PassCamp – Password Manager Overview
Nowadays, internet users must protect impossibly-large numbers of accounts using passwords. If account holders reuse the same password across multiple services, they could open themselves up to having those accounts hacked – even if just one of them is originally penetrated. This problem is compounded by the fact that hackers who manage to steal passwords sell them on the Dark Web, giving more cybercriminals the opportunity to test those passwords across different services.
Password managers like PassCamp are designed to solve this problem by allowing internet users to set robust and unique passwords for each and every account – without the need to remember them. In 2020, there are many password managers to choose from, but not all password managers are the same. Some are closed-source applications that cannot be independently audited. Other services store user passwords insecurely using server-side encryption.
PassCamp is a bit of a mixed bag. On the one hand, it allows subscribers to retain full control over the encryption of their password vault – which is great. However, it is worth bearing in mind that PassCamp is closed-source, so you do have to take the firm at its word when it tells you how the security on the platform is implemented.
For those who do decide to use the service, PassCamp is available for all popular platforms thanks to its browser extensions for Chrome, Firefox, and Safari – and its mobile apps for both iOS and Android (as well as for Huawei phones). For the time being, stand-alone apps for Windows and macOS have not been developed, so you will need to manage your passwords inside your browser using one of the extensions. Check out our best password managers for Mac page for a list of the best services for MacOS.
Pricing – Is it good value?
Like the vast majority of password managers, PassCamp allows consumers to get some limited use of the password manager for free. A free subscription permits a single user to store up to 25 passwords in their vault. Unlike some free password managers, this free plan can be used across all devices too (due to the fact that it is a browser-based app).
The other nice thing about a free account is that you do not need to provide any payment details to gain access. Plus, you get plenty of features such as the secure password generator, secure notes, two-factor authentication, password sharing, and password import.
For users who want to be able to store an unlimited number of passwords, it will be necessary to upgrade onto a Premium personal account. This has the same range features as the free version, but with unlimited storage space for passwords in the vault. The premium subscription will cost you just €2,50 per month (around $35 per year at the time of writing). This is a price that can be considered decent value for money.
For businesses and teams who require a PassCamp subscription, the cost increases to €3.50 per person. However, teams must be a minimum of ten people meaning that the minimum subscription cost for a Teams account is €35 per month.
Overall, these prices seem more reasonable and certainly compete with other password managers on the market – both for individuals and for teams. It is also worth noting that the range of features available to teams is quite varied, which makes the added cost justified (in our opinion). And, don't forget that the free option is available for individuals (which allows it to compete with free options such as Keepass and Bitwarden).
For those who do decide to upgrade to a paid account, this can be done from within the browser interface itself. Clicking on Billing in settings will allow you to upgrade to a Premium plan by providing your payment details.
Unfortunately, this payment method will have to be your card details (VISA, Mastercard, or Amex) because PassCamp does not accept PayPal payments or cryptocurrencies. It is also worth noting that you cannot upgrade from a personal account to a Team account from within the web app. So, if you select personal at the beginning, you will need to contact PassCamp about upgrading to Team (or the customizable Enterprise version).
So, is this password manager good value? At a cost of just 30 euros for a year, we consider this a very reasonable option for most people looking for a password manager. This is not a huge cost, if you do happen run out of space for passwords on the free plan, or if you require some of the more advanced features available when paying.
- Personal and Team accounts
- Free plan (for up to 25 passwords)
- Browser extensions (Chrome, Firefox, Safari)
- Mobile apps (iOS, Android, Huawei)
- Multi-platform support
- Import and export passwords via CSV
- Secure notes
- Secure password vault with end-to-end encryption (E2EE)
- Password generator
- Auto-fill passwords
- Auto-save passwords
- Synchronized item history log (monitor when passwords are changed, edited, shared, etc, using this incorruptible log of previous account actions)
- Password search function
- Two-factor authentication
- Secure password sharing
- Tags (to keep passwords and notes stored in folders)
- Priority Support (Teams only)
- Admin Console (Teams only)
- Easy user management (Teams only)
- Easy user recovery (Teams only)
- Personalized Login address (Teams only)
- User Roles (Teams only)
- Unlimited Guests (Teams only)
PassCamp Setup – Is it easy?
