NordPass Review
Views: 4715
2023-11-20 23:16
Few people can remember strong and varied passwords for each online account. That's fine because

Few people can remember strong and varied passwords for each online account. That's fine because password managers such as NordPass are readily available. In addition to unlimited password storage, Nordpass offers helpful security features, emergency access, and multi-factor authentication options. That said, the free version of the app has some significant limitations, and the app's password generator didn't always work in testing. Those issues aside, NordPass is an excellent password manager, but you may prefer our Editors' Choice winners, Bitwarden and Dashlane. Bitwarden offers superior free password management, while Dashlane's paid password manager has a host of premium features.

How Much Does NordPass Cost?

NordPass offers a free service tier that includes unlimited credential storage. While the free version syncs credentials across devices, it does not stay logged in when you switch devices, which is an odd limitation. The free version also does not include credential sharing or support for file attachment storage. Bitwarden's generous free plan offers all of those features.

NordPass' Premium tier is $35.88 annually for a single-user account, which is the same as 1Password. Dashlane's comparable service tier is $33 annually, Keeper is $34.99 per year, and Bitwarden Premium is an outlier at $10 per year. A NordPass Family plan adds support for up to six users for $71.88 annually.

Getting Started With NordPass

NordPass offers browser extensions for Chrome, Edge, Firefox, and Opera; mobile apps for Android and iOS; and desktop applications for Linux, macOS, and Windows. Getting started is easy: you just sign up, create a strong and unique master password, download any apps or extensions you need, and begin storing credentials.

(Credit: NordPass/PCMag)

NordPass does not offer a comprehensive tutorial like 1Password's, but helpful prompts during the onboarding phase in the web vault and browser extension windows do a fine job of guiding new users through the password creation or credential importing process.

NordPass can import credentials from 1Password, Bitwarden, Dashlane, KeePass, KeePassX, Keeper, LastPass, Remembear, Roboform, and TrueKey, along with browser imports from Brave, Chrome, Edge, Firefox, Opera, and Safari. It's a lineup that covers most of the top password managers, but it's not as extensive as Bitwarden's ability to import from more than 50 competitors. If you're switching to NordPass from your old password manager and it's not on the list, NordPass accepts imported CSV files, too.

Authentication Options With NordPass

After signing into your vault, it's time to set up your multi-factor authentication (MFA) method. To do so, navigate to the Settings menu, accessible via the gear icon on your NordPass vault dashboard.

(Credit: NordPass/PCMag)

Click the toggle in the MFA section, and then enter the six-digit code the app sends to the email you used to sign up. NordPass then allows you to add an authenticator app or a physical security key to the account. After setting up your MFA method, NordPass prompts you to log out and log back in to enable the setting.

One unique feature in the Settings menu is the option to clear your NordPass items from your clipboard at regular intervals. You can choose periods ranging from 30 seconds to Never. Clearing your device clipboard keeps your passwords from being accessed by other apps with clipboard access. It's a helpful feature that more password management companies should include in the future.

NordPass Data Privacy and Security

Before we review and test a password manager, we send a list of questions to the password management company inquiring about its privacy and security practices. We want consumers to have plenty of information about the companies handling their data. We've included NordPass' responses to our questions below.

Has your company ever had a security breach?

No

What unencrypted information does the password manager store in user vaults?

Everything customers store in their NordPass vaults is encryptedbe it emails, secure notes, credit card details, file attachments, passwords, passkeys, or other authentication information.

What is the company’s policy regarding master passwords?

For the consumer product, the master password is required to be 9 or more characters long and have at least one special character. If lost, this password is impossible to recover, except if a user has kept a recovery code, granted upon the creation of the master password. In any other case, account recovery is not feasible as NordPass' solution is built based on zero-knowledge architecture, meaning that only a user knows what is stored in their vaults. For the business product, every company can set its own master password policy.

What is the company’s policy regarding user data collection and data sales?

All data retention practices are defined with the NordPass privacy policy. NordPass has no technical means to access encrypted passwords, secure notes, or other items stored in users’ vaults because NordPass is built based on zero-knowledge architecture. With customers’ approval, we collect only the anonymized data required for application diagnostics, app usage statistics (i.e., the number of items stored), device information, which helps us in monitoring and developing NordPass services, and other similar information. We do not sell the data to third parties.

How does your company protect user data?

NordPass employs a strong encryption algorithmXChaCha20. It’s considered the future of encryption, with more and more tech giants from Silicon Valley...implementing it in their services. Companies like Google and Cloudflare use XChaCha20 encryption to ensure fast and safe connections for their users.

As a company, Nord Security maintains tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organizational measures to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing.

How does your company respond to requests for user information from governments and law enforcement?

Any request for user data should follow an appropriate official legal process recognized by the laws of the Republic of Panama (e.g., mutual legal assistance treaty, letters rogatory). We carefully review each request to make sure it satisfies laws applicable to our company, laws of the requesting country, international norms, and our internal policies. However, it is important to note that the laws of the Republic of Panama do not oblige us to store logs of users’ online activity.

NordPass’ answers are thorough and in line with the company's statements in the vendor's privacy policy. PCMag encourages users to browse the privacy policies for all apps to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and act accordingly.

