NordVPN has been at the top of the VPN market for a long time now, ranking highly in our VPN comparisons. Then in 2019, the ambitious Nord Security released a password manager called NordPass. We’ll cover this password manager’s latest developments in our NordPass review below.
- Information stored by NordPass includes passwords, credit cards, secure notes and personal information.
- Instead of the industry standard AES-256 encryption, NordPass uses XChaCha20 encryption.
- NordPass allows its users to securely share encrypted data with each other. Without encryption, hackers could intercept this data.
Nord Security proved its commitment to strong security with NordVPN (read our NordVPN review) and continues to innovate security features with NordPass. The password manager delivers solid security by using a unique encryption algorithm that allows for fast and secure password sharing, so there’s a lot to like about this application.
However, NordPass is limited in some other areas, as we’ll discuss in greater detail in this article. Keep reading for the full review and how it compares to other password managers.
NordPass Video Review
05/23/2022 Facts checked
Rewrote the article, including updated pricing info and new features.
NordPass is a secure application that adheres to a zero-knowledge security model and uses XChaCha20 encryption. There is no way for the company to see your passwords or leak them in a data breach because they don’t have access to your private data in the first place.
No, NordPass is a separate product from NordVPN.
Yes, NordPass is a simple application that anyone can use with ease.
NordPass is a secure password manager application, and NordVPN is a virtual private network. The former stores your passwords in an encrypted format, while the latter encrypts and hides your internet connection.
NordPass Review: Alternatives
NordPass: Strengths & Weaknesses
- Encrypted sharing
- Unlimited password storage
- XChaCha20 encryption
- Low price
- Multi-factor authentication
- Auto sync across devices
- Only stores 4 types of data
- Basic password health check
NordVPN had few features when it was first launched in 2019 and has had some time to catch up since then. However, its young age is still evident. NordPass is a good basic password manager with affordable pricing, but it’s still not as full-featured as most of its big-brand competitors.
The NordPass app gives you the option to securely store passwords, notes, credit card details and personal information. The “personal information” category is a relatively new addition and certainly a welcome one, as it allows you to safely record and autofill the names, addresses and email addresses of people in your address book.
We would like to see support for more categories of information in the future, like bank account credentials and passport info, but LastPass covers everything a good password manager needs.
Storing passwords in NordPass is easy. Just click “add item” to record information for one of the four categories and select “password.” The following menu displays fields for a title, your password, email or username, the relevant website and an optional notes field.
From here you can sort your existing passwords into folders or create new folders. NordPass will let you know if your password is a strong or a weak one. However, it doesn’t provide a detailed health score like many other password managers — its assessment is limited to “weak,” “moderate” and “strong.”
Whether you choose to use the NordPass mobile app or the desktop app, NordPass automatically syncs all your passwords across multiple devices. The NordPass mobile apps are available for Android and iOS devices.
NordPass Password Generator
A password manager wouldn’t be complete with a password generator. In the bottom-left corner of the app under “tools” you will find a password generator that’s available for both premium and free users. The password generator will produce strong credentials according to the specifications you set for password length and the type of characters that should be included.
NordPass offers you the option to create two types of passwords: one consisting of a string of random characters, and the other consisting of full words. The character-based password option allows the user to specify the number of characters in the password and whether the password should contain special characters, numbers or capital letters.
The word-based password setting lets you choose a password length of three to 10 words. You can choose to separate the words with spaces, hyphens, periods, underscores or commas. As with the character-based option, you can choose whether or not the password should include capital letters or numbers.
The password generator displays a password health rating for each password created. It will tell you if your password is weak, moderate or strong, but again, it doesn’t give a detailed numerical score like other password managers do.
NordPass keeps your passwords secure not only at rest, but also in transit. With the application’s sharing feature, you have the ability to send encrypted passwords to other NordPass users so no one — not even Nord Security itself — can view your most sensitive data.
Without end-to-end encryption, sharing passwords through insecure applications can expose your credentials to online threats such as man-in-the-middle attacks.
We’ll cover NordPass’s encryption in greater detail in the security section below. We suggest reading our description of encryption if you aren’t up to speed on what encryption is and what it does.
NordPass offers a lot of control over how much information you expose when sharing data with other users. You can grant the recipient full access to give them complete freedom to view, edit and use the encrypted information, or you can grant a limited range of permissions.
With limited access, you can disable editing and black out the password while still granting access to the password. This means you can let someone else autofill your password in their browser without letting that person actually see it. Access is granted, but only for the length of time you specify.
Conversely, you can make someone else the owner of a given item. Making another user an owner will not only grant them full access to view and edit the assigned item, but also revoke permissions from other users. Use this feature with caution.
NordPass Browser Extension
The browser extension is pretty basic. With the extension you can access your passwords without opening the desktop app and autofill passwords directly in your browser. Beyond that, it doesn’t do much else. Browser extensions are available for Chrome, Firefox, Edge, Brave, Opera and Safari.
Data Breach Scanner
Data breach monitoring is one of the cornerstones of a good password manager, and NordPass doesn’t skip out on it. Near the bottom of the sidebar in the desktop app under “tools” is a data breach scanner, which will check all of your saved email addresses against a database of known data breaches.
If NordPass detects any compromised passwords, simply click on the affected email address to see a list of the websites that have spilled your login credentials. NordPass organizes the websites into categories of “high priority” and “low priority” so you can see which ones require the most urgent attention.
Enabling multi-factor authentication (MFA) will fortify your account’s security even more. NordPass gives users a selection of authenticator apps, such as Google Authenticator, Authy, Microsoft Authenticator, as well as the option to add another.
