NordPass is the new kid on the secure password manager scene. A sibling of NordVPN, a popular VPN service that has done well in our testing. Given this background, people have had high expectations for NordPass Password Manager. Can it live up to these expectations?
It’s time to put NordPass through the tests and see how it stands up to those competitors. Let’s begin this NordPass review with a quick look at the pros and cons of this newcomer to the password manager scene:
- End-to-end, zero knowledge encryption
- All items stored in the cloud and on your devices
- Categories for Logins, Secure Notes, Credit Card details
- Very strong data encryption (encrypted in transit and at rest)
- Passed an independent security audit
- Optional 2FA support
- Secure sharing of items with other people
- Supports all major operating systems, browsers, and devices
- Free plan is quite limited
NordPass feature summary
Here’s a quick summary of the full set of NordPass features:
- Apps for Windows, Mac OS, Linux, iOS, Android, and leading web browsers
- Advanced encryption XChaCha20 and key derivation Argon2 algorithms for superior security
- Zero-knowledge architecture that ensures not even NordPass can read your data
- Flexible authentication options including 2FA and biometrics
- Secure password import/export/sharing
- Based in privacy-friendly Panama and supported by a leading privacy and security company, NordVPN
Tefincom S.A., the parent company of the NordPass Password Manager, began in 2012 with the creation of NordVPN. The company is based in Panama. Panama is not part of the 5 Eyes / 9 Eyes / 14 Eyes intelligence alliances, and does not have any mandatory data retention laws. This makes Panama one of the best places in the world for a privacy and security company to operate.
Tefincom has a global team of employees, but the company remains under Panama jurisdiction. This applies to other Nord products, including NordVPN and NordLocker.
In terms of building trust in the company and product, NordPass has undergone an independent security audit, just like its sibling NordVPN (an audited no logs VPN service).
NordPass security audits
Like some of the other best password managers, NordPass has completed a full security audit. The work was done by Cure53, a German IT company that has conducted audits on Bitwarden and several other security/privacy services in the last few years. How did NordPass make out in the audit? Here’s what the Cure53 report had to say:
Numerous positive observations have been made in relation to the level of detail and adherence to the specification, clarity and readability of the Go code and implementation, overall security of the desktop application, browser extension, as well as iOS and Android branches of the NordPass applications.
– Cure53 Report, 2020 February
Cure53 has also performed security audits on ExpressVPN and other VPN providers.
NordPass offers a complete range of apps for connecting your devices to their servers. This includes:
- Windows, Mac OS, and Linux desktops
- Android and iOS mobile devices
- Browser extensions for Chrome, Firefox, Opera, Brave, Edge, and Vivaldi
We’ll examine the desktop apps in detail below, so let’s briefly cover the mobile apps.
NordPass mobile apps
The NordPass mobile apps are attractive and have some excellent features. User reviews in the respective app stores are somewhat mixed at the time of this review. However, we can assume the scores will improve as NordPass continues to mature and get better over time (it is still relatively new).
On a positive note, here are some of the features the company has recently added to NordPass mobile apps:
- OCR scanning – To read business cards and written notes and automatically import their content into the NordPass Vault.
- Biometric login – Uses Face ID or the fingerprint reader to log into the vault.
- Autofill – You can configure NordPass to recognize your favorite websites and log you into them with a single click.
- Offline access – Now you can access your NordPass Vault when your device is offline.
- Tablet support – NordPass now supports both Android and iOS tablets.
NordPass browser extensions
The browser extensions give you basic NordPass functionality. You can work with your items and add new items as necessary.
NordPass hands-on testing
For this NordPass review, I installed the 7-day Premium trial version of NordPass on a Windows 10 laptop and a Samsung S9+ smartphone. The Premium version gives you all the features of the free version, along with the ability to share items and the ability to sync and access your passwords across multiple devices. The free version supports only a single simultaneous connected device.
To install NordPass, you download the version for your device and launch it. You’ll be required to enter a valid email address. Nord is working on unifying their security products. The first step is combining your subscriptions for individual Nord products into one unified Nord account. If you already use a Nord product such as NordVPN or NordLocker, your account for that individual product has been converted into a Nord account which can support all your subscriptions in one place. Therefore the company asks that you use the same login credentials for NordPass as you use for that other product.
Once you create your new account or log into your existing one, Nord will send you a confirmation email. Clicking the link in the email takes you to a page that will walk you through creating your Master Password and the rest of the installation process. At the end of the process, NordPass will give you a recovery code that you can use to regain access to your vault if you lose your Master Password.
