NordPass – Review 2020 – PCMag India


Few people can remember strong and varied passwords for each of their online accounts. That’s fine, because password managers such as NordPass are readily available. This offering, from the team behind NordVPN, is a streamlined, easy-to-use service for securely accessing your passwords via mobile apps, a web dashboard, or dedicated desktop apps. It has added some notable features since the time of our last review, including a Data Breach Scanner and a password health report. However, it still lacks some key capabilities found in our top-rated password managers and its free version is not as impressive as competitors’.

How Much Does NordPass Cost?

NordPass’ free version does not allow you to access your passwords on multiple devices at the same time or share items from your vault. LastPass and Myki, our top two free password managers, include both these features. There are no limits to how many passwords you can save though.

NordPass Premium gets rid of the free version’s limitations, letting you access passwords on up to six devices and share items for $4.99 per month. This tier also unlocks access to the new Data Breach Scanner and Password Health features.

NordPass’ monthly price is expensive compared to other services’ effective monthly costs. Its one-year and two-year plans are more competitive: $35.88 and $59.76, respectively. Even though you may be tempted by the savings of the lengthier subscriptions, we recommend that you start with the monthly plan to make sure that NordPass works for you, or at least sign up for the free seven-day trial.

For comparison, LastPass‘ Premium plan costs $36 per year and Keeper charges $34.99 per year. Dashlane is much pricier at $59.99 per year, but it bundles a VPN. Bitwarden Premium costs just $10 per year. You can, at the time of this writing, get NordPass and NordVPN on a two-year deal for $148.76 (effectively a little over $6 per month).

NordPass Import options

NordPass offers browser extensions for Chrome, Edge, Firefox, and Safari (via the macOS installation). The service also maintains mobile apps for Android and iOS. NordPass offers desktop clients for Windows, macOS, and Linux systems, too.

Getting Started and Security

To sign up for the free version of NordPass, you need to first provide an email, confirm that email via a six-digit code NordPass sends you, and then set a password. After that, you download the extension for the browser of your choice. I tested NordPass on a Chrome browser, a Windows 10 laptop, and a Google Pixel 3 running Android 11.

To finish setting up NordPass, you need to sign in to the extension and create a master password for your account. The master password is different than your account password; the former functions as the decryption key for your password vault and the latter is used for account logins.

Make sure your master password is both unique and complex. If anyone gets a hold of your master password, all the account credentials stored in your vault will be compromised. At the same time, your master password should be memorable, as NordPass does not store it and cannot help you recover it specifically. NordPass does provide a single recovery code during the sign-up process that you can use to regain access to your account though, so make sure to copy that down too. If you forget your master password and lose your recovery code, your only option is to reset your NordPass account, a process that deletes everything from your password vault. This is standard handling of master passwords for any no-knowledge services. Keeper Password Manager & Digital Vault does allow you to reset your password in a secure way, which is helpful.

When you sign in for the first time, NordPass takes you to a screen for importing passwords from browsers such as Chrome, Opera, and Firefox, or from other password managers such as LastPass, 1Password, KeePass, RememBear, and RoboForm. Importing a CSV file is another option. You can also export your passwords to a CSV file at any point. I used NordPass’ sample CSV sheet to format my passwords, and the import worked fine. NordPass can now automatically import passwords from Chrome or Firefox during setup.

Since you store passwords for sensitive accounts in a password manager, the security practices and privacy policies of the service you choose are paramount. With NordPass, your passwords are encrypted on your device locally using xChaCha20, before being sent to NordPass’ servers. A company representative noted that “we [NordPass] use Amazon Web Services as our cloud provider with our own Key Management Solution for Hardware Encryption.” When you need to access your passwords, the encrypted data syncs back to your device, at which point you need to decrypt it with your master password. As mentioned, NordPass says it employs a zero-knowledge infrastructure, which is to say the company never knows your master password and thus can never decrypt your data. Although this means you have few recovery options, it also means that even a data breach will not risk your information to exposure.

Note that NordPass recently underwent an audit by Cure53. You can read NordPass’s summary of the results on its blog, though note that the full publication is not on Cure53’s site. Remembear has also committed to regular (and public) security audits from Cure53.

NordPass supports biometric authentication on Android and iOS devices in lieu of your master password, which is a convenience. It currently supports face and fingerprint recognition on iOS and Android devices. Keep in mind that there are some real risks to facial recognition software, though. NordPass supports TOTP-based two-factor authentication methods (such as Google Authenticator and Authy). I appreciate that NordPass completely skipped over the less-secure two-factor via SMS method, but I would like to see support for 2FA keys such as those from Yubikey. A representative from the company told me the feature is planned. 1Password, LastPass Premium, Bitwarden, and Keeper all support hardware-based authentication keys. You cannot use NordPass to generate TOTP codes for other apps and services. Keeper Password and Bitwarden include this functionality.

