- Strengths & Weaknesses
- Alternatives for Blur
- Phone and Card Masking
- Tracker Blocking With the Blur Browser Extension
- Blur Features Overview
Abine Blur is a password manager that gets a lot right, offering a unique take on privacy features and a generous free plan. However, it lacks the chops to make it onto our best password managers list. From a disjointed interface to a data breach that occurred sometime in 2018, Blur has some problems that are too big to ignore.
In this Blur review, we’re going to recount our experience, now that we’ve taken the app for a spin. After signing up online, as any paying customer would, we launched an account incognito to judge the service up close and personal. Through this review, we’ll touch on our experiences with usability, security and features, all before giving our verdict.
As a company focused on privacy, offering tools such as DeleteMe, it seems Abine’s intentions are in the right place. However, the execution of Blur has some issues. Although we like the app’s features, the context that surrounds those features often poses more of a hassle than it’s worth. That’s not to mention the absolutely insane price tag.
Strengths & Weaknesses
- Free plan
- Masking features
- Tracker blocking
- Account backup
- Local sync option
- Responsive live chat
- Disorganized help center
- Occasionally difficult to use
- Data breach on record
- Little information about security
Alternatives for Blur
- : Android/iOS
Blur is more than just an online password manager, and it offers a range of privacy tools worthy of Abine’s name. Although DeleteMe — Abine’s online cleanup tool –isn’t bundled with Blur, a number of other privacy features are. For no extra charge, you can protect your credit cards and block cross-site trackers.
There are three aspects that make up Blur’s feature set, the first of which is password management. Blur doesn’t have anything special going on when it comes to that, though. You can store passwords, addresses, credit cards and identities, but nothing else.
In addition to skipping past note storage and sharing features, Blur lacks any sort of account analysis (though it’s worth noting that you can add notes to particular accounts). You can view your reused passwords from the accounts page, but you’re not given an overall security rating like you are with Dashlane or LastPass.
Phone and Card Masking
One of the biggest features that sets Blur apart from other password management tools is its masking functionality. You can hide email addresses, phone numbers and even credit cards behind a phony wall, dishing out fake information that redirects to a real location. For example, a masked email might look like [email protected]
The functionality of masking is far reaching, allowing you to sign up for questionable sites online without risking your dear personal data. Masked cards are an interesting bit, though. Unlike virtual credit cards, which simply tie fake information back to your actual credit card details, Blur gives you a limit.
When you set up a masked credit card, you’ll have to enter how much you plan to spend. This card is good for that purchase alone. Thankfully, though, you can generate masked credit cards on the fly using your credit card details and the Blur browser extension.
Tracker Blocking With the Blur Browser Extension
Rounding out Blur’s trio of features is a tracker blocker. As we point out in our 99 free tools to protect your privacy guide, cross-browser tracking is one of the largest threats to your personal data. Thankfully, trackers are automatically blocked with the Blur extension, which you’ll need for autofill.
Although there are plenty of other browser extensions that block trackers, Blur includes it for free with any user. You can, of course, turn this functionality off, but there’s really no reason to. In addition blocking cross-site trackers, Blur also keeps a record of how many trackers it has blocked each day, which you can view in your account dashboard.
Blur Features Overview
|Backup and recovery|
With an unlimited free plan and a slew of features, Blur looks like a safe bet, especially compared to other free password managers. However, unlike LastPass, which you can read about in our LastPass review, Blur doesn’t offer multi-device sync on the free end of things. That forces you into a costly paid plan.
- : Unlimited encrypted passwords, Masked email, Tracker blocking
- : Masked phone number, Backup & sync, Billed annually
- : Masked credit cards, Billed monthly
- : Masked credit cards, Billed annually
There are two options, Basic and Unlimited, though most paying customers should stick with the Unlimited plan. Basic is cheaper, costing just over $3 per month when billed annually, but it doesn’t come with the masked credit card feature. Instead, you’ll need to pay a fee of $2 per card that’s under $100 and a 1.5-percent fee for any cards above $100.
The Basic plan is in line with other password managers, costing slightly less than Dashlane and slightly more than Keeper (read our Dashlane review). There’s a significant price hike when going with Unlimited, though. In addition to having a monthly billing cycle, Unlimited comes with all the masked cards you could want, with no additional fees. However, $15 per month is an unprecedented rate. Even Dashlane’s $10 Premium Plus plan — which comes with a virtual private network, identity theft protection and dark web monitoring — looks modest in comparison. Blur has a lot of features, but you’re paying a hefty premium for them on its Unlimited plan.
Blur Free and Business Plans
The free plan is impressive, though not on the level of a service like Sticky Password (read our Sticky Password review). You get unlimited password storage, but only on a single device. Backup and sync are reserved for paying subscribers. Still, Abine includes its masked email feature and tracker blocking. The free plan also comes with a 30-day trial of Unlimited.
There aren’t any business plans, though. A service like Zoho Vault is generally better suited for medium to large outlets, though small business could take advantage of Blur’s masking features.
Regardless, all new users can rest easy with a 14-day refund window. Despite offering a free plan, Blur also allows you to get your money back within two weeks of purchasing a subscription, no questions asked.
Signing up for Blur is, well, a blur. You just need to enter your email address and a password, and you’ll be booted to the dashboard right away. In some ways, this process is great, as you’re up and running within a matter of seconds. However, the lack of hand holding could prove problematic for technophobes.
The site itself poses a few hurdles, too. There isn’t actually a Blur website. Rather, you can purchase Blur through Abine’s website. The challenge comes from the fact that Abine also talks about DeleteMe there, skipping past a traditional pricing and features page for a single-sheet design.
Blur is easy to use once you get past the site, though, offering a streamlined layout for its many different features. The dashboard you’re greeted with lays out four main categories: “accounts,” “wallet,” “masking” and “tracking.” You can expand these sections if you’re looking for something in particular, say, your identities or your credit cards.
Importing and Organizing Accounts
The accounts page is where we spent most of our time, which is outfitted with a list of your passwords and the number of them that you’ve reused. If you’re starting from scratch, clicking the “new account” button will get you started. You can add your information, generate a password directly on the page and even add a label.
For us, because we’ve used other password managers, we jumped to the import tab. Blur users can import password from other password managers, including KeePass and , or dump their accounts into a generic CSV file. However, there aren’t any tutorials on how to accomplish this process on the import page.
We imported our 297 accounts from LastPass without any problems. Blur even went as far as to skip past duplicate entries, taking care of some much needed cleanup to our LastPass vault. That said, you can’t disable this setting, so it’s possible that some entries may be skipped if they’re flagged as a duplicate.
You’re given flexibility in how your passwords import, though. Instead of taking the CSV structure as law, Blur allows you to change the overarching fields for your entries. For instance, if it accidently picked up your passwords as the site name, you can change the column so everything imports correctly.
Digging Into Blur’s Settings
Although you’ll spend most of your time in Blur’s account page, there are other features hidden within its settings. The most obvious place to look is the “masking” area, where you can set up masked credit cards, emails and phone numbers. Email masking is available to everyone, though masking phones and credit cards is reserved for Unlimited subscribers.
Other than that, Blur doesn’t have too many settings. You can configure 2FA and view your backup passphrase on the settings page, which we’ll cover in the next section. Most importantly, you can manage where your accounts are stored on the settings page.
By default, Blur stores your accounts on its servers so it can sync across your devices. However, you can opt to have your accounts stored locally if you’re worried about a data breach. Unfortunately, that’s a concern you’ll have to think about with Blur.
Using the Blur Chrome Extension
For how basic the online dashboard is, Blur’s Chrome extension is very robust. It’s mainly used for autofill, detecting login fields whenever you land on a site. However, you can customize how Blur sees those fields. For example, if the extension accidentally picks up that a password field is meant for your email, you can change that with the extension.
The extension also opens up a lot of per-site settings. Depending on the page you’re on, you can turn on or off autofill, auto-capture, email masking and much more. Although you manage these settings on a per-site basis by default, you can also apply them universally.
Abine doesn’t have extensive documentation about its security structure, unlike some other password managers, though, from what we can garner, it’s similar to other tools. The concern isn’t how Abine manages your data; everything seems intact there. Rather, it’s a worrying security breach that came to light a little over a year ago.
Before getting to that, let’s get the technical bit out of the way. Your password vault is encrypted with AES-256, which, as you can read in our description of encryption, is basically a virtual Fort Knox. The key that unlocks your AES-256 encrypted vault is derived from your master password, which Blur has zero knowledge of.
Instead, your data is encrypted locally before being sent to Blur’s servers. This process, often referred to as host-proof hosting, ensures that Abine can never see the contents of your vault.
Abine also never sees or stores your master password, which is great for security. However, that also means you’ll need to remember that master password if you want to decrypt your data.
Password resets are not possible, or at least not possible in the traditional sense. In lieu of simply resetting your password, Blur offers a backup passphrase. This passphrase, which is made up of 10 or so random words, is used to reset your master password in case you forget it. You’re required to remember your backup passphrase, though.
The Blur Data Breach
Late in 2018, Abine announced that it had discovered a data breach on its servers. This breach, which affected some 2.4 million users, exposed user email addresses, password hints, addresses, first and last names, as well as encrypted passwords. Though no plaintext passwords were compromised, Blur urged users to change their master password.
There’s no way to know for sure what was exposed. What we do know is that no information stored after January 2018 was compromised. Abine learned about the breach in December 2018 from a security researcher. Based on this timeline, it’s likely the breach actually occurred sometime in 2017.
We’re not going to mince words here: The volume of data that Blur can store makes a breach very threatening. Abine claims that no user data was compromised to the point of disaster. That said, a breach on this scale shouldn’t be taken lightly.
Although Blur isn’t the only password manager to suffer such an attack, the issue is usually bypassed because of the encryption placed on a user’s vault. However, as a privacy tool, Blur has the ability to store your credit cards, email addresses and phone numbers for masking purposes.
Working With Limited Information
We would like to point out that, when it comes to its security structure, we can only evaluate the information that Blur provides to the public. Unfortunately, outside of the chief algorithm used for encrypting your data and some two-factor authentication options, we know very little about how Blur works on a technical level.
The general security concepts are sound, but Blur doesn’t disclose the process of how your account is authenticated. This is a key point when evaluating a password manager, as we saw in our 1Password review. Abine doesn’t have a white paper or any other technical documentation, so all we can do is assume, which is a position we never like to be in.
Blur offers a fairly straightforward support system, with live chat and email at the ready, as well as a FAQ section. Contacting Abine directly is usually the safest bet, though. After reaching out to live chat, we received a helpful response within minutes, which is a far cry from its self-help resources.
There’s a FAQ, and if we’re to believe the “frequently” part of that acronym, it’s safe to assume Abine gets a lot of questions. The FAQ is, frankly, a mess. Although there are clear attempts to organize the questions, everything is dumped on a single page. If you wanted to print the FAQ, it would take 163 sheets of paper, the first six of which are dedicated to the table of contents.
We appreciate the attention to detail, especially considering that most topics are covered with screenshots. However, there’s certainly a better format for displaying a FAQ. Thankfully, there’s a search bar, but with long-form questions, a slight change of phrase could throw off the entire search.
For those who are just getting started, there’s a user manual, which is far shorter than the FAQ. Still, you’re looking at a single page with all of the information dumped on it. What’s disappointing is that Blur’s support resources could be excellent. The format in which they’re presented feels just feels lazy and dated.
Blur is a mishmash of good ideas and awkward execution. The core concept — that being a password manager stuffed to the brim with additional privacy tools — works well. However, the website, support resources and dashboard could use some fine tuning. That’s not to mention the recent security breach.
As a free password manager, Blur is passable, fit with features that other password management tools skip past. However, paying for Blur is a tall ask. The price for the Unlimited plan is far higher than any other password manager, making it difficult for us to recommend Blur.
What do you think of Blur? Are you going to give the free plan a shot? Let us know in the comments below and, as always, thanks for reading.
- Blur is safe to use, on a technical level. However, Abine’s servers were breached sometime between 2017 and 2018, with Abine discovering the breach in December 2018. Although no passwords were compromised, the attackers made off with some user email addresses, phone numbers, addresses and more.
- Blur provides a free and paid plan. The free service offers unlimited password storage and masked emails for a single device. If you purchase the Unlimited plan, which run $14.99 per month, you’ll get access to multi-device sync for your accounts, as well as phone and credit card masking.
- A masked credit card is a virtual credit card that hides your real details. Instead of using your real credit card number, name and security code when purchasing something online, you can use a masked credit card. The funds will still be pulled from your account, but you don’t have to hand over your real credit card information to a payment processor.