Hands On With NordPass

We tested NordPass' functionality using the Windows desktop application, the NordPass iOS app, and the NordPass browser extension for Google Chrome.

(Credit: NordPass/PCMag)

The Windows app is dark grey and white by default, but you can change to a solely dark-grey theme in the Settings menu. The desktop vault dashboard includes a sidebar menu where you can access your passwords, passkeys (more on those later), secure notes, credit cards, personal info, shared items, and any other folders you create. There's also a password generator, a password health section that highlights your old, reused, or weak passwords, and a data breach scanner, which scans breach reports for email addresses and credit card numbers stored in your vault.

NordPass Browser Extension

(Credit: NordPass/PCMag)

The NordPass Windows app and browser extension for Chrome both worked as expected when filling in passwords already stored in our vault. A related feature we noticed is the following pop-up alert, which was triggered when attempting to create a credential with a weak password for a website.

( Credit: NordPass/PCMag)

The alert is helpful, but it probably wouldn't be necessary if NordPass users could always create and autofill new passwords by clicking inside the credential field on a website. While testing, we could generate new passwords with just one click on some websites, such as bestbuy.com. For others, such as PCMag.com, NordPass required opening the app or web vault to generate new passwords, which is not ideal. Dashlane and Keeper both offer streamlined credential creation methods.

( Credit: NordPass/PCMag)

With NordPass' password generator, users can set a password length of up to 60 characters and choose whether to include capital and lowercase letters, digits, and symbols. NordPass passwords default to 20 characters, which is a reasonable minimum.

Storage and Form Filling With NordPass

The Secure Notes section in the NordPass vault allows users to store memos and links and attach files (up to 40MB each).

(Credit: NordPass/PCMag)

In testing, we were able to fill in web forms using the information we provided in the Credit Cards and Personal Info sections of the NordPass vault, as expected. NordPass also allows users to create custom information fields in all sections, as Roboform and Sticky Password do.

(Credit: NordPass/PCMag)

NordPass Passkey Support

NordPass allows the creation and storage of passkeys on all applications via the web vault and with the Firefox and Chrome-based browser extensions. We visited Best Buy's website, signed in using a username and password, then set up a passkey by visiting the account settings menu. The created passkey is accessible in your NordPass vault.

(Credit: NordPass/PCMag)

Currently, not all apps and websites allow passkey logins, so we encourage PCMag readers to continue creating and storing new and strong passwords for all websites they visit.

NordPass' Sharing and Emergency Access Features

To share a credential or other vault item, mouse over it, click the three-dot menu on the right, and select Share. Then, enter a recipient's email and click the Share button. Full rights access allows people receiving your credentials to see and edit the entries. Limited rights take away editing and sharing privileges. Anyone can sign up for an account to access shared items, but only Premium users can share them.

(Credit: NordPass/PCMag)

Modern password managers should offer their subscribers some form of password inheritance in the event of their demise. NordPass allows authorized family members or friends access to your password vault. Authorized users can request access without knowing the master password in the event of an emergency or death, and if the account holder does not accept or decline the request within seven days, NordPass will grant access to the authorized contact.

How Good Is NordPass' Mobile App?

We tested the NordPass app on an iPhone running iOS 16.7.2. NordPass also offers an app for Android. The iOS app worked as expected and includes the functions found in the browser extension and desktop version of the app. Like other top password managers we've reviewed, NordPass' mobile apps support logins using biometric authentication such as face or fingerprint scans.

(Credit: NordPass/PCMag)

The iOS app's user interface is well-organized, though humble in appearance. To compare, 1Password's iOS app is also white-on-white by default, but it offers users a customizable layout that sets it apart from the competition.

Is NordPass Good for Businesses?

Businesses can sign up for NordPass Teams, which is $23.88 per user per year for 10 users. A Teams account includes a credential vault for each employee and single sign-on support for Google Workspace. A NordPass Business account serves 5 to 150 users at $47.88 per user annually and adds a security dashboard to improve password hygiene.

NordPass Enterprise offers support for unlimited users, advanced single sign-on options, and shared folders, with price quotes available on the vendor's website. Competitors such as 1Password include single sign-on integrations for popular corporate software as part of their standard business service tiers, while NordPass reserves SSO integration other than Google Workspace for the Enterprise edition.

(Credit: NordPass/PCMag)

Each NordPass business account includes a free personal account for every employee. After a person's access to the organization's NordPass Business account is restricted, all of the items in their vault move to the "Deleted" page. From there, the organization owner can reassign the passwords and other data to another team member.

(Credit: NordPass/PCMag)

Like 1Password's business offerings, NordPass Business lets users share credentials with other employees or outsiders who download the NordPass app. Employees can control access to their credentials by granting full rights to the password, which allows the recipient to see and edit it, or they can grant Limited rights, which do not allow the recipient to view or edit the password. Administrators can prevent employees from sharing passwords and other items with outsiders by visiting the Settings menu and toggling the Guest Sharing function.

Is NordPass for You?

NordPass handles all the expected tasks of a password manager. The apps and browser extensions are easy to use, the security features are helpful, and even the most expensive service tier doesn't break the bank. However, the free version's limitations and the spotty password generation performance in testing show there's room for improvement. Our Editors' Choice winners in the password management category are Bitwarden for its free password manager and Dashlane for its smooth user experience and advanced features.

Tags password managers