NordPass Web Vault and Desktop Apps

NordPass’ web extension is attractive, with a gray, white, and green color scheme and a simple navigation menu on the left side. I didn’t experience any performance issues with the interface in testing. Item categories for your vault include Logins, Secure Notes, Credit Cards, Personal Info, Shared Items, Trash, and Settings. There’s also a search bar in the upper left part of the screen as well as a button for locking the app at the bottom left. Aside from the already mentioned import and 2FA options in the Settings section, you can view account information, upgrade your plan, change your master password, change the interface’s autolock settings, and reset your recovery code. That last feature could be vital if you lose your master password and are locked out of your account on every other platform.

The All Items section lists all your vault items in one place, but it doesn’t include descriptions of each item type. You can sort items by name or by last used. If you mouse over any item and click on the right-hand option menu, you can share it, copy its content, edit it, or move it to the trash. You can also launch the associated URL of login items to get directly to the site. This section is a bit basic and doesn’t offer any functionality that is not better served by one of the dedicated sections.

NordPass Desktop app

In the Logins section, you get the same sparse layout of login items as well an Add Login button in the upper left corner. One nice touch is that NordPass populates icons for all the services in your vault. NordPass has added the ability to organize passwords into folders. Folders appear in their own section and can contain any item type that NordPass supports. 1Password goes one step further with the ability to create separate vaults of items. For instance, with 1Password, you could create separate vaults for personal and work items.

Adding a login is easy—just fill out a name for the item, email or username, password, and associated website URL. Unfortunately, you cannot create a login without a URL, nor can you add multiple URLs to one login item, which could be useful if the login URL for a service’s app and website are different. Notes are an optional field. When you enter your password, NordPass judges its strength on a scale of weak, moderate, and strong. NordPass rightfully rated egregious passwords such as “password,” “qwerty,” and “123456” as weak. It did list “Administrator” as moderate, as well as “Administrator1” as strong.

The random password generator feature is now available directly in the desktop app and it works as expected. You can set a password length up to 60 characters (the default is 12), choose whether to include uppercase and lowercase letters, digits, symbols, and to avoid ambiguous characters (i.e., 0 and O). As you won’t actually be typing any of these passwords out, I recommend keeping all four character sets enabled. You can either choose to copy the password or generate a new one. Password Boss (20 characters) and Myki (32 characters) default to longer, and thus less easily cracked, passwords lengths.

The Secure Notes section lets you create memos with titles and a text body, but there’s no support for attachments or links. However, all NordPass subscribers can now get 3GB of free cloud storage via NordLocker. Services such as Keeper Password Manager & Digital Vault and Kaspersky Password Manager integrate secure storage space for relevant files.

The Credit Cards section allows you to add payment options for filling on the web, but, strangely, you can’t add a billing address. NordPass has added the ability to create multiple identities, but you can’t use those fields to fill personal details online yet. The included fields are also only basic (such as an address, phone number, and city). Other password managers, such as RoboForm and Sticky Password include many more fields and even allow you to add custom ones. I would like NordPass to add fields for passports, driver’s licenses, and insurance cards, to name a few examples.

The Trash section is self-explanatory. Items you delete move here and then you can choose to get rid of things permanently.

I tested NordPass’ desktop app on a Windows 10 laptop. The interface is identical to the one you see on the web and offers all the same functionality. One option specific to the desktop app is the ability to start NordPass automatically with your computer, which is enabled by default. Note that you still need to sign in to NordPass with your master password when it starts. This is the preferred behavior, since otherwise, anyone who can get past your computer login could also access all of your passwords. Other password managers’ desktop apps offer additional features. For example, Keeper Password Manager’s desktop app lets you capture and replay logins for local desktop apps.

Using NordPass

When you encounter login fields on the web, NordPass populates both the username and password fields with an icon. If you visit a site for which you have credentials saved, a pop-up appears with an option to log in with the relevant account when you click into a field. Alternatively, you can click the NordPass extension in your browser’s toolbar to see and select credentials from a suggested items list. If you don’t have a saved login, simply enter your credentials as you normally would; once you submit them, NordPass shows a notification asking if you want to save those credentials. In my testing, NordPass filled and saved credentials without issue, including Google’s and Eventbrite’s two-page login screens.

