Enpass

Enpass is a freemium password manager and passkey manager available for MacOS, Windows, iOS, Android and Linux, with browser extensions for all major browsers,^[1][2] and pricing plans for both personal use and business.^[3][4][5]

Enpass
Developer	Enpass Technologies Inc.
Operating system	Windows, Windows Phone, macOS, Linux, ChromeOS, iOS, Android, Wear OS, WatchOS
Type	Password manager
License	Freemium
Website	enpass.io

Features

Privacy

The application features client-side encryption, using SQLCipher^[6] to encrypt its keychain file locally with a user-defined master password.

The Enpass app retains no user data on its company servers,^[7][8] instead storing and syncing encrypted password vaults on storage controlled by the end user.

Synchronisation

Enpass vaults are usually stored on users' own cloud storage service like Google Drive, Box, Dropbox, OneDrive, iCloud.

Enpass also supports self-hosted WebDAV solutions such as ownCloud and Nextcloud, as well as on browsers, plus offline synchronisation.^[9][10][11]

Functionalities

It features:

1. Multiple vaults
2. Password generation
3. Biometric authentication
4. Form filling for all supported platforms
5. Integrated software keyboard for form filling on Android devices
6. Generation of time-based one-time passwords for online services^[12]

Plans

Enpass products include Personal and Family editions that feature vault sharing via personal cloud accounts,^[13] and Business and Enterprise editions with users’ vaults stored within each clients’ business-cloud infrastructure.^[14]

For personal and family users, the desktop app is free, and the mobile app is free up to 25 records, with more records and additional features available with a software subscription.^[13][15]

The Business and Enterprise editions are billed per user, per month, and include security audits, access recovery, and password-less vault sharing between invited co-workers.^[14]

Security incidents

2025 DOM-based Extension Clickjacking

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers (including Enpass) at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click.^[16] The affected password manager vendors were notified in April 2025. According to Tóth, Dashlane version 6.11.6 (August 13, 2025) addressed the issue.^[17]

Platforms

Enpass support all major operating system platforms which include:

• Windows
• Linux
• Android
• iOS
• MacOS

See also

• List of password managers