Alternatively, you can establish MFA with a USB or your smartphone’s security key. NordPass recommends setting up an authenticator app before enabling a security key in order to avoid getting locked out of your account, as security keys don’t always work on all networks.
NordPass may not have the most features, but its affordable pricing plans gives it a major advantage over many other password managers. You have a choice between using the free version, upgrading to the NordPass Premium plan or using the Family plan.
The free version doubles as a free trial of the Premium plan for the first 30 days. After the 30 days are up, you lose access to the premium features such as sharing, emergency access, password health and data breach monitoring.
As discussed above, the password health feature lacks detailed analysis, but losing the other premium features would be a greater loss. Unfortunately, the free version isn’t good enough to make it on our free password managers list.
NordPass Premium plan subscriptions begin at $1.49 per month, down from the previous price of $3 per month. All premium features are included in this plan for a single user. The Family plan, priced at $4.99 per month, offers all premium features for up to six users. Both the NordPass Premium and Family plans come with a 30-day money-back guarantee.
NordPass Business Plans
There are three additional plans for businesses: NordPass Business, NordPass Enterprise and NordPass Managed Service Providers. In order to sign up for these plans, you must have an email address hosted on a valid business domain.
NordPass Business and NordPass MSP have everything included in the Premium plan, plus managerial capabilities. These include setting company-wide password policies, managing all employees’ passwords from a single dashboard and integration with Google Workspace single sign-on (SSO).
NordPass Enterprise subscribers get all of the above, as well as SSO with Active Directory Federation Services (ADFS). ADFS extends the security of SSO to allow secure access to all resources in an organization’s active directory, including those located outside the company’s own systems.
Ease of Use
Creating a NordPass account follows the standard pattern for any other web service. If you’re using a desktop computer, go to the NordPass website download page and download the relevant executable file.
Launching the executable will bring up a window that will prompt you to enter your email address and create a master password. Your NordPass account will be up and running in no time and you will be able to securely store your personal data right away.
NordPass has added many more organizational tools since its launch. You can store passwords, credit card data, secure notes and personal data in NordPass and sort them into folders. You can write notes for every item saved in the application in case you need more organizational clarity.
As we discussed above, the four categories of information provided by NordPass should cover most kinds of data for most users, but we find it a little restrictive when we have to imperfectly fit another type of data into one of the four predetermined categories. At any rate, NordPass is a password manager, and the password storage is the most important thing to keep organized.
Importing and Exporting Data
NordPass lets you import and export passwords. On the import menu are a selection of browsers and password managers to import passwords from. This includes 11 password managers and five browsers, plus the option to add other browsers.
NordPass supports major password manager players like 1Password, Dashlane, Bitwarden and several others. The supported browsers include Chrome, Firefox and three Chromium-based browsers, but not Safari.
NordPass accepts imported credentials in the form of CSV files. All of the supported browsers and password managers are capable of exporting browser data as CSV files. Exporting data works the same way, as NordPass will save all of your NordPass data as a CSV file that you can then import into another password manager.
NordPass provides guides for importing and exporting your data if you’re looking for more detailed instructions.
It’s no surprise that the maker of a popular VPN service has taken care to make its password manager as secure as possible. Most password managers encrypt their users’ passwords with AES-256 encryption to protect them against both hackers and from the company itself. Everything in your password vault is for your eyes only.
While AES-256 is the industry standard for encryption algorithms, NordPass decided to protect its users with XChaCha20 instead, likely because it’s a faster and simpler protocol than AES-256.
AES needs special hardware acceleration to run smoothly, whereas XChaCha20 runs fast on software alone. This means older devices without built-in hardware acceleration support will run slowly if an application is encrypting data with AES.
NordPass explains that the benefits of XChaCha20 are becoming more widely recognized and will eventually eclipse AES-256.
NordPass adheres to a zero-knowledge security model. This means the company doesn’t have access to your master password or anything stored in your encrypted password vault.
The company only sees a hashed result when you log in with your master password. Additionally, because all of your data is saved and encrypted locally, there is nothing on NordPass’ servers to be leaked in the event of a data breach.
Even the strongest passwords can be compromised if a hacker leaks them onto the internet, but a company’s security failures are out of its users’ control. NordPass was wise to keep all customer data off its servers in the event malicious actors break into their systems, although we haven’t seen any reports of Nord Security suffering from a data breach.
Cybercriminals are always finding ways to steal passwords, but no one else has your fingerprints. You can take your security to the next level with biometric authentication on the NordPass mobile app.
Smartphones with support for fingerprint readers can be configured to secure your NordPass account with your fingerprint in combination with your master password. You will need your master password to enable touch ID on your device.
The NordPass team has thoroughly documented their app as you can see on the NordPass support website. There are dozens of articles on numerous subjects ranging from account setup, troubleshooting guides, billing information and information specific to Nordpass Business, Enterprise and Managed Service Provider subscribers.
So far, NordPass doesn’t have a customer support service hotline, but you can describe your problem to the support team via email. There is also the option of speaking with the support team through a chat box in the bottom-right corner of the NordPass help center web page. However, at the time of writing, we were unable to get the chat support function to work.
NordPass started out in 2019 without much to offer, but it’s added a lot of value since then. It’s not quite as robust as other password managers, but there’s still a lot to admire about NordPass.
Its next-generation encryption will satisfy security enthusiasts, as will its limited access sharing options. It may be a new service that still needs to prove itself, but its improvement over the past year is a good sign that it’s on the right track.
If you’re getting started with password managers, be sure to read our guide to understand how it works.
What do you think of NordPass? Is its Premium subscription plan worth it, or do you prefer the free version? Let us know what you think about NordPass in the comments below. As always, thank you for reading.