Next, it will offer you the option to add NordPass to any and all of the web browsers it finds on your system. Once you complete that process, you are ready to use NordPass. The first thing you will see is your empty Password Vault. We’ve been working with this version of NordPass for a while so I don’t have an empty vault to show you. Here’s what my vault looks like at the moment:
A notable improvement from our previous review is the addition of a Personal Info category. It is where you can store names and addresses, along with relevant notes for that person.
You should also see a NordPass icon on the Windows desktop that launches the vault.
NordPass can protect several categories of information:
- Logins – Login information for websites. You can generate new passwords for sites here as well.
- Secure Notes – Freeform (text only) notes such as WiFi login information or important personal notes you want kept safe.
- Credit Cards – Keep copies of all your credit card information here.
- Shared Items – Set up secure sharing of NordPass Vault items here.
- Settings – Adjust how NordPass works, import or export items, and much more. If you are using the free version of NordPass, Settings is also the place to create a free NordPass account to protect/backup the data you’ve entered and access it on other devices.
Of course, before you can do anything useful with the vault, you need to add some items to it.
Adding logins and other items to NordPass
Like the other password managers, if you are already using a password manager on your device, NordPass may be able to automatically import items from that product. Given what a pain in the neck it is to manually enter all your passwords, let’s hope that NordPass can import from the password manager you are currently using.
You do this on the Import tab of Settings. Here are your import options.
The Other option at the bottom of the list is for importing items from other sources. It accepts CSV files from wherever, and gives you at least a fighting chance to import all that data instead of entering it manually.
Manually entering logins and other items
Of course, you can also enter items manually. Simply decide what category it belongs in, open that section of the NordPass Vault, and click the Add link. NordPass will display the appropriate form to enter the data for the item. Here’s what the form for entering Logins looks like:
As you can see, the form can also generate a password if you need one. We’ll talk about the password generator in more detail in the next section.
Letting NordPass capture Logins itself
There is one additional way to get login information into NordPass: let the app capture the information itself. If you log into a website while NordPass is installed and active, it can capture that login information. Once you log in, you should see a box like this one, asking if you want to save the login information.
The next time you visit that website, you can click a NordPass icon in one of the login fields to log into the website.
Working with your passwords
To work with your items, open the NordPass Vault and use the Search NordPass box to find the particular item you are interested in. Options that are relevant to the type of the object will appear to the right, like this:
Alternatively, you can double-click the item name itself to open the item for editing.
One thing we like to check with password managers is how they function when the device doesn’t have an internet connection. Allowing changes to be made on a device without an internet connection raises the possibility of getting out of sync with the data stored in the cloud or on other devices. Like Bitwarden, NordPass resolves this problem by preventing you from making changes when it doesn’t have an internet connection. You can view and use the data that’s stored locally, but you can’t change anything unless NordPass has an active internet connection.
That’s really all you need to know… except we still need to talk about the password generator.
NordPass password generator
When you need a password for an item, simply open that item in the NordPass Vault and click the Generate link. The following dialog box will appear with a brand new password for you.
The default password length is 12 characters, but the generator can create passwords as long as 60 characters, surely enough to protect even the most valuable information.
The generator gives you additional options for special requirements, including the ability to create passwords with or without:
- Uppercase characters
- Lowercase characters
- Ambiguous characters
While there is nothing particularly outstanding about the NordPass password generator, it is quite acceptable and should meet all but the most exotic password needs.
Note: You can use a web-based version of the password generator on this page.
NordPass in action
Using NordPass is straighforward. here are instructions for the various types of items that you can stor in NordPass
When you visit a webpage that accepts login credentials you will normally see the NordPass icon in any input fields that NordPass recognizes. Having these icons appear in recognized fields can speed up your logins slightly.
Note: Placing the icons in recognized fields contrasts with some other password managers, such as Bitwarden. Bitwarden requires you to click its icon in the top right corner of the browser window to see your login options. While the difference in speed is tiny, you’ll be happy to know that NordPass uses the “faster” approach.
Click one of those icons and NordPass will display a LOG IN WITH list (circled in red below) with all the Logins it has stored for that particular site.
Be aware that some websites use nonstandard login screens. This means that NordPass might not always be able to fill the fields for you. In such a case, you can go into the NordPass Vault and open the item manually, copying any data you need and pasting it into the appropriate locations on the webpage.
For other items
To work with Secure Notes, Credit Cards, Shared Items (or even the NordPass Trash bin) open the NordPass Vault and select the type of item you want to work with in the menu on the left side of the window. A lift of the items of that type appears. Select the item you want to work with. As simple as that.
Additional NordPass features
Here are additional NordPass features that boost its value:
Password Strength Checker
NordPass has a standalone password strength checker that you can reach here. Enter a password here and the site will not only rate the strength of any password you enter, it will show you characteristics your password lacks (no uppercase characters or less than 12 characters long, for example). It will also tell you if the password you entered has appeared in any data breaches.
