NordPass Password Manager
NordPass (from the makers of NordVPN) is a very capable password manager placing an emphasis on ease of use whilst still implementing some of the very latest security features available today.
With smartphone apps for iOS and Android, extensions for all major browsers plus desktop apps for Windows, Linux and Mac OS, NordPass brings a very versatile and very secure password manager offering to the market.
- Well designed, convenient and easy to use
- Plugins available for Edge, Chrome, Firefox, Brave and Opera
- Applications for Windows, Linux and Mac
- iOS and Android apps
- Cloud synchronisation between all devices
- Supports 2FA
- Automatic password generator
- Automatic website logins
- No secure file storage in premium account!
- Very secure, all encryption performed locally
- Minimal personal details needed (just a working email)
- Great free account (fully functional but limited to 1 device in-use at a time)
NordPass is extremely quick and easy to install, there is no need to spend ages signing up for accounts and handing over personal details, the app can simply be downloaded for free from the NordPass website!
As with other products from NordVPN (the makers of NordPass) there is, naturally, a strong focus on user privacy and as such the only details needed to get up and running with NordPass is a valid email address (it must be valid as a code is sent to this address during the login process).
As can be seen above, once the application is downloaded the aforementioned email must be used as a part of the initial login, a code will be sent to this address which can then be entered into the app to complete this process. Multi-factor authentication is available but this must be switched on once the application is already up and running later on.
At the next stage of the initial login, after creating a strong master password, we will be asked to save a recovery code for accessing the password vault in emergencies. It is important to note NordPass have no way of recovering your data so if you forget the master password this recovery code is the only way to access your data (so keep it very safe!).
After this stage is complete the application will prompt users to optionally install one of the many freely available browser extensions.
All popular browsers are supported including the up and coming Brave browser, this is great to see as I have come across a few password managers who only seem interested in supporting Chrome / Firefox and little else! Clicking skip for now will take us to the main home screen.
Types of Data Stored
Website logins will undoubtedly be one of the main reasons many people choose to use a password manager, such a tool (especially with browser plugins) makes using the web so much easier than when trying to remember dozens of different passwords yourself. Another big advantage of password managers (which is often overlooked) is the ability to store other types of personal data such as IDs, passports, payment cards and secure notes!
Payment cards are an especially useful addition in that a payment card which has been entered into the application can be used to auto fill payment forms on the web. This makes filling in your payment card details into an e-commerce site as easy as clicking a button, excellent!
Unfortunately, as of writing this review NordPass don’t appear to offer their users (free or premium) any kind of secure cloud storage, such storage is often valued by password manager users as it allows storing photographs of actual physical documents such as passports and the like. Given that the premium pricing is in line with 1Password and LastPass (who both do offer this) this would be a welcome improvement from NordPass I’m sure.
Adding a New Site
One of the key consideration when choosing a password manager is how easily a new login can be added to the tool itself, this is especially important for users who regularly sign up for new accounts such as myself. As such, a tool which will automate this process (as much as possible) and automatically capture new logins is of great benefit.
As can be seen above I am signing into an account in the Firefox browser (which is my main browser) and the Firefox plugin has automatically picked up this login as a new account and offered to add it to my password vault for me. This is, of course, ideal and requires the minimal of user intervention.
Sites can also be added manually via the desktop app (should the plugin not recognise the login for any reason), this is understandably a little more time consuming but overall still fairly easy to do.
Finally, NordPass have apps available for iOS and Android smartphones which make using the password vault on the go easy. In the case of the Android app (which I have tested) it can be integrated into the android autofill service meaning app passwords can be both captured and filled in automatically providing the NordPass app is installed and the vault unlocked.
Can NordPass Generate Secure Passwords
Yes, whenever adding a new login to NordPass there will be the option to use a built-in password generator tool. Use of such a tool is vital in relation to security as it will ensure a strong and unique password is used for each and every website you use
Having unique passwords is especially useful given that you ultimately don’t control the IT systems of the companies who you login to, this means should any company ever have a data breach your username and password could potentially be exposed to the world. Such an exposure could cause lots of problems if you use the same login details across many websites, however, with each website having a unique password this issue is effectively mitigated. As such, if you ever do find a login involved in such a breach all that is required is for that one login to be changed changed with all other sites remaining unaffected!
Imagine if your username and password (as per above) had been leaked and it turned out the username (email) and password in question were used regularly use across many different websites! In this case it would take much longer to change them all (you might even miss some) and it is much more likely that one or more accounts would be compromised, not a good situation!
Signing in to Websites and Apps
One of the most common areas in which a password manager can help is when signing into websites, this is something we tend to do a lot of these days so any tool simplifying this will, naturally, be of a great benefit to most people.
Thankfully, NordPass have built their password manager with several supporting browser extensions and smartphone apps which help make logging into websites and apps both simple and automatic.
NordPass have a great range of browser extensions which all allow for the auto filling in of login forms as well as smartphone apps for both iOS and Android. It is also great to see less common browsers such as Opera and Brave supported in addition to the usual Chrome and Firefox.
