NordPass Review

NordPass

  • Pricing

    From $2.49 / month

NordPass is a brand new password manager just released by the developers of NordVPN. It is a password manager that is touted as being secure and private, which means that it is theoretically an excellent option for anybody who wants to protect online accounts without the need to remember tons of passwords.

ProPrivacy.com Score 8 out of 10
Visit Site

Summary

NordPass might be new, but it already has extensions for Chrome, Firefox, Opera and Edge, not to mention full clients for Android or iOS devices. What’s more, NordPass is a fully-featured password manager that competes directly with some of the most established services on the market. This means that the password manager is suitable for most users, right out of the box. 

So, is this password manager everything it claims to be? Is the free version worth your time? How is the usability and is it suitable for beginners? And is it a service worth paying for to protect your passwords securely across multiple devices?

NordPass Overview

NordPass is a software solution to people’s modern needs. It promises to store subscribers’ passwords securely and provide access to them in a secure and private manner. As is the case with other password managers, NordPass allows users to access all their online accounts and services with strong unique passwords - while only needing to remember one master password.

NordPass websites

NordPass encrypts passwords stored on its servers with secure client-side cryptography, giving users complete control over passwords in their vault. As a result of this end-to-end-encryption (e2ee), NordPass subscribers never need to worry about their passwords being hacked from Nord’s servers in plaintext or being accessed by NordPass employees (though the software is closed source - more on this later).

The password manager is available for most popular platforms, thanks to its browser-based extensions. This means that you can begin using the password manager right away on just about any system. Admittedly, however, it is not yet available for Safari - so if you are a Mac user, you will need to think about using it on Firefox instead. This is a minor quibble considering that we prefer Firefox over Safari anyway (it is much faster).

Pricing and costs

Like most password managers, NordPass can be used either on a freemium model - or purchased with a full premium subscription. The free plan differs from the premium version in that users cannot sync their passwords across multiple devices. Instead, their passwords are available only on the initial device that they use. In addition, the secure password (and note) sharing feature is unavailable unless you pay. 

This limits the versatility and practicality of the freemium version. However, it does give consumers the ability to try the service and use it indefinitely on at least one device. 

NordPass price

At a cost of $4.99 for a single month, NordPass is definitely on the pricey side. However, these costs do reduce substantially when you commit for a longer period of time. $35.88 for one year is the equivalent of just $2.99 per month. And, at a cost of $59.76 for a two-year subscription (the equivalent of $2.49 per month), NordPass can be considered pretty cheap. 

On the other hand, those prices are per-person and NordPass does not currently have a family plan which provides a discount for families that decide to subscribe to the premium version of NordPass. LastPass, for example, provides the option for six users to enjoy the password manager for just $4 per month - and we hope that NordPass will consider adding this kind of plan to its repertoire in the near future.

Finally, it is worth noting that on top of card payments, NordPass accepts Bitcoin payments for those who want to pay with added anonymity. 

Get NordPass

Features

When it comes to features, NordPass has all the most common features you are likely to see with any of its competitors. Overall, this feature set is impressive and clearly competes with other advanced password managers on the market.

  • Extensions for Chrome, Firefox, Edge, and Opera
  • Background apps for Windows, Mac OS, and Linux
  • Full clients for Android and iOS
  • Local, client-side password storage 
  • Zero-knowledge service with end-to-end encryption for backups and sync
  • Optional two-factor authentication
  • Autosave passwords
  • Autofill passwords
  • Password generator for creating secure passwords
  • Password strength checker
  • Secure notes and form data storage (credit card information, etc)
  • Import passwords (directly from password managers and via CSV)
  • Export passwords (CSV)
  • Syncing on up to 6 devices simultaneously (premium plan only)
  • Secure sharing (passwords, credit cards, and notes) with family, friends, and colleagues (premium plan only)
  • Risk-free 30-day money-back guarantee
  • 24/7 customer support

Setup

Getting NordPass set up on your device is as simple as installing the background client and extension of your choice. We opted for the Chrome version on a Windows computer, and after installing the extension, we were forwarded to a webpage that asked us to install the main Windows ‘background’ application. 

As you can see in the image below, background apps are available for Mac, Windows, and Linux machines - meaning that this password manager is suitable for all platforms. 

NordPass browser

We downloaded the background app by clicking on the link provided and followed the installation wizard steps. Installing NordPass does require you to agree to the license terms, however, there is nothing particularly unusual within this document. 

NordPass Install

It is worth noting that anybody can use this password manager without actually registering an account. However, these users will only be able to store their passwords locally on their own computer. Those passwords are stored in a securely encrypted format. However, if you want to back up your passwords on Nord’s servers (just in case your device breaks or becomes corrupt) you will need to create an account that is registered to an email address.

With the NordPass background app successfully installed, we went ahead and clicked on the NordPass extension in our Chrome browser. This prompted us to provide an email address for our account and following that we received a six-digit confirmation code. 