Getting a free or paid account to PassCamp is extremely easy. All you need to do is go to its website, select the kind of subscription you prefer, and provide an email address to create an account.
Following that, you will receive an email with a link that allows you to verify your email address – before being forwarded to create a master password for your password vault. That master password will provide access to the web app and to your passwords, so be sure to select one that is robust.
PassCamp does warn users at this stage that the Master Password must be both secure and memorable – because, if you forget it, you will not be able to regain access to your password vault. This password can be updated at a later date if you wish, and you can add dual-factor authentication from inside the web app.
The need to never lose or forget your master password is the same with any secure password manager that provides E2EE. The firm cannot possibly recover your account because only you, the end-user, have sole access to the key. The master password is never known or stored by PassCamp or its employees – and if you lose it you will be locked out of your encrypted password vault forever.
Admittedly, this may put some people off the service. However, let it be said that this way of doing things is much better, and highly preferable in terms of both privacy and security.
With your account set up, you are ready to login to the web portal. The first time you log in you are asked to select whether you require a team or personal account. We went ahead and selected “personal” and were soon ready to start importing our passwords.
Overall, we found getting a free account with PassCamp to be very straightforward, and the fact that you can easily access your passwords using the web-based portal means that you can start using this password manager across devices.
The fact that even a free account can be used across platforms (whether that be on different browsers or mobile platforms) is a win – after all, some free password managers are locked to only one device.
To finish up setting up this password manager we downloaded the browser extension – so that we could gain access to the autofill functionality that the password manager provides. Again, this was easy thanks to a link within the client that forwards you to the download for the extension. Alternatively, you can also now install mobile apps for Android or iOS, both of which are available within the Apple and Google Play app stores.
With the extension installed, all you need to do is click on it and follow the instructions to log in and attach it to your master vault. Once you have logged in, the extension will serve you a message to let you know that you can now start auto-saving passwords to your vault.
This is a nice touch, which means you don’t actually have to input passwords to your vault one at a time if you don’t want to. Instead, simply go ahead and use services like you normally would, and after logging in the first time the password will get stored away ready for next time.
As is the case with most password managers these days, the setup process is made extremely easy. And, for those who are complete newbies to password managers, there is an excellent video tutorial available in the web app from the moment it loads.
This video will remain available until you save your first password to the vault.
Ease of Use
With your account setup and the extensions installed in your favorite browsers, you are able to start saving passwords. If you have never used a password manager before, the easiest way will be to add passwords to the vault one at a time – either manually or by auto-saving them each time you log in to a service in your browser.
Saving passwords manually is extremely easy. Simply log in to the web app and click on the plus sign. This will provide you with options to either save a password or a secure note to your vault. We went ahead and clicked the password option.
Saving the password is fuss-free, with all that is required is the URL for the login portal, the name of the service, a folder tag so that it can be easily located and updated at a later date, and the password. If the password you want to save is for an application, this option is also available in the drop-down menu at the top.
If you have not set a password for the account in question, or want to change it to something more secure, the option is there to use the password generator feature. To do so, simply click in the password field and click on Generate password.
Clicking on the down arrow allows you to choose from some options for your password. We recommend leaving letters number and signs all switched on. However, you can choose to make the password up to 100 characters long to increase the security of the password that is generated if you wish.
Due to the fact that the password manager will be remembering this password for you, there is little reason not to go ahead and set the password to its maximum strength.
For subscribers who have already used a password manager previously (whether that be a competing service or the password managers built into Chrome or Firefox, for example), it is possible to import all of your passwords in one go. To do this, simply click on settings in the web app and then choose Import/Export items.
In the window that opens you are able to select to either import or export your passwords in the form of a .CSV file. This is a file type that is available for export in Google Chrome and in just about every password manager we have ever tested.
Thus, this will provide what you need to easily import your passwords in one go. And, if you ever decide to move over to a different password manager, the export option will give you the ability to do so without any qualms.
We went ahead and imported a sample of passwords that we exported from Google Chrome, which is something that users seeking to de-Google are likely to want to replicate. If you do not know how to export your password in CSV format (from Chrome or Firefox); you can go ahead and read our guide on how to export passwords from your broswer.
