Tefincom, the company behind the ever-popular virtual private network NordVPN, has recently started expanding into other markets (read our NordVPN review). That started with NordLocker, an encryption service that we rated highly in our NordLocker review, and has now moved to NordPass, a password manager that looks to dethrone the best password managers around.
In this NordPass review, we’re going to take a look at the new kid on the block to determine if fresh eyes in a crowded market makes a difference. After spending some time with an early-access version of the app, we’re here to give you our thoughts on features, pricing, ease of use, security and support.
Although NordPass does everything it should, it doesn’t go beyond the tropes established by more prominent password managers. It’s lacking in features, allowing you to store and autofill your passwords, but not much more. That said, with multiple billing cycles and a generous free plan, NordPass is still worth a shot.
NordPass Video Review
Strengths & Weaknesses
- Easy to use
- Excellent free plan
- Syncing with up to 6 devices
- Excellent browser support
- Sharing options
- No organization or filtering options
- Limited entry support
- Lacking features
NordPass covers the critical features a password manager should, allowing you to share items, sync with multiple devices and autofill your browser search. However, a number of smaller features are missing, making NordPass feel like a lesser option compared to more established password managers.
All plans have “core” features, as NordPass puts it. These include autosave for new entries, a password generator, a password strength checker and autofill for passwords. Additionally, NordPass supports importing entries from a variety of different password managers, including Abine Blur (read our Blur review).
Unlike that service, though, NordPass is lacking in additional features. Some tools can go too far with features — read our LogMeOnce review for an example of that — but NordPass doesn’t include much of anything. For example, an overall security rating is common, but it is not something that NordPass includes.
Furthermore, it only supports credit cards, passwords and secure notes. That takes bank account information, passport information and, most importantly, addresses out of the picture. You can always enter this information in a secure note, but that means you can’t use autofill to, for example, enter your billing information when buying something online.
There are a few other issues with autofill, namely when it comes to alternative URLs. In some cases, you may need your credentials for multiple sub-URLs of a main site. NordPass can, in some cases, recognize that you need the same login information, but not in all cases.
Having the ability to specify alternative URLs would solve the problem, but unfortunately that functionality isn’t present.
NordPass Password Sharing
NordPass’ best feature is its ability to securely share logins, credit cards and notes with anyone. You can view your shared items in the browser dashboard, as well as who you’ve shared them with. Although you can send those items to anyone with an email address, they’ll need a NordPass account to view them.
Considering there’s a free plan, that’s not a bad system. Sharing only with other NordPass users allows your data to be sent securely, rather than trusting it to the open internet. It’s important to note that you need a “premium” account to share items, but not to receive shared items.
NordPass Device Support and Sync
As we’ll get into in the “ease of use” section below, NordPass is a browser-based experience, though it requires a local app on Windows, macOS or Linux. There are browser extensions for Chrome, Firefox, Opera, Brave, Edge and Vivaldi, though Safari is oddly omitted.
Additionally, there are apps for iOS and Android that mostly mirror the browser’s interface. As far as syncing, “premium” users can access their information on up to six devices, and free users are limited to one. Six is kind of a strange number, considering most people will need, at most, three, but the option for more is there.
Presumably, this replaces any sort of family or business plan. NordPass is currently focused solely on personal plans, with no indication that it’ll add business or family plans in the future. Seeing its limited organization options, a family plan wouldn’t be great in its current state, anyway. Take a look at our best password manager for small business roundup, if that’s more up your alley.
NordPass doesn’t break from pricing traditions established by other password managers, offering its service for around $3 per month on an annual billing cycle. However, a generous free plan and the option to pay every two years provides more flexibility than the rest of the market.
Although the pricing is stock, the durations are not. NordPass, unlike most password managers, gives you options with your billing cycle. Plans are offered in one-month, one-year and two-year durations, with discounts applied to each.
The monthly option is only $4.99, which is excellent, considering that Dashlane charges the same rate on annual plans (read our Dashlane review).
