to see so much lost potential for 1password rival.

idk know,

 

[cubbie5150]

Welp...Enpass CS is not impressing me thus far. 72+ hours since I emailed them an inquiry about my lifetime license no longer working, and beyond the automated response, nothing.

I think with the discount it was only like $30 or something, so about 20 months of a fully functioning app at that price isn't exactly awful, but still....

Was hoping I could stick with Enpass long term; it provided the local wifi sync (until recently) that I preferred and no subscription (again, until recently, LOL) that I want, but alas, guess I need to consider other options. I'm not a power user so do not want subscription, though maybe I'm screwed in that regard.

 

[gregmac19]

... I need to consider other options. I'm not a power user so do not want subscription, though maybe I'm screwed in that regard.

Based on what you stated, I think you have at least the following options: Codebook, eWallet, Sticky Password, and Strongbox (sync via SFTP or WebDAV, instead of WiFi like the previous three choices). I use and recommend Codebook, although you might like one of the other options as well. It seems like several people on here are happy with Strongbox.

 

[cubbie5150]

Welp...Enpass CS is not impressing me thus far. 72+ hours since I emailed them an inquiry about my lifetime license no longer working, and beyond the automated response, nothing.

I think with the discount it was only like $30 or something, so about 20 months of a fully functioning app at that price isn't exactly awful, but still....

Was hoping I could stick with Enpass long term; it provided the local wifi sync (until recently) that I preferred and no subscription (again, until recently, LOL) that I want, but alas, guess I need to consider other options. I'm not a power user so do not want subscription, though maybe I'm screwed in that regard.

I took the time to complain, so I'll also take the time to post that my issue has been resolved. This morning, I finally received an actual response. Not sure what Enpass CS did, but my lifetime license is now showing on my macOS app. I reinstalled my iOS app, unlocked/restored my vault and re-started wifi sync, which works again.

 

[Jay-Jacob]

I took the time to complain, so I'll also take the time to post that my issue has been resolved. This morning, I finally received an actual response. Not sure what Enpass CS did, but my lifetime license is now showing on my macOS app. I reinstalled my iOS app, unlocked/restored my vault and re-started wifi sync, which works again.

Glad it sorted and working. They are slow but when reply they do fix/helpful.

 

[johnkree]

Just holding out for the next macOS release to see if keychain access is updated and I'll be happy to use the inbuilt offering

That's what I'm doing for a while now. I realized that Apple keychain is enough for my usage. And Apple Notes can have password secured notes now. I don't need anymore. It works.

 

[toasted ICT]

Krebs on Security has an interesting article about hacker groups oktapus, scattered spider. What is notable is how targeted the attacks on organisations are... in the context of this thread the recent attack on Last Pass. To me it again underlines why storing your data on a password managers developers server on the internet is dangerous. Its not the encryption algorithm of your data, its all the systems used by the developer and that a password manager site is a huge honeypot target.

There is a lot in his article... this excerpt illustrates the targeted effort hackers take:
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials.

 

[MacBH928]

Krebs on Security has an interesting article about hacker groups oktapus, scattered spider. What is notable is how targeted the attacks on organisations are... in the context of this thread the recent attack on Last Pass. To me it again underlines why storing your data on a password managers developers server on the internet is dangerous. Its not the encryption algorithm of your data, its all the systems used by the developer and that a password manager site is a huge honeypot target.

There is a lot in his article... this excerpt illustrates the targeted effort hackers take:
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials.

what makes me comfortable is that password cloud storage has been around for about 10 years now and so far I haven't heard of passwords being spewed on the internet, at least not the reputable ones.

 

[svenmany]

Krebs on Security has an interesting article about hacker groups oktapus, scattered spider. What is notable is how targeted the attacks on organisations are... in the context of this thread the recent attack on Last Pass. To me it again underlines why storing your data on a password managers developers server on the internet is dangerous. Its not the encryption algorithm of your data, its all the systems used by the developer and that a password manager site is a huge honeypot target.

There is a lot in his article... this excerpt illustrates the targeted effort hackers take:
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials.

Good point. The danger is not really in the encryption of the vaults when it comes to 1Password. The danger is if the software gets compromised, something making its way into the development pipeline. Then a user updating to a compromised client is at risk. This danger is identical whether or not one uses a local vault or one based in the cloud.

A small company making a password manager the uses a local vault is at high risk of this kind of attack. Any company that doesn't go through security audits of its software, network, development practices, and infrastructure should be considered a significant risk. I bet most of the smaller companies cannot afford such things.

 

[Apple_Robert]

Krebs on Security has an interesting article about hacker groups oktapus, scattered spider. What is notable is how targeted the attacks on organisations are... in the context of this thread the recent attack on Last Pass. To me it again underlines why storing your data on a password managers developers server on the internet is dangerous. Its not the encryption algorithm of your data, its all the systems used by the developer and that a password manager site is a huge honeypot target.

There is a lot in his article... this excerpt illustrates the targeted effort hackers take:
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials.

If you use the double blind password method, storing your passwords on iCloud or anywhere else keeps one secure.

 

[MacBH928]

A small company making a password manager the uses a local vault is at high risk of this kind of attack. Any company that doesn't go through security audits of its software, network, development practices, and infrastructure should be considered a significant risk. I bet most of the smaller companies cannot afford such things.

this is why I do not trust stuff like mSecure and Secrets

 

[Apple_Robert]

The latest Strongbox update now offers Wifi Sync

 

[gregmac19]

Good point. The danger is not really in the encryption of the vaults when it comes to 1Password. The danger is if the software gets compromised, something making its way into the development pipeline. Then a user updating to a compromised client is at risk. This danger is identical whether or not one uses a local vault or one based in the cloud.

A small company making a password manager the uses a local vault is at high risk of this kind of attack. Any company that doesn't go through security audits of its software, network, development practices, and infrastructure should be considered a significant risk. I bet most of the smaller companies cannot afford such things.

I bet that any reputable company, large or small, which makes a password manager has thought of this risk, and have taken proper steps to prevent it. They can’t afford not to. Furthermore, I think a smaller firm would be more likely to catch this issue, as there are fewer hands involved in their development process.

 

[svenmany]

I bet that any reputable company, large or small, which makes a password manager has thought of this risk, and have taken proper steps to prevent it. They can’t afford not to. Furthermore, I think a smaller firm would be more likely to catch this issue, as there are fewer hands involved in their development process.

I definitely disagree, but you probably already knew that.

Whatever a company considers to be "proper steps" are often not enough; there are so many examples to back that claim up. That's where serious (and expensive) audits can help. Also, staff dedicated to intrusion monitoring and penetration testing is probably the norm for a large company. A small company would not have the resources for that.

Some might be happy with a small company with a handful of developers. I certainly have no proof that any particular company is going to make a mistake that gets exploited. But, if a small company is exploited, there's a greater chance that it will go unnoticed.

Every company will make mistakes. You need more hands to be proactively looking for those mistakes. But, I do agree that if the more hands are not competent or properly focused, then those hands are a liability.