NordPass Overview
NordPass is a software solution to people’s modern needs. It promises to store subscribers’ passwords securely and provide access to them in a secure and private manner. As is the case with other password managers, NordPass allows users to access all their online accounts and services with strong unique passwords – while only needing to remember one master password.
NordPass encrypts passwords stored on its servers with secure client-side cryptography, giving users complete control over passwords in their vault. As a result of this end-to-end-encryption (e2ee), NordPass subscribers never need to worry about their passwords being hacked from Nord’s servers in plaintext or being accessed by NordPass employees.
The password manager is available for all popular platforms, thanks to its apps and browser-based extensions. This means that you can begin using the password manager right away on any system. Admittedly, NordPass is not yet available as an extension for Safari – so if you are a Mac user, you will need to think about using it on Firefox instead. This is a minor quibble considering that we prefer Firefox over Safari anyway (it is much faster).
Pricing and costs
Like most password managers, NordPass can be used either on a freemium model – or purchased with a full premium subscription. The free plan differs from the premium version in that users cannot sync their passwords across multiple devices. Instead, their passwords are available only on the initial device that they use. In addition, the secure password (and note) sharing feature is unavailable unless you pay.
This limits the versatility and practicality of the freemium version. However, it does give consumers the ability to try the service and use it indefinitely on at least one device.
At a cost of $4.99 for a single month, NordPass is definitely on the pricey side. However, these costs do reduce substantially when you commit for a longer period of time. $35.88 for one year is the equivalent of just $2.99 per month. And, at a cost of $59.76 for a two-year subscription (the equivalent of $2.49 per month), NordPass can be considered pretty cheap.
On the other hand, those prices are per-person and NordPass does not currently have a family plan with a discount for families that decide to subscribe to the premium plan. LastPass, for example, provides the option for six users to enjoy the password manager for just $4 per month – and we hope that NordPass will consider adding this kind of plan to its repertoire in the near future.
Finally, it is worth noting that on top of card payments, NordPass accepts Bitcoin payments for those who want to pay with added anonymity.
Features
When it comes to features, NordPass has all the most common features you are likely to see with any of its competitors. Overall, this feature set is impressive and clearly competes with other advanced password managers on the market.
- Extensions for Safari, Chrome, Firefox, Edge, and Opera
- Full apps for Windows, Mac OS, Linux, Android and iOS
- Local, client-side password storage
- Zero-knowledge service with end-to-end encryption for backups and sync
- Optional two-factor authentication (including biometrics on mobile devices)
- Nord Account feature (lets users log in to NordPass or other Nord services more easily)
- Can be synced to tablets
- Autosave passwords
- Autofill passwords on all platforms
- Saves names, addresses, and phone numbers for copying and pasting
- Password generator for creating secure passwords (now on mobile and desktop)
- Password strength checker
- Password folders to group login credentials into categories
- OCR scanner (for scanning typed or handwritten text and uploading it to your vault)
- Secure notes and form data storage (credit card information, etc)
- Personal Information storage center for names, addresses, etc, that can then be auto-filled into online forms
- Import passwords (directly from password managers and via CSV)
- Export passwords (CSV)
- Syncing on up to 6 devices simultaneously (premium plan only)
- Secure sharing (passwords, credit cards, and notes) with family, friends, and colleagues (premium plan only)
- Risk-free 30-day money-back guarantee
- 24/7 customer support
NordPass has added to its array of features recently, introducing two new security tools: the Data Breach Scanner and Password Health. Available on the Premium plan, Data Breach scanner scours the website to check whether any of your data has been compromised in leaks or breaches. Business clients can check out Password Health, too, which takes a look at all the passwords stored in your vault and picks out the ones that are in need of an update. Weak, reused, and old passwords are flagged for your attention, making it easy to ensure you're always up to date with your security.
Setup
Getting NordPass set up on your device is as simple as installing the app that you need and extension of your choice. We opted for the Windows client and the Chrome extension. However, as you can see in the image below, full platform level apps are available for Mac, Windows, and Linux machines – meaning that this password manager is suitable for all platforms.
We downloaded the Windows app by clicking on the Windows 10 option and followed the installation wizard steps. Installing NordPass does require you to agree to the license terms, however, there is nothing particularly unusual within this document.
It is worth noting that anybody can use this password manager without actually registering an account. However, these users will only be able to store their passwords locally on their own computer. Those passwords are stored in a securely encrypted format. However, if you want to back up your passwords on Nord’s servers (just in case your device breaks or becomes corrupt) you will need to create an account that is registered to an email address.
With the Windows NordPass app successfully installed, we were prompted to provide an email address for our account. Following that, we received a six-digit confirmation code that allowed us to log in to the app.
With the six-digit code entered, we were prompted for a master password. It is essential that you make this password unique and robust because it will be the key to your password vault. The master password encrypts your passwords locally, and if you forget the master password, NordPass will not be able to decrypt the contents of your vault. For this reason, it is essential that you do not forget your master password.
From now on, purchasing NordPass also gets you a Nord Account, which allows you to log in and out of NordPass and Nord's other services (such as NordVPN) more quickly and easily by using a six digit code. If you forget the code or password for Nord Account, you can't recover that particular password.