NordPass digit code

With the six-digit code entered, you will next be prompted for your master password. It is essential that you make this password unique and robust because it will be the key to your password vault. The master password encrypts your passwords locally, and if you forget the master password, NordPass will not be able to decrypt the contents of your vault. For this reason, it is essential that you do not forget your master password.

NordPass set master password

However, to help you out, the firm does issue you with a recovery key that you can store away securely. This code is attached to your account in addition to your master password in case you forget it, helping you to continue accessing your account and decrypting your passwords - just don't lose the recovery code too. NordPass clearly warns that losing the code will result in a complete inability to access your encrypted password vault. 

saving recovery code

With the recovery code saved, you are automatically logged into the NordPass application in your browser - and are able to begin storing your passwords. 

Get NordPass

Ease of use

The browser-based application for NordPass starts by asking you to import your passwords. This can be done from a choice of password managers or via a CSV file. We opted for a CSV file that we downloaded from our Google account. For more information on how to do this, check out this useful guide

We found the whole process to be extremely easy and we're happy to see that all the passwords had been imported successfully. As you can see below, all three of our test passwords were successfully imported. 

3 items added to nordpass

Next, we decided to test the autosave feature by heading over to our Facebook account and entering our credentials. The login field now included the NordPass logo, letting us know that the password manager was working in the background. And, when we entered our credentials and password, we were instantly prompted to save our password to the encrypted vault. 

NordPass working in browser

Clicking on Save in the confirmation window lets you know that your password has been auto-saved successfully. It has to be said that this level of seamless integration is about as good as it gets with any password manager we have ever used. This certainly makes NordPass suitable for beginners wanting to gain better password security online.

With our passwords now saved into NordPass, we decided to test the autofill (auto-complete forms) feature. Heading back to Facebook to see if the password manager would succeed in importing our credentials and password, we can see by clicking on the login field that our username and password had been imported from the vault instantly.

Log in with NordPass

Again, this process is truly effortless, which makes NordPass perfect for anybody who wants an effortless experience right out of the box.

Finally, we decided to test entering passwords into the extension’s browser interface directly. To start, we clicked the Add Login button in the top right. Next we entered the credentials, URL, and other data that was needed for our Netflix login. With that done, the login appeared in our vault. 

log ins in app

Overall, this gives you three options for entering passwords - via import, manual entry, or autosave. 

Password Generator 

The password generator allows you to create robust passwords for any new accounts that you subscribe to automatically, without having to scratch your head and decide whether the password is suitable and strong yourself.

To use the password generator, simply click on the NordPass extension icon in your browser, followed by the settings icon in the top right. Now select the password generator. The app allows you to create passwords up to 60 characters in length - made out of upper and lowercase characters, numbers, and symbols. The password generator also permits you to toggle off ambiguous characters - presumably lowercase l (L) and uppercase I (i), for example. 

The execution of the password generator generally seems superb. Our only minor quibble with it, is that generated passwords are revealed on screen in plaintext by default. Considering that the password manager will be recording and saving those passwords on the user’s behalf, it would seem better to keep them obscured unless the user specifically requests to see them. In this way, the password manager will automatically protect passwords from potential cases of screen-recording malware.

Password strength checker

This feature is pretty self-explanatory. It is a useful way to analyze the health of your passwords quickly and single out any that are in need of updates. This is definitely a feature worth making use of to ensure that no weak password is hanging around in your vault.

Secure Password Sharing

For anybody who has paid for a subscription (or who makes use of the 7-day free trial of premium) - it is possible to share passwords securely. To do so, head to your password vault and click on the three dots next to the password you wish to share. Then click Share.

NordPass log ins

Next, you will be asked to enter the email address that you wish to share your password with. Below that, any previously shared passwords that are pending are also displayed. This permits you to keep track of any ongoing shares already sent out. It also allows you to revoke a pending share if you wish to change your mind (a very handy feature that we commend NordPass for developing).

email, contact email

Next, we headed over to the email address that we shared our Netflix password with. Sure enough, we had received an email informing us that a password sharing attempt had been made. The email told us that we should open a free account if we want to receive the password. Thus, it is worth noting that password sharing is only available across NordPass accounts - never to non-NordPass users. 

This is a bit of a shame. However, overall we found the secure sharing feature to be great and accessible to anybody without needing to pay given that NordPass is available for free

Secure Notes and Data

The final feature worth testing is the secure notes and data feature. Users can opt to store secure notes for themselves containing valuable data and information. And, even to store credit or debit card information in their encrypted vault. 

secure notes tab

To start, select Secure Notes in the menu followed by Add Secure Note. A new window opens that allows you to create a note with a unique title. The notes can be made up of any length, which is great. 

Similarly, to save your credit or debit card data. Click on Credit Cards. You will be provided with an easy-to-fill form for storing your credit card details. 

save credit card details securely

These details can be auto-filled into online shopping forms, meaning that you do not need to keep re-entering your credit card details each time you make a purchase. 

