Intuitive Password Overview
Keeping track of an ever-growing number of passwords is tricky, especially if you want to keep all your individual accounts properly secure. Passwords need to be strong, which means that they ought to be too difficult to remember. In addition, they must be unique if they are going to properly protect your accounts. This is where password managers like Intuitive Password are designed to help.
Intuitive Password manager belongs to parent company Intuitive Security Systems Pty.Ltd, an Australian firm that has been running since 2013. The service is a highly featured password manager that allows consumers to set and forget passwords for all their accounts.
Unlike many password managers, Intuitive Password provides a Basic plan for free. This service will let anybody start shoring up their accounts with strong passwords that they no longer need to keep track of themselves. A basic account is a little thin on the ground in terms of features, but it does have the most important things you need. However, it will only let you store 20 passwords, so if you require more you will need to pay.
For those that want to splash out and get the ability to export passwords, save passwords locally for offline access, or backup and restore passwords - it will be necessary to upgrade to the Express subscription plan. An Express plan costs $1.34 per month (US) and includes all the features of the basic plan as well as these added features.
The Advanced plan increases the cost of a subscription to $3.36 per month, which, admittedly, is starting to get a little more expensive than other options on the market ($40 per year). Advanced adds account inheritance to the features set, meaning that you can provide a loved one or business partner access to your passwords in the event of an emergency.
Users can also add SMS authentication to their account, which allows them to get security updates when their credentials are updated, or there is an unauthorized login attempt. An email address can also be added to the account to receive these security alerts. “Advanced” accounts can also set an expiry date for each password in order to get a reminder to update them periodically. In addition, a secure messenger is added to the fray, in order to let teams communicate securely with each other. The amount of storage space for notes and messages is also increased to 24,000 characters. And the number of tags you can add to a password increases to 10.
The Pro plan costs $10.07 per month (US) and provides all the features above while adding premium support, unlimited shared passwords, unlimited restore points for accessing old versions of passwords, and increased field size capacity and note length (48,000 characters).
Finally, the Enterprise add-on costs $3.36 per month and allows users to self host their passwords, white-label the service to remove the branding and add company branding and add client features in partnership with the firm in order to integrate it into the business’ needs.
Users can elect to pay via Visa, Mastercard, Amex, PayPal, direct debit, and Discover card. Cryptocurrencies are sadly not accepted at this time.
What Features Does Intuitive Password Offer?
Below is a list of all the features available on the various Intuitive Password subscription plans:
- Free plan (20 passwords)
- Client-side AES encryption for passwords
- Automatic password generator
- Browser extensions to auto-fill passwords (Firefox, Chrome, Edge, Opera)
- Auto-log out for added security
- Security dashboard to check password health
- Emergency access to let an authorized person access the account
- Custom folder management
- Anti-phishing protection using a custom anti-phishing message
- Access restrictions - restrict which country you can access your account from to stop hacking
- Passcode login for added ease of use
- Email support from 9 am to 5 pm Australian time
- Activity log for managing access to passwords
- Offline access to passwords (Express and above only)
- Attach tags to passwords for easy searching (number of tags dependent on plan)
- Single-use codes for accessing your account without using the password
- Activity log to check where and who is logging into the account for security purposes
- Notes feature (word restricted depending on plan
- Secure instant messenger (Advanced and higher only)
- Language options
- Account inheritance (Advanced and higher only)
How to set up Intuitive Password
We decided to test this service using the Basic account because all the important features are available. Being limited to 20 passwords, for example, is not an issue for the sake of testing the password manager.
We found the process of signing up easy. However, it does involve more steps than we are accustomed to. First, you must hand over a valid email address and choose a password. However, to create an account you must also provide a security question and answer.
This security question is used to verify you when they log in from an unknown device or IP address. It is there to protect users against having their password phished. Be sure to make the question hard and preferably choose a question and answer pair that can’t be guessed.
Having entered the necessary details and filled in the verification Captcha, you will receive an email with a verification code. Enter this code in order to begin using your free account.
On the first launch, users are prompted with a walkthrough that helps them access the browser extensions, mobile apps, a User Manual for learning to use the client, and various other useful pointers for setting up folders and storing your first password.