However, to help you out, the firm issues you with a recovery key that you can store away securely. This code is attached to your account in addition to your master password in case you forget it, helping you to continue accessing your account and decrypting your passwords – just don't lose the recovery code too. NordPass clearly warns that losing the code will result in a complete inability to access your encrypted password vault.
With the recovery code saved, you are automatically logged into the NordPass application in your browser – and are able to begin storing your passwords.
Ease of use
The NordPass application starts by asking you to import your passwords. This can be done from a choice of password managers or via a CSV file. We opted for a CSV file that we downloaded from our Google account. For more information on how to do this, check out this useful guide.
We found the whole process to be extremely easy and we're happy to see that all the passwords had been imported successfully. As you can see below, all three of our test passwords were successfully imported.
Next, we decided to test the autosave feature by heading over to our Facebook account and entering our credentials. The login field now included the NordPass logo, letting us know that the password manager was working in the background. And, when we entered our credentials and password, we were instantly prompted to save our password to the encrypted vault.
Clicking on Save in the confirmation window lets you know that your password has been auto-saved successfully. It has to be said that this level of seamless integration is about as good as it gets with any password manager we have ever used. This certainly makes NordPass suitable for beginners wanting to gain better password security online.
With our passwords now saved into NordPass, we decided to test the autofill (auto-complete forms) feature. Heading back to Facebook to see if the password manager would succeed in importing our credentials and password, we can see by clicking on the login field that our username and password had been imported from the vault instantly.
Again, this process is truly effortless, which makes NordPass perfect for anybody who wants an effortless experience right out of the box. It is also worth mentioning that NordPass has now added the autofill feature to its mobile clients, which means that both Android and iOS users can also benefit from this convenience.
Finally, we decided to test entering passwords into the app's interface directly. To do so, we clicked the Add Item button followed by Add Login. Next we entered the credentials, URL, and other data that was needed for our Netflix login. With that done, the login appeared in our vault.
Overall, this gives you three options for entering passwords – via import, manual entry, or autosave. It is also worth noting that you can add those passwords to folders, so you can easily group passwords into pre-defined categories such as social media, work, streaming services, or whatever else you need.
Password Generator
The password generator allows you to create robust passwords for any new accounts that you subscribe to automatically, without having to scratch your head and decide whether the password is suitable and strong yourself.
To use the password generator, simply click on the NordPass extension icon in your browser, followed by the settings icon in the top right. Now select the password generator. The app allows you to create passwords up to 60 characters in length – made out of upper and lowercase characters, numbers, and symbols. The password generator also permits you to toggle off ambiguous characters – presumably lowercase l (L) and uppercase I (i), for example.
The execution of the password generator generally seems superb. Our only minor quibble with it, is that generated passwords are revealed on screen in plaintext by default. Considering that the password manager will be recording and saving those passwords on the user’s behalf, it would seem better to keep them obscured unless the user specifically requests to see them. In this way, the password manager will automatically protect passwords from potential cases of screen-recording malware.
The password generator is available in the desktop and mobile apps, meaning that you can now make use of this excellent feature on any platform.
Password strength checker
This feature is pretty self-explanatory. It is a useful way to analyze the health of your passwords quickly and single out any that are in need of updates. This is definitely a feature worth making use of to ensure that no weak password is hanging around in your vault.
Secure Password Sharing
For anybody who has paid for a subscription (or who makes use of the 7-day free trial of premium) – it is possible to share passwords securely. To do so, head to your password vault and click on the three dots next to the password you wish to share. Then click Share.
Next, you will be asked to enter the email address that you wish to share your password with. Below that, any previously shared passwords that are pending are also displayed. This permits you to keep track of any ongoing shares already sent out. It also allows you to revoke a pending share if you wish to change your mind (a very handy feature that we commend NordPass for developing).
Next, we headed over to the email address that we shared our Netflix password with. Sure enough, we had received an email informing us that a password sharing attempt had been made. The email told us we should open a free account if we want to receive the password. Thus, it is worth noting that password sharing is only available across NordPass accounts – never to non-NordPass users.
This is a bit of a shame. However, overall we found the secure sharing feature to be great and accessible to anybody without needing to pay given that NordPass is available for free.
For those who are interested in the security of the password sharing option, NordPass uses public key cryptography (asymmetric cryptography) to establish a secure connection between users. This ensures that passwords cannot be intercepted in a Man-in-the-Middle attack.
Secure Notes and Data
The final feature worth testing is the secure notes and data feature. Users can opt to store secure notes for themselves containing valuable data and information. And even to store credit or debit card information in their encrypted vault.
To start, select Secure Notes in the menu followed by Add Secure Note. A new window opens that allows you to create a note with a unique title. The notes can be made up of any length, which is great.
Similarly, to save your credit or debit card data. Click on Credit Cards. You will be provided with an easy-to-fill form for storing your credit card details.
These details can be auto-filled into online shopping forms, meaning that you do not need to keep re-entering your credit card details each time you make a purchase.