If you purchase a year, $2.99 is the monthly rate, which is what most password managers charge (read our 1Password review for an example, and our Dashlane vs. 1Password comparison). There are cheaper options — as you can see in our Keeper review, that service only charges $2.50 for an annual plan — but considering there’s a two-year option, that hardly matters. Read our Dashlane vs Keeper comparison.
The price is solid, as are the core features. NordPass provides full support for sharing, notes, credit card information and multi-device sync on its “premium” plan, which more than justifies the price. Although it’s not the cheapest option out there, it’s far from the most expensive. There’s also a 30-day money-back guarantee in place if you decide NordPass isn’t for you.
The free plan sets NordPass apart. Although it still falls short of our best free password manager LastPass, it gets close (read our LastPass review). NordPass’ free plan is for a single device, omitting all the sharing features and the multi-device sync seen on the “premium” plan. That said, unlike Dashlane’s free plan, NordPass offers unlimited storage. Read our Dashlane vs. LastPass and 1Password vs LastPass pieces to see how they compare.
All of the features described in the section above, including autofill, autosave and the password strength checker, are present on the free plan. It’s just as usable as the paid plan, so long as you’re only using it on a single device. Considering that NordPass supports multiple browsers and mobile devices, an upgrade to “premium” is worth it if you want your data everywhere.
NordPass has a streamlined interface that makes getting set up simple. That said, a lack of filtering options makes organizing your vault more difficult than it needs to be. Although the interface looks nice, there are a handful of missing quality-of-life features that would make it more functional.
We received early access to NordPass for the purposes of this review, so there isn’t an established checkout process at the time of writing. However, considering how simple NordVPN and NordLocker are to use, we imagine that NordPass will be simple, too.
Our journey started with installing NordPass on Opera and the mobile app on an Android device (read our Opera review).
After clicking the extension, we were sent to a local setup page, which asked us to install the background app on Windows, macOS or Linux. It’s not clear exactly what this background app is for, but after installing it, NordPass launched us onto a signin page. We had to enter our email and confirm our account with a six-digit code.
Finally, we could set our master password. Because NordPass never sees or stores your master password, you’ll be locked out of your account if you forget it. Thankfully, NordPass provides a recovery code that you can use to restore your account if you forget your password.
NordPass Setup and Import
Despite making you download a background app, NordPass is a browser-based experience, much unlike Sticky Password (read our Sticky Password review). After verifying your identity, you’ll be dumped into the browser interface and asked to import your passwords. If NordPass is your first password manager, you can start from scratch, too.
Just about every password manager is supported, even the fairly new RememBear (read our RememBear review). Additionally, NordPass supports major browsers, including Chrome, Opera and Firefox.
For all of these platforms, you’re going to import a CSV file. However, NordPass segments them on the import page in order to provide instructions on how to export the CSV from all of the supported platforms.
Importing from LastPass, NordPass picked up everything right away, allowing us to choose which passwords, notes and credit cards it imported. Oddly, though, the credit card entries showed up as notes, as did addresses and bank account information.
It’s important to remember that NordPass only supports notes, credit cards and logins at the time of writing, so any additional information will just show up as a note.
Using NordPass and Autofill
We imported just shy of 300 items, and NordPass pulled icons for the sites whenever possible. However, every item just showed up in a list. There are no organization options, no way to add labels to entries, no customizable icons and no folders, much unlike F-Secure Key (read our F-Secure Key review).
When dealing with so many entries, organization is paramount. NordPass looks the part, with a simplistic and attractive interface, but it lacks many of the quality-of-life improvements seen with more established password managers. Organization options, even if it’s just to order the entries alphabetically, are sorely needed.
The issue is only exaggerated in the extension, which shows the same list of entries, though in a much smaller window. You can also access the password generator from the extension, which is similar to our own password generator in many ways. It allows you to set the character limit, use certain characters and avoid ambiguous characters.
Autofill is handled in the same way as most password managers, with a small icon next to any password field. During our testing, NordPass was responsive when it came to autofilling logins. It can’t store addresses, though, so we couldn’t autofill forms. When signing up for a new account, NordPass will automatically capture your login and ask if you want to save it.
NordPass has a simple settings screen consisting of import/export settings, basic account information and your “never save” URLs, which are URLs you’ve specified for NordPass to ignore.