You will also be asked if you want to set up a six-digit passcode for logging in and out of the web portal more easily. This replaces the need to use your email address and password to log in from your specific device. A different passcode must be set up for each device you own, and you can make the passcode the same or different if you prefer.
How Easy is Intuitive Password to Use?
We started by creating a folder for storing our social media passwords in. To do so, we clicked on the big plus in the top left of the client.
We created a folder for storing our social media passwords in and then added our Facebook password to the folder...
In order to add our password to the folder, we were asked to add another security question and answer. This is confusing because the FAQs make no mention of this necessity, or what exactly it is supposed to help with. However, customer support informed us that “you don't have to create a security question and answer to add each password, these fields are optional”.
Next, we added the intuitive password Chrome extension to our browser to test out the autofill feature. (Extensions for Firefox, Edge, Safari, and Opera are also available). With the extension installed, we visited the Facebook homepage and were happy to find that clicking the symbol for the extension allowed us to select our password and import it to the login form automatically.
Being able to autofill passwords using the extension is a useful feature that helps to make this free password manager much more suitable for beginners. We had no trouble entering our passwords into the password manager or loading them into login forms.
However, if you do have any trouble with a particular online form, it is possible to access a password by searching using the tags you created. Following that, you can copy and paste it manually.
If you were hoping for automatic password capture when you enter passwords into website forms (or as you sign up to new services); you are sadly out of luck. Intuitive Password must be hand-fed your passwords manually.
Importing passwords
Next, we decided to import our old passwords from Chrome via a CSV file. To do this, simply head to Chrome - or any other password manager - and export your passwords as a CSV file. Save this file on your computer so that you can upload it to Intuitive Password.
Sadly, we were unable to start importing any contacts without first upgrading to Express. So if you want to import your passwords quickly for free - you may want to opt for a different password manager.
Once we had upgraded, we were able to start the process of importing our passwords using a CSV file. However, it is worth noting that doing so is not as easy as with other password managers.
First, you must download the CSV file template. Then you must open the CSV file that you downloaded from your previous password manager in Excel or Google sheets and copy all the passwords from the CSV file to the Intuitive Password CSV template.
Once all the entries have been copied across correctly, you can import the template to Intuitive Password in the web client. This process is much harder work than with the vast majority of password managers and is definitely a drawback in terms of ease of use.
It is also worth noting that importing passwords using the template does not copy across any categories, tags, or other fields that you previously set up for the entries.
Exporting passwords
Exporting passwords is available as long as you purchase an Express subscription or higher, and you can export your data via CSV, TXT, HTML, JSON, or XML. This is good and means that you will be able to take your passwords with you from Intuitive Password to any other password manager in the future (even if you just need this feature once you could pay for a single month of Express).
Apps
Intuitive Password also has apps for Android, iOS, and Windows Phone. So, if you prefer to access your passwords via an app rather than logged into the web-portal on a browser you do have the option to do so on any mobile device. We found the Android app to work well, however, unlike the extensions it does not have the ability to auto-fill passwords into login forms.
Extras
In addition to storing passwords, Intuitive Password acts as a secure digital vault for a number of other information kinds. By clicking on the category view in the top left you can access storage folders for email and IM accounts, Wallets, and Licenses. The identifications folder lets you save info such as credit cards, software licenses, and IDs such as driver's license or passport details.
How Secure and Private is Intuitive Password?
Being based in Australia is not particularly good in terms of location. Australia is extremely invasive when it comes to surveillance, and the nation has some of the worst mandatory data retention directives in the world.
Australia is part of the Five Eyes surveillance group, and it recently passed a law that forces firms to create back doors into encrypted communications. While all of this is negative, the reality is that - as long as Intuitive Password works as it says it does - your data on its servers should be secure thanks to the implementation of end-to-end encryption.
With Intuitive Password, the account holder retains full control over their account login details and password. Passwords and other data are never uploaded to the firm’s servers which means that they can’t be hacked or accessed by company staff.
All passwords are encrypted with strong AES 256 encryption before being uploaded to servers located in Australia using an RSA 2048 key pair. In addition, all data is transmitted to the firm’s servers using secure SSL. We checked the firms TLS using Qualys SSL Labs and were happy to find that it scored an A thanks to its HTTP Strict Transport Security (HSTS). This means that the SSL transport security is implemented correctly and you can trust all your data to be secure in transit.
Users can also elect to protect any of their passwords (or account categories) with a Master Password. This ensures that any user can allow a friend or family member to use the password manager to access specific information while still concealing access to other more sensitive data and passwords.
While all of this sounds like optimal security on paper, it is worth noting that Intuitive Password is closed source. This means that the source code for the service can not be audited by any third parties.
This is problematic, because it means that you have to trust that the service is doing what it tells you. Without a comprehensive audit of the code, it is impossible to tell if there are any vulnerabilities, exploits, or backdoors in the code that could be putting your passwords at risk.
The more paranoid amongst you may prefer to stick to a fully open-source password manager like KeePass, Bitwarden, or Dashlane. However, it really comes down to your own personal threat model, and there is no real reason to suspect that Intuitive Password isn’t doing as it claims.
Another drawback with Intuitive Password, is that the browser-based web app is implemented using JavaScript. This means that it is vulnerable to certain attacks caused by the way that JavaScript communicates with your browser. As a result, it is possible that a hacker could perform a man-in-the-middle attack. Admittedly, this is a highly targeted attack that is not likely to affect you. It is also true that this vulnerability applies to any password manager with a browser-based client implemented using JavaScript; it is not unique to Intuitive Password.
For added security, users can opt to set up Dual Factor Authentication. However, it seems that users can only use a code received via SMS. Google Authenticator and YubiKey are not available options. Setting up dual-factor auth requires you to safely store a recovery code in case you lose your 2FA device. Anybody who loses the codes will need to verify their identity in order to regain access to their account, and the firm warns that this could take up to 14 days.
How good is Intuitive's Customer Service?
The Intuitive Password website has an exhaustive FAQ section that answers in excess of 80 common questions that were previously asked by its users. Most of the problems or questions you might think of are located in this FAQ, which is an extremely useful resource when it comes to finding out details about the service’s features.
The user manual that is built into the client, as well as the walkthrough that happens when you first launch the web client are both exceptionally useful features that can help any beginner start saving passwords securely using this password manager.
For anybody that requires more personalized help, the option is there to either send a support email or fill in a support form. Clicking on preferences in the top left will allow you to access your personal support pin which the firm may ask you to use for identification purposes.
Please bear in mind that the customer support agents are in Australia and help is only available during Australian working hours. This means that depending on where you live, you will need to wait until the next day to get a response. This can lead to some lengthy back and forth, and may cause problems to take a little longer to get resolved.
On the whole, we found the availability of resources on its websites coupled with the email support to be good. However, if you are located in Europe or the US and prefer to have customer support tailored to your geographic location, you may prefer to shop elsewhere.
My Final Thoughts
Intuitive Password is an excellent little password manager that is highly featured. The free Basic plan means that you can use it to start shoring up your accounts without actually having to pay anything, which is commendable, to say the least. The fact that this password manager provides a zero-knowledge environment is great, and the availability of two-factor auth and the master password functionality is excellent. The level of encryption is strong, and we were happy to see strong HSTS transit security.
The password manager itself is easy to use, and if you do pay for an Advanced account, you will get access to some pretty cool extra features. For teams, the service is useful and the ability to share passwords securely is there. However, it does get a little costly and you do need a separate account for each user and the enterprise add-on too.
The biggest let down with this service is the fact that it is not open-source. Proprietary software that has not been audited is never a favorite here at ProPrivacy.com, because it means that you have to put your trust in the service. We prefer services that remove the need for trust by making their source code available online for any security researcher to audit.
On the other hand, Intuitive Password does have some quirks. Importing passwords is difficult and setting up folders and putting passwords in them isn’t as simple as drag and drop. Instead, you must edit the password entry and select the folder from within the menu.
Admittedly, none of this is necessarily a deal-breaker, but it is fair to say that if you could pay less for more user-friendly service. This minor quibble aside, Intuitive Password is a solid password manager that gets the job done, is suitable for beginners, and is well worth testing using its free plan.
0 User Reviews
Leave a Review
Thanks for your review!
0 Comments
Write Your Own Comment
Your comment has been sent to the queue. It will appear shortly.
There are no comments yet.