OCR Scanner
NordPass has now added an OCR scanner to its mobile clients that allows you to easily scan any handwritten or typed text in order to automatically upload it into your vault for safekeeping. This feature allows you to back up important notes, work, data from forms, ID documents, contracts, or anything else to your vault quickly – without needing to type them in. We like this extra feature, which adds a lot of convenience.
Biometric unlock
For those who use NordPass on their mobile device, the firm has now also added Biometric unlock to the clients, which allows users to open the password manager without the need to enter a password. This adds convenience by allowing those users to leverage the fingerprint scanner on their devices for opening the app.
Sync to NordPass for iOS or Android
We thought we best test the sync feature to see how easy it is to get passwords from one platform to another. We downloaded and installed the iOS app, after which we were asked to enter another six-digit code from our email address. After entering the code, all we had to do was enter our master password and the account unlocked, pre-synced with all our passwords. This is truly as easy as synchronization gets.
To speak of the iOS and Android apps; they are easy to use and have all the same features you get on the other versions (and some extras such as the OCR scanner).
Those features are all laid out in a format that is easy to navigate. What’s more, users are given the option to unlock their NordPass with touch ID, which is a nice security addition. And users can go directly to the help center from within the app, which is great.
Privacy and Security
NordPass is a password manager that claims to provide a zero-knowledge framework. This means that users retain full control over their encryption keys. This kind of end-to-end-encryption (e2ee) is the gold standard for privacy services such as password managers because it means that nobody but the subscriber can access the data they save on the cloud.
NordPass’ e2ee uses robust modern cryptography – specifically the XChaCha20 encryption algorithm. This is an encryption algorithm that is growing in popularity due to its future-proof nature. NordPass implements XChaCha20 with a 256-Bit key length combined with an Argon2 key derivation function. This is considered strong client-side encryption.
Closed source
With that said, NordPass is a completely proprietary platform. It is a closed source program, which means that it is impossible for anybody with an interest in the security of the platform to audit and verify that it does the things it says it does.
The good news, however, is that NordPass has had full third party audit of its platform. That audit was performed by Cure53 a trusted security company from Germany. That audit verified the security of NordPass encryption, API, and its mobile and desktop apps – meaning that you can trust NordPass to secure your data and passwords.
As is always the case, whether you use this closed source platform comes down to your own threat model. However, the fact that NordPass has now had a full audit means you trust it to provide effective password management and protection.
TLS security
Besides encrypting passwords locally before uploading them to Nord’s servers, NordPass transmits all data securely to its servers using strong TLS security (HTTPS). We checked NordPass’ servers using Qualys SSL Labs and found it to score an A+. This means that its transport layer security is implemented to a high standard and your data is secure in transit.
Recovery code security
NordPass implementation of a recovery code is a useful addition. And we were happy to see that users can opt to create a new one if they fear the old one may have been compromised.
Other security features
The availability of Two Factor Authentication at login is also an excellent addition, and we strongly recommend users to enable this if they intend to use NordPass. To do so, users can connect NordPass to their mobile authenticator (Google Authenticator, Duo Mobile, Authy, etc.) by scanning the QR code that appears during setup.
For added password security, the NordPass client has both a manual lock and an auto-lock feature. Clicking the manual lock allows you to disable access to the password vault without the master password – making this password manager ideal for anybody working in a busy office, library, or elsewhere.
The auto-lock feature can be set to lock at various intervals, but we set this to the shortest time period (15 minutes) for added security. We suggest that users make the most of the manual lock feature and ensure that they lock their password anytime they are AFK.
Privacy policy
Finally, we checked the privacy policy to ensure that there was nothing suspicious or concerning. Being based in Panama puts this company well out of reach of invasive jurisdictions. And, because it has no access to consumer data (due to the e2ee), there is no risk of employees or the authorities gaining access to your passwords or account data.
Customer support
Where customer support is concerned, NordPass is excellent. The customer support team is available via a contact form on its website or via email. That support is 24/7. Admittedly, it would be nice if it offered live chat support in the same way that NordVPN does.
However, there is probably very little need for live chat support because this password manager is extremely easy to use. Thus, we consider the 24/7 email support to be fantastic.
We asked the support agents a few questions about the service and always got clear, helpful answers.
Conclusion
NordPass is a password manager that is well suited to most people. The apps are available for all platforms and syncing passwords across platforms is extremely easy no matter which platform you use.
Being able to use NordPass for free is excellent and longer subscriptions are not too expensive, should you decide that you require syncing across devices and password sharing capabilities.
We love that this password manager provides strong e2ee, which means that your data is always uploaded in a secure state. And the fact that it has now received a full audit from a respected third party security firm massively increases trust in the platform, which is wonderful.
Overall, we consider this a staggeringly good entry into password management from a company that is already well known for its high-quality VPN service. The browser-based extensions and platform-level clients are extremely easy to use, and the software looks similar across platforms – making it easy to comprehend.
This is definitely a no-fuss password manager with a low learning curve that is suited to beginners. And it is a service that has a lot of interesting features that make it more than just a simple password manager that autofill forms. In our opinion, this makes it well worth looking into.