There are three main settings you should pay attention to. The first is autolock, which will automatically lock your account after a certain amount of time, between 15 minutes and one month. You can also disable this settings if you’re the only one accessing the platform where NordPass is installed.
Additionally, you can generate a new recovery code and enable two-factor authentication. NordPass supports the best 2FA apps, including Google Authenticator and Authy, though it lacks support for hardware keys, such as the YubiKey.
When it comes to security, NordPass pushes the envelope with a zero-knowledge model and the latest in encryption. That said, very little is known about its architecture at the time of writing, which makes some features, such as sharing, worrisome.
NordPass, like its encryption sibling NordLocker, embraces the latest in encryption. Your data is secured using XChaCha20, which, in most cases, is superior to AES-256. That’s what most password managers use.
Although it provides similar security to a 256-bit key, XChaCha20 is easier to implement and is less reliant on hardware (read our description of encryption for more on that).
Your data is encrypted locally on your device before being sent anywhere. NordPass receives the encrypted data for the purposes of syncing your devices, but it lacks the information necessary to decrypt it. This is what’s known as a zero-knowledge model, meaning NordPass doesn’t know what’s stored in your vault.
That’s because NordPass never sees or stores your master password. This single phrase secures all of your data, and since NordPass can never access your master password, it can never decrypt your data. Instead, NordPass sees a hashed result of your password that’s been generated using the Argon2 algorithm.
Argon2 generates a key based on your master password, which is used to authenticate you and decrypt your data. Like XChaCha20, Argon2 is a cutting-edge key derivation function released in 2015. If that’s not enough, you can also set up two-factor authentication using a variety of 2FA apps.
Everything is as it should be when it comes to NordPass, though there’s a lack of technical explanation. Most password managers provide a security white paper, detailing not just what algorithms it’s using, but how those algorithms are implemented on a technical level.
NordPass, in its infancy, has no such document — yet. We reached out to ask about the white paper, and the NordPass team assured us that one is in the works.
Just so we’re clear, we have no reason to believe that NordPass isn’t secure. In fact, it’s a leading option when it comes to new, innovative encryption algorithms.
However, we don’t know the technical details of how that security is implemented. For example, there’s no information about how sharing works. That said, for the limited information available, everything checks out for NordPass.
NordPass, as a recently launched product, has little in the way of support documentation. That said, around-the-clock email support and a variety of setup articles should make the onboarding process painless.
There isn’t a lot going on with NordPass, so it doesn’t require a lot of support. Keeping an eye on the service since it was announced, we’ve seen the knowledgebase and blog slowly fill with articles, covering how to set up the application, how to use all of its features and other basic questions.
“Basic” is the key word here. NordPass only covers rudimentary topics, but it covers them in detail. Seeing as it’s a new product, we’re sure there are a variety of issues that have yet to surface and, thus, NordPass isn’t covering them. Much more attention has been paid to the setup process, which features guides for every platform NordPass supports.
Most technical issues will need to be resolved by contacting NordPass. Only email support is available for now, and although NordPass says it’s available 24/7, you’ll need to wait a while to receive a response. For us, it took a little longer than a day.
NordPass doesn’t do enough to stand up to the established password managers. The interface is accessible — though drab, in terms of organization — and the price is right, but the features are lacking. You could do a lot worse (read our Steganos Password Manager review for that), but you can also do better.
What do you think of NordPass? Are you going to sign up for an account? Let us know about your experience in the comments below and, as always, thanks for reading.
- NordPass is a password manager from the creators of NordVPN. It offers unlimited storage for passwords, credit cards and notes, as well as syncing for up to six devices.
- NordPass has a free and “premium” plan. The paid plan is offered in one-month, one-year and two-year durations, with the two-year plan costing only $2.49 per month. There’s also a 30-day money-back guarantee.
- Based on the advanced encryption algorithms used, NordPass is safe to use. That said, there isn’t a security white paper right now, so the technical aspects of the service are still unknown.
- NordPass’ free plan offers unlimited storage for passwords, credit cards and secure notes for a single device. Upgrading to the “premium” plan adds syncing for up to six devices and item sharing.