Note: This is another feature that the NordPass team is working to incorporate into the apps.
Random username generator
This tool helps you generate random usernames that take the form of strings of words that would be relatively easy to remember while still being random and hard to guess. Try it out here.
Two-factor authentication (2FA)
For additional security, you can enable two-factor authentication for NordPass Password Manager. Configure NordPass to work with a mobile authenticator such as Google Authenticator or Duo Mobile, and you’ll need to enter the authentication code they generate before you can log in to NordPass.
If you are a Premium plan member you can share items with other NordPass users. Items you share will also appear in the Shared Items section of the NordPass Vault, making it easy to keep track of what you have shared and with whom. While you must be a Premium plan member to share your items, the people you share them with can be Free plan members.
To ensure that no one snoops on the items you share with another NordPass user, you can turn them into a Trusted Contact. By exchanging public keys you create an encrypted connection with that user that you can count on to be secure.
NordPass customer support is provided by the support team at NordVPN, which I have found to be very good.
They provide 24/7 support by email, and have a presence on Twitter and Facebook. The Help center has a good collection of useful articles which will probably grow as the product gets more use.
How secure is NordPass?
Remember that NordPass has passed a comprehensive security audit by Cure53. Combine that with client-side encryption using advanced algorithms like XChaCha20 and Argon 2, I think we can declare this product to be secure.
In terms of privacy, NordPass has a lot going for it. The parent company is based in Panama, a location that is well-respected in the privacy community. The architecture of NordPass is designed around having zero access to your data: a fully end-to-end encrypted, zero-knowledge system. Therefore even if NordPass wanted to access your stuff, your data would remain secure.
NordPass Password Manager prices
NordPass gives you lots of plan options. There is a NordPass Free plan,which is free of charge but has some limitations.
There is also a NordPass Premium plan with three different subscription terms.
There is a NordPass Family plan that bundles 5 independent Premium plans so everyone in the family can be protected while still maintaining their privacy.
Let’s start with the most basic distinction Free vs Premium.
The Free plan is, of course, free of charge. This plan has a few limitations which might motivate you to upgrade to a Premium plan. Here are the drawbacks to the Free plan:
- You can only have one active NordPass session at a time. For example, if you are using NordPass on your desktop and decide to fire it up on your phone, you will be logged out of your desktop.
- You can’t share encrypted passwords with other people. You can receive shared passwords from others but you can’t share your passwords with them.
- You can’t have Trusted Contacts.
Premium price plans
If you move up to a Premium plan you get several benefits. These include:
- You can use NordPass on up to six devices simultaneously.
- You can share your encrypted passwords with other people.
- You can use Trusted Contacts.
The Premium plan does indeed cost only $2.49 a month. But that’s if you sign up for a 2-year subscription. Here is the breakdown of Premium plan pricing by subscription length.
The 1-month plan is currently $4.99 per month. That’s a higher price than most of the competing products I’ve reviewed, and they are all more mature with more features.
Things improve quickly when you move to longer-duration plans. The 1-year plan costs $35.88 billed every year. That makes its equivalent monthly price $2.99.
The 2-year plan is an even better deal. It runs $59.76 billed every two years, for an equivalent monthly price of $2.49. This puts it in line with the rest of the industry leaders.
As we mentioned earlier, the Family plan is a bundle of 5 Premium subscriptions sold together at a discounted price of $47.88 per year. This is a really impressive deal. You get five (5) 1-year NordPass Premium subscriptions for less than the price of two independent NordPass Premium 1-year subscriptions.
NordPass also has a Business plan. The plan provides NordPass Premium accounts for your team, a dedicated account manager and 24/7 customer support. Since NordPass is both GDPR and HIPAA compliant, it can help you meet those requirements by protecting passwords, and login credentials, and other sensitive data.
Nord doesn’t publish more specific information on the NordPass Business plan. If you are interested in using NordPass in your business, you can complete the contact form on this page.
Here are some of the most frequently asked questions about NordPass (along with answers of course!).
Do I really need a password manager?
In today’s world, pretty much everyone needs a password manager. We all have so many online accounts, and the world is full of so many people who want to spy on us or steal from us, that it is virtually certain people are trying to hack their way into one or more of your accounts.
A password manager keeps all your login credentials (username, password, favorite color, whatever) encrypted and safe from prying eyes. This has several advantages for you. You only have to remember one password–the master password for your password manager. Because NordPass (or whichever manager you decide to use) remembers the passwords for you, you can use stronger passwords that are harder to hack. You can also have a different password