Once the CSV file has been exported and saved somewhere on your hard drive all you must do is click import and select the file.
We found the password import feature to work without issues with the password samples we used. This definitely makes importing passwords quick and easy for anybody who wants to do so.
Remember that if you do use a CSV file to move your passwords around you will want to securely delete that file after the passwords have been moved from one service to the next. Leaving the CSV file laying around on your hard drive is insecure and could allow someone to access those passwords and your accounts.
For anybody who also wants to save important information in their secure vault, PassCamp provides a secure notes feature. The secure notes feature can be used to save important information and data from certificates, licenses, IP documents, or anything you regularly need access to online for some reason.
To add a secure note, simply go ahead and click the + sign on the main page of the web app. Select Secure notes and then add the note and click Save.
If you wish to add a Tag to the note so that it can be grouped with other similar notes, you can opt to do so at this stage. This is a nice extra feature that will come in useful for securely storing information away in your vault.
However, it is worth noting that this is a very basic feature that does not let you save important ID information, credit card info, etc, in such a way that it can be automatically loaded into forms.
Some password managers do allow you to autofill addresses and card details that are stored in the vault, and this is something that it would be nice if PassCamp introduces into its app at some time in the future.
For those who want to further protect their account and their information, the option exists to add 2FA to any account. To implement this useful extra security measure simply click on settings in the web app and click on Profile and Account.
Here you can click on Enable Two-Factor Authentication. Doing so will provide you with backup codes for accessing the account and a QR code that you can scan with either Google Authenticator, Authy, or any other app that supports TOTP authentication.
Secure Password Sharing
Being able to share passwords without having to pass them in plain text over the internet is a staple feature of any good password manager. The good news is that with PassCamp this important feature is not relegated to paying accounts only, instead it is available for all users.
However, secure password sharing is only available between users who have a PassCamp account. So, if you do want to share passwords securely, your contact will need to get a free PassCamp account in order to receive a shared password.
To make use of this feature (which uses asymmetric public-key cryptography to allow users to share passwords) simply select the password you want to share in your vault and click on the share symbol to the right-hand side.
The nice thing about this feature is that you can set permission levels for the passwords you share. This allows you to select whether the recipient can view, edit, or share it with others.
For those consumers who primarily (or only) use a mobile device, PassCamp has standalone apps for iOS, Android, and Huawei phones. This will allow anybody to access their password vault to login to accounts and services on their mobile device. The mobile apps are fully featured with everything that is available in the browser-version of the password manager.
For those looking for a password manager that can be used by teams to protect multiple accounts with the ability to easily share passwords across team members, PassCamp has a number of useful features. This includes the following extras that are not found in a “Personal” subscription:
- Priority Support
- Admin Console
- Easy user management
- Easy user recovery
- Personalized Login address
- User Roles
- Unlimited Guests
These features give teams a more granular ability to share passwords while allowing management to kick users and revoke access to passwords when it is needed. Overall, we found this to be a good selection of Team-friendly password management features.
We are also happy to see that PassCamp is busily working away at introducing new features for its subscribers. According to the road map for Q4 of 2020, PassCamp intends to roll out the following extra features:
- User Groups
- Desktop App
- LDAP integration
- Yubikey integration
- On-Premise solutions
According to PassCamp, its encryption implementation provides robust AES 256 and RSA-4096 asymmetric encryption that ensures your passwords are securely encrypted before they leave your device. PassCamp implements a zero-knowledge proof system that allows the user to demonstrate knowledge of their password without actually revealing the password itself to PassCamp.
Encrypted passwords are stored on a Google Cloud Platform data center, located in Belgium. This is a secure data center that is located in a country generally thought to be good for privacy purposes. This is good to know but doesn’t matter due to the fact that all data is already securely encrypted before it is uploaded there.
In addition to the robust E2EE that PassCamp provides, PassCamp uses TLS to ensure that all data is secured in transit. This adds an extra layer of protection to all data that is communicated between the user’s browser and PassCamp’s servers. We checked PassCamp’s TLS security using Qualys SSL Labs. The score was capped at a B due to the fact that it only supports TLS 1.0 and TLS 1.1. This is a somewhat problematic score in that this is something we can test and we can verify – and it is not implemented as strongly as we would hope.
Finally, it is worth noting that PassCamp is completely closed-source, and for this reason, you do have to trust all the claims that the firm makes about security on its platform. PassCamp told us that it would consider making PassCamp becoming an open-source password manager in the future. However, until that happens and the security of the platform can be verified by a completely independent security auditor – you will have to take PassCamp at its word.
On the other hand, PassCamp was chosen by a Polish think tank (Kosciuszko Institute) as a case study example of a password manager that puts security at the forefront. This adds credence to the security implementation claims made by the company.
Whether you choose to trust PassCamp will ultimately revolve around your own personal threat model. We have no reason to believe that PassCamp isn't telling the truth about how security is implemented on its platform. On the other hand, we have no way to prove it is true. This is the same with all closed source platforms that have not been independently audited by a trustworthy third party.
The first thing to mention is that PassCamp belongs to a company based in Lithuania. This is a location that has previously been criticized for engaging in mass data retention. In Lithuania, mass data surveillance continues even after being struck down by an EU directive in 2016 – raising concerns among human rights activists regarding the legality of the continuation of mandatory data retention directives.
- User name
- Email address
- Server logs
- Billing information
- Customer IP addresses
- Number of accounts
- Number of items in accounts
This is all data that needs to be processed in order to provide its services (other than perhaps customer IP addresses, which aren’t strictly necessary), However, none of this raises any particular concerns. It is also worth noting that the policy is completely GDPR compliant.
Anybody in need of customer support can do so by clicking the Help button at the top of the main screen of the web app. This will forward you to a useful webpage with links to an FAQ, tutorial videos to help you get PassCamp setup and working, and a link to send a message to customer support.
We decided to test the support out to see how long it would take to receive an answer. Clicking on the button just opens your email client, so you may need to copy the email address and paste it into your WebClient instead. We asked a relatively simple question about sharing passwords with non-members. We also asked a trickier question regarding the end-to-end encryption.
The first thing to note is that the automated email warns you that it will take two working days to get a response. So, if like me you happen to ask a question on a Friday afternoon, you could theoretically be waiting till the following Wednesday to get a response.
The good news is that the firm was able to get back to us on Monday – so it is dealing with requests quicker than it initially suggests – which is awesome. It is also worth mentioning that the tough question did result in a little back and forth.
However, the firm pushed ahead, directing us to a whitepaper and other useful information. And, they worked hard in their attempts to figure out what each of our problems was.
Next, we decided to have a look at the setup videos. Clicking the link on the help page forwards you to a YouTube channel. The videos available are useful and cover most aspects of using the service.
All in all, we were impressed with the support we received. The fact that you get support even when you haven’t paid, is excellent. Admittedly, non-paying users will face slightly longer wait times, because help queries by Team users and Premium subscribers are prioritized. However, this seems fair enough to us.
PassCamp is a password manager that impressed us during our tests. The availability of a free password manager that works this well is always good news for consumers, and the fact that it provides its service in a zero-knowledge framework with E2EE is fantastic
The good news is that PassCamp has now published stand-alone mobile apps, and it does have plans to roll out standalone desktop apps in the future. This will help to improve the security of the platform.
To speak of privacy, the PassCamp policy is strong and it is GDPR compliant. Overall, we were impressed with the levels of privacy you get with PassCamp – and we really look forward to it becoming open-source (or to the day when it has been comprehensively audited by a recognized third-party security auditor).
For individuals looking for a password manager that is efficient and easy to use, we have to say that PassCamp seems like a good option. It is definitely suitable for beginners and appears to be better than many of its top competitors. For this reason, we like the service.
For Teams and businesses that need a password manager, this is a superb service that has a lot of useful features for controlling and sharing passwords effectively. So, if you do need a password manager for Team use – PassCamp is definitely one to consider.
Where cost is concerned the service is pretty good. Even a paid subscription can be considered cheap, and for many users, the free version will suffice. And, let it be said that PassCamp is not stingy with its features on the free version, which is a rarity.
Of course, if you do want something that is completely open-source you may prefer to stick to KeePass or Bitwarden. However, in our opinion PassCamp is a service that can be rated highly – and that seems to do things better than many of its popular competitors.