I have mainly tested with the Firefox browser extension so far and when visiting a website with which you already have an account the browser extension will automatically recognise this:
How Secure is NordPass
NordPass is developed by the same company behind the popular NordVPN service and as such it is great to see the same levels of privacy and security maintained within this new product.
To start with, NordPass makes use of the latest in encryption technologies using XChaCha20 to encrypt data locally on the client device before any data is ever transmitted back to the NordPass servers. This strong encryption is enhanced even further with Argon2 to further encrypt the key used to access the password vault.
NordPass also makes very good use of multi-factor authentication, this means the password vault is secured even further than it otherwise would be with just a password. In fact, it would be fair to say that NordPass effectively implement a third factor of authentication, in addition to the password and use of a multi-factor authentication app such as Google Authenticator, NordPass also email an access code to the accounts registered email address each time a login attempt is made. This means to access a NordPass vault you must know the vault password, have the phone with the 2FA app running and further have access to the registered email account – a very secure setup!
Furthermore, NordPass run a no knowledge service meaning you control the encryption keys to your password data and no-one else, should you ever forget your password then NordPass will not be able to help. Should you ever find yourself in such a situation NordPass do allow a recovery key to be copied during setup which will help re-access the vault in case the password is forgotten, if this option used then this code should be kept somewhere very safe and secure!
One of the few things missing, security wise, is any form of breach detection service built into the software itself. Such services monitor known data breaches and alert users when one of their own logins have been included in the breach. Whilst not essential, this is something being offered by other vendors and as such would be a nice addition to see in NordPass.
Can NordPass Import Passwords?
Yes, in-fact it is clear that NordPass have gone to great lengths here to ensure importing from other password manger is both quick and easy. Heading over to the “Import/Export” page under the app settings page will show tools already available to automatically import from all of the major password managers, these include LastPass, 1Password, BitWarden plus many others.
NordPass can also import password directly from major web browsers such as Firefox, Edge and Chrome which is another big advantage for those already making use of a password manager built into a web browser!
NordPass Free vs Premium
NordPass have been very generous with their free account offering, so much so that with the exceptions of password sharing and simultaneous usage on multiple devices it is very similar to the premium product. As a result of this the free version of NordPass is a very capable password manager in its own right and will suit the needs of many.
One of the big advantages to the premium version is the ability to use the service on up to 6 different devices simultaneously. To be clear, both the free and premium accounts will synchronise between devices automatically but only with the premium version can you have your vault open on more than one device at a time (e.g. if you open up your vault on your PC it will lock on your phone). In all fairness I feel this is a very fair compromise for free usage of such a capable password manager and at only $2.49/m (on a 2-year plan) the premium plan is very fairly priced should you ever wish to upgrade.
The only other notable feature missing from the free version is that of secure password sharing and trusted contacts, this probably wont be too big of a deal for many personal users and probably more suited to small business and people working in small teams. Again, if this is a must then NordPass does still have you covered with the premium plan!
NordPass uses the latest XChaCha20 encryption combined with Argon2 to ensure all user data is kept as secure as is possible. All data is encrypted locally on the local device before any synchronisation takes place and NordPass themselves have no knowledge of the encryption key either.
In addition to this strong encryption it is clear NordPass take security very seriously thanks to the email login codes required before logging into the vault, the integration with popular multi-factor authentication apps including Google Authenticator and Authy providing further security.
User privacy is also highly respected with no personal details required to create a free account (with the small exception of the working email address given this is a part of the security system). Payment can optionally be made for the premium account using crypto currencies providing even more data privacy options to those who require them.
NordPass have a comprehensive knowledge base and support section on their website which is backed up by 24/7 email based support.
In addition to the free version a premium version is available priced at a standard $4.99 on a rolling month-by-month basis or as little as $2.49/m on a 2 year pre-paid plan.
NordPass Review Summary
NordVPN (the company behind NordPass) have developed a great reputation over the last few years for creating products which emphasise security and user privacy, it is great to see this has all carried over into the NordPass password manager!
I particularly like how strong the authentication system is thanks to the additional email codes in addition to the option of a traditional 2FA service such as Google Authenticator or Authy. It is also great to see user privacy taken very seriously with NordPass requiring no personal details from their customers other than a working email address.
With these privacy and security issues aside the service seemed to work very well during my testing and it is clear that a lot of work has gone into this service. This has resulted in a tool which is secure, very easy to use and able to compete on features against much more established players such as LastPass.
Whilst I feel Pricing is reasonable at $2.49/m this involves paying for a 2 year plan upfront, should you want to pay monthly this shoots up to $4.99/m which I feel might be a little high, especially given the service is missing any form of secure cloud storage.
All-in-all a very capable password manager, ideal for those who take security and privacy very seriously. The only real complaint is the lack of secure cloud storage and the need to (realistically) lock into a 2 year plan for good value should you need the premium features, a great effort NordPass!