NordPass Password Generator

If you don’t want to keep NordPass’ full web version open, the extension’s toolbar menu offers much of the same functionality. Here, you can choose to filter your vault by all items, logins, secure notes, credit cards, and shared items. The import and add items buttons take you back to the full-screen view. From the gear icon, you can open the full-screen app version, launch the password generator tool, access your account settings, or lock down the application. The password generator tool is the only option that operates entirely within the minimized view.

Password Health and Data Breach Scanner

In the latest round of updates, NordPass gained two important security features: an actionable password health report and a Data Breach Scanner. You need to be a subscriber to the Premium plan to use them. To access either feature, click on the Tools icon at the bottom of the web or desktop app. The Password Health feature is pretty simple. It scans each of your saved passwords and alerts you if any are weak, reused, or old (have not been changed in more than 90 days). If it finds any offenders, you can click the Change Password button to navigate to that item in your vault. Don’t change the password directly in NordPass; follow the link to the associated website in the notification that pops up and let NordPass capture the new one the next time you log in.

NordPass Password Health

The Data Breach scanner scans the webs and lets you know if any of your accounts or saved credit cards have appeared in any data breaches. If it finds any instances, NordPass tells you the site, the date of the breach, what type of information is affected (such as password, name, employer, and phone number), as well as a description of the site.

Both of these tools are excellent inclusions and simple to understand. Note that they don’t run continuously; you have to manually run them each time. Dashlane, Keeper, and LastPass all offer similar capabilities.

Sharing and Inheritance

To share an item, mouse over it, click the vertical three-dot menu on the right-hand side, and select Share. Then enter a recipient’s email and hit Share Item. Anyone can sign up for an account to access items shared with them, but only premium users can share items. You cannot share folders at this time.

Notably, when you share an item, the recipient has full edit access to it, but cannot delete the item from the original person’s account. There is no option to give read- or view-only access to a recipient, but a NordPass representative said this was by design. Per the representative’s explanation, someone with even read-only access could theoretically overtake an account even without edit access to the item in NordPass itself. Other services, such as Sticky Password, let you restrict whether a recipient can only view, fully edit, or share items on their own.

NordPass recently added a new feature called Trusted Contacts for paid subscribers. Essentially, this feature helps you manually exchange and confirm an encrypted message with a contact. In theory, this reduces the chance of a man-in-the-middle attack. You can set up trusted contacts under the advanced section of the settings tab on the web or desktop apps. While it might be useful for some, this process seems overly complex, and I don’t see it as a reason to upgrade from the free tier.

NordPass is missing password inheritance features, which allow a few trusted contacts to gain access to your logins in the event you no longer can, such as after your death. Delayed access is a common feature associated with password inheritance; if you don’t want someone to have immediate access to your accounts, you can make them wait a certain period of time before the credentials become available to them. LogMeOnce, Zoho Vault, and RoboForm are some competitors that offer digital legacy features.

NordPass on Mobile

I installed NordPass on a Google Pixel 3 running Android 11 and had no issues logging in to my account. Remember that free users cannot access their passwords on more than one device at the same time. So, for example, if you’re logged in to the web extension and then try to sign in on mobile, NordPass will log you out of your desktop browser session. This behavior may seem inconvenient, but is still better than other services that simply won’t sync your passwords to a second device at all.

NordPass Android App

NordPass’ Android app is basic but attractive. In the middle of the screen, NordPass lists all of your vault items. On the bottom of the page, there’s a plus button for adding new logins, notes, credit cards, personal info, and folders. The bottom navigation menu allows you to switch between the home page, all item categories, and the app settings. Notably, the Data Breach Scanner, password generator, and Password Health tools are available on mobile. NordPass does support biometric mobile logins and I was able to authenticate with my fingerprint without issue.

NordPass can now launch apps associated with saved login items in addition to the service’s website. NordPass can also autofill fields in apps without issue. You can also scan credit cards to import them into your vault.

Progress and Improvements

NordPass is an easy-to-use password manager with attractive web, desktop, and mobile apps, and it now offers security features such as a Data Breach Scanner and an actionable password health report. However, it still lacks 2FA key support, password inheritance features, and the ability to fill personal details in online forms. Several other free password managers don’t restrict use to a single device at a time either and allow secure sharing.

If you plan to pay for your password manager, Editors’ Choice picks Dashlane and Keeper Password Manager & Digital Vault are your best options, thanks to their more advanced features. For those looking for a free password manager, we recommend Editors’ Choice winners LastPass and Myki, which have fewer limitations.



Source link

admin

I'm Malkit singh rataul.

Leave a Reply

%d bloggers like this: