Passwork is a service that is primarily targeted at teams and businesses, however, it is also suitable for solitary users. Sadly, this password manager is not open source, which is definitely going to put some people off the service. In this review, we are going to take a closer look at the service to decide whether it is worth spending your money on a subscription. Or whether it is better to stick to a secure open-source password manager.
It is becoming increasingly difficult to remember robust unique passwords for all the online accounts and services that we use. This is where password managers like Passwork are designed to help. Passwork is a simple password manager that protects your passwords client-side using encryption.
By remembering your passwords on your behalf, you are free to set difficult passwords for all your accounts. And because the service provides end-to-end encryption for all your passwords, you never have to worry about your sensitive login details being stored in a vulnerable state.
Internet users can opt to try Passwork.me for free for five days. The free plan provides access to all the service’s primary features. Beyond that, consumers must pay $1.50 per user - per month. No discounts are available for multiple users, meaning that if you want a team of 25 people to use Passwork, you will need to pay $450 per year.
This is a rather expensive and unusual subscription format, that works out very expensive if you use Passwork for a team. However, the benefits of Passwork for teams may make the service attractive to some businesses despite the steep costs involved.
What Features Does Passwork Offer?
A subscription to Passwork will provide you with the following primary features:
- Secure password management with zero-knowledge
- Strong AES 256 encryption to store and transmit passwords securely
- Apps for all platforms
- Chrome and Firefox extensions
- Auto form fill feature (using the browser extensions)
- Cloud portal for easy access to passwords from anywhere
- Label and search feature for finding passwords effectively
- Import and export passwords easily
- One-click login for websites and services
- Invite teammates to password vaults and folders
- Setup custom permissions for vaults and folders
- Track password changes and revert back to old passwords if necessary (versioning)
- Discover and update weak passwords
- Self host your own password server to avoid using Passwork’s servers
How to set up Passwork
We decided to test this password manager using the 5-day free trial. The good news is that anybody can test Passwork without the need to hand over their card details. This is a nice touch.
Setting up an account is extremely easy. Visit the website and join using a valid email address. When creating an account, the firm reminds you that if you forget your master password you will never be able to access the passwords again.
This is the only disadvantage of true client-side end-to-end encryption. However, while not being able to recover passwords may put some people off; this is actually one of the primary security advantages of the service.
Once you have registered, you will be automatically logged in and can begin using the password manager for free. Anybody who wants to make use of the browser extensions or the dedicated apps for Android or iOS can access them by clicking on the settings icon in the top left followed by Applications.
We downloaded the Chrome extension and the Android app to give them a test run. Both downloaded and installed without any trouble. Syncing passwords from the server is possible because you can use your master password to decrypt passwords no matter which version of Passwork you are on.
It is also worth noting that anybody who wants to update their master password can do so by entering their old password and setting a new one. This ensures that if you believe your master password has been compromised you can update it later to shore-up your entire vault of passwords.
We recommend always using a strong unique master password that you have not used with any other account or service. And strongly recommend that you use a different account password and Master Password (or else you are putting your passwords at risk).
For help choosing a strong master password, check out our password strength checker below:
Is Passwork Easy to Use?
As soon as you have created an account and set a master password you are automatically logged into the web portal and can begin saving passwords into your database.
Passwork has an automatic password generator, meaning that you do not need to think up secure passwords for your accounts yourself. The automatic passwords are 15 characters long and they are made up of a random string of upper and lowercase characters, numbers, and symbols. This is ideal because Passwork is going to be remembering the passwords for you.
We started by creating a vault for our passwords on the left-hand side. To do so click on the “Plus” sign next to vaults and enter a name for your vault.
To add a password click on the blue Add Password button on the main screen. You can add these passwords to your personal vault.
We decided to add the password for our Facebook account in order to test the service. For anybody setting up an online account for the first time, the option to copy a password to your clipboard is available - so that you can enter the automatically generated password into the website you are setting up as you go along.
Once the password has been set up, it will appear in your vault so that you can copy it into the form anytime you prefer. We decided to label the Facebook password yellow (which we decided would be the color for all our social media passwords).
We headed over to Facebook to have a go at using the Chrome extension to access our password for Facebook. Clicking on the extension from the Facebook homepage brought up our password from the vault in a new window.
Clicking on the blue symbol to the right of Facebook auto-fills your password into the login form and allows you to automatically login to your account without needing to do anything. This autofill functionality is ideal and makes this password manager great for beginners who do not want to faff about copying and pasting passwords manually from their vault.
To speed things along, we decided to import some passwords from our old password manager. Most password managers allow you to import passwords via a CSV file, and Passwork is no different.
To begin importing your passwords, first head to your old password manager and export them via CSV file so that they are saved on your hard drive. Now click on the menu icon next to the Add password button on the main screen of Passwork, and select Data Import.
Once the next screen opens you will be given the option to import your CSV file.
We found the function to work without a hiccough, and we were able to import passwords we exported from Chrome for the sake of the trial. This feature is great for anybody who wants to go from one password manager to another quickly and without stress.
Anybody wondering whether they can export passwords will be glad to hear that the reverse function is also available. So, if you decide to leave Passwork behind for a different password manager - you will be able to migrate your passwords successfully. To do so, open the settings and under Management select Export data. Now you can enter your master password in order to export all your passwords as a CSV file.
Anybody wondering whether it is safe to leave their computer while they are logged into the web portal has the option to lock-up the password manager to ensure that the master password must be entered to resume accessing passwords. To lock the password manager simply click on the lock in the top right of the web client.
To check the strength of your passwords, click on the down arrow in the top right of the web client and click on Security Dashboard. Now click on Analyze passwords to check the strength of all your passwords. We enjoyed the report which allows you to quickly ascertain if there are any weak passwords hanging around that need updating.
For anybody who wants to share passwords with team members, it will be necessary for those contacts to also subscribe to the service. Once your contact has paid the subscription fee (companies can pay for multiple accounts in one go) it is possible to begin adding those contacts. To do so, click on Team management in the top left of the web client.
Users can share access to folders and vaults of passwords either directly via the platform or by using a shared secret. We appreciated the ability to give various team members different permissions, which is an important function for businesses who are seeking to control a lot of passwords securely.
How Good is Passwork for Privacy and Security
Passwork is a company from Finland that hosts its data on servers based in Finland. This is considered good for privacy because Finland is not a nation with overreaching surveillance practices. The website is hosted on a .me domain from Montenegro, which again appears to be good for privacy on paper.
Where security is concerned, Passwork provides strong client-side end-to-end encryption. This is achieved via the creation of a master password that is stored locally and is never transmitted to Passwork’s servers.
The master password is completely unrecoverable, so you must be sure never to forget it. Users can use their master password to securely encrypt their passwords with AES 256 encryption before uploading them to Passwork’s servers securely using RSA. This is considered secure.
Passwork also implements strong TLS/SSL encryption to secure all data that is transmitted from a user’s browser to the firm’s servers. We tested the quality of Passwork’s transport security using Qualys SSL Labs and found that it scored an A+. This means that Passwork’s TLS encryption is working as it should and that user data is secure while in transit.
On its website, there is information that seems to imply that the source code for Passwork is available to be audited. However, we contacted the firm and its representative was quick to inform us that Passwork is completely closed source and cannot be audited by anyone.
This is a real shame because for a privacy service to be completely trustworthy it is important for its code to be verified. With closed source code it is impossible to verify that the client-side encryption is working as promised.
Closed source means you must trust Passwork to do as it says it does, and it is that element of trust that creates doubt in any privacy service. At the end of the day, we have no reason not to believe that Passwork doesn’t work as it claims. However, we have no reason to believe it either.
For this reason, it must come down to your own personal situation whether you decide to use this closed source password manager. For anybody who wants a more secure option, it is always better to stick to an open-source password manager that has been fully audited by a trustworthy third party.
For added security, it is possible to set up Dual Factor Authorization. Unlike many services which offer a choice of authenticators, Passwork will only let you authenticate using Google Authenticator.
We also like the ability to check your Sign-in history from the Authorization tab of settings. This allows you to ensure nobody else has logged in and accessed your passwords without your knowledge. It also allows you to remotely log out of any ongoing sessions you are worried about.
Where teams are concerned, one of the benefits of Passwork is the ability to set individual access privileges for individual files, folders, and vaults. This allows a user to share passwords securely with team members or contacts while retaining the ability to revoke access if needs be. Various levels of accessibility can be set, giving password admins full control over which can access what and when.
For sharing passwords directly, users can opt to share a common secret. This allows the recipient to decrypt the password with a password shared via some third party communication channel. This is a secure process.
Anybody who prefers to self-host their passwords on their own server has the option to do so, and this will remove the need to trust Passwork to securely store your passwords on its servers.
How Good is Passwork Customer Service?
Anybody who wants to know more about using this service has the opportunity to learn information on its website. The FAQ is a useful resource that explains everything you might want to know about the self-hosted edition of Passwork. However, information about the browser-based version is a bit thin on the ground.
A blog is available that has articles about data protection and data privacy. However, there are no guides for actually using the service and there is no walkthrough when you first launch the service. This means that any user unfamiliar with password managers will be left confused.
This is a shame, because Passwork is not particularly difficult to get used to, and with just a few user guides we could recommend this service to beginners. As it stands any non-techy users who have never used a password manager before may want to look elsewhere.
For anybody that decides to use the service, there is the option to ask for help via email. We found the support staff to be knowledgeable and responses always came on the same day. However, it is worth noting that the customer support team appears to be small and only available in European business hours.
Live chat is available on its website, which is an excellent resource. However, you will need to log in to Facebook messenger in order to start a conversation. This may leave some users that value privacy feeling rather cold.
My Final Thoughts
Passwork is a secure password manager that is not expensive and can be tested for free. However, it is worth noting that there are no discounts for multiple users. This is unusual and means that there are much cheaper options available for businesses that require a password management solution.
The ability to import passwords from another service is great and being able to access passwords from anywhere via your browser -using a master password - makes this a suitable solution for anybody who requires constant access to their passwords across multiple locations and devices.
The browser extensions and auto-fill functionality make this password manager extremely easy to use. And, it is fair to say that there is not a massive learning curve when using the service. For beginners who have never used a password manager before, however, this service might be a little frustrating. This is primarily because there are no user guides. On the other hand, we have detailed exactly how to use the service in this review, so anybody interested in giving the service a trial using its 5-day free trial can do so without trouble.
Where teams are concerned this password manager has a lot of useful features, and the end-to-end encryption means that your passwords are always stored in an encrypted manner. This means that only you are responsible for the master key to your password vault, and as long as you choose a unique master password you should never need to worry about your passwords being hacked.
Overall, we found this service easy to use and believe it is suitable for beginners who don’t mind learning on their feet.
We were disappointed to find that the web client for Passwork is closed-source and cannot be audited. This means that you must place some trust in the service, and must believe that it does what it says with your passwords. However, it seems fair to say that for most people this is a suitable password management solution that achieves the desired results.