Sync to NordPass for iOS

We thought we best test the sync feature to see how easy it is to get passwords from one platform to another. We downloaded and installed the iOS app, after which we were asked to enter another six-digit code from our email address. After entering the code, all we had to do was enter our master password and the account unlocked, pre-synced with all our passwords. This is truly as easy as synchronization gets. 

sync with iOS

To speak of the iOS app, it is easy to use with all the same features you get on the other version, laid out in a format that is easy to navigate. What’s more, users are given the option to unlock their NordPass with touch ID, which is a nice security addition. And users can go directly to the help center from within the app, which is great.

Get NordPass

Privacy and Security

NordPass is a password manager that claims to provide a zero-knowledge framework. This means that users retain full control over their encryption keys. This kind of end-to-end-encryption (e2ee) is the gold standard for privacy services such as password managers because it means that nobody but the subscriber can access the data they save on the cloud.

NordPass’ e2ee uses robust modern cryptography - specifically the XChaCha20 encryption algorithm. This is an encryption algorithm that is growing in popularity due to its future-proof nature. NordPass implements XChaCha20 with a 256-Bit key length combined with an Argon2 key derivation function. This is considered strong client-side encryption. 

Closed source

With that said, it is worth noting that NordPass is a completely proprietary platform. It is a closed source program, which means that it is impossible to audit and verify that it does the things it says it does. This could mean that data isn’t being secured as is claimed. And it could mean that the firm has placed backdoors in the platform that lets it steal your passwords. This may seem unlikely, and it probably is. However, it is possible and for this reason, we cannot definitively say that it isn’t happening. 

As is always the case, the decision to use closed source platforms comes down to your own threat model. For most people, NordPass is likely to provide a sufficiently robust solution to password security requirements. However, for consumers who want assurances - it is always going to be better to stick to an open source password manager that provides client-side e2ee.

TLS security

In addition to encrypting passwords locally before uploading them to Nord’s servers, NordPass transmits all data securely to its servers using strong TLS security (HTTPS). We checked NordPass’ servers using Qualys SSL Labs and found it to score an A+. This means that its transport layer security is implemented to a high standard and your data is secure in transit. 

TLS security

Recovery code security

NordPass implementation of a recovery code is a useful addition. And we were happy to see that users can opt to create a new one if they fear the old one may have been compromised.

recovery code

Other security features

The availability of Two Factor Authentication at login is also an excellent addition, and we strongly recommend users to enable this if they intend to use NordPass. To do so, users can connect NordPass to their mobile authenticator (Google Authenticator, Duo Mobile, Authy, etc.) by scanning the QR code that appears during setup. 

two factor authentication

For added password security, the NordPass client has both a manual lock and an auto-lock feature. Clicking the manual lock, allows you to disable access to the password vault without the master password - making this password manager ideal for anybody working in a busy office, library, or elsewhere. 

Lock

The auto-lock feature can be set to lock at various intervals, but we set this to the shortest time period (15 minutes) for added security. We suggest that users make the most of the manual lock feature and ensure that they lock their password anytime they are AFK.

Privacy policy

Finally, we checked the privacy policy to ensure that there was nothing suspicious or concerning. Being based in Panama puts this company well out of reach of invasive jurisdictions. And, because it has no access to consumer data (due to the e2ee), there is no risk of employees or the authorities gaining access to your passwords or account data.

However, the policy does reveal that by using the password manager, NordPass will collect some personally identifiable data from you. This includes your IP address and your device’s advertising ID. Thus, it would appear that NordPass does intend to use some of your data for marketing purposes; which may put some people off. 

Customer support

Where customer support is concerned, NordPass is excellent. The customer support team is available via a contact form on its website or via email. That support is 24/7. Admittedly, it would be nice if it offered live chat support in the same way that NordVPN does. 

However, there is probably very little need for live chat support because this password manager is extremely easy to use. Thus, we consider the 24/7 email support to be fantastic. 

We asked the support agents a few questions about the service and always got clear, helpful answers. 

Conclusion

NordPass is a password manager that is well suited to most people. The apps are available for all platforms and syncing passwords across platforms is extremely easy no matter which platform you decide to use. 

Being able to use NordPass for free is excellent and longer subscriptions are not too expensive, should you decide that you require syncing across devices and password sharing capabilities.

We love that this password manager provides strong e2ee, which means that your data is always uploaded in a secure state. However, some people may prefer to stick to a completely open source platform.

Overall, we consider this a staggeringly good entry into the password management niche. The browser-based extensions and clients are extremely easy to use, and the software looks similar across platforms - making it easy to comprehend across platforms. 

This is definitely a no-fuss password manager with a low learning curve that is suited to beginners. That being said, there is something for everyone that is in the market for a password manager that quickly saves passwords and automatically loads them into online forms.

Get NordPass

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. Ray is currently rated #7 VPN and #8 internet privacy authority by Agilience.com.

Recommended Reading

1 Comment

  1. Ron

    on December 20, 2019
    Reply

    As far as I am using this service, I am surprised by how easy it is to navigate through the app. Also, the price is reasonable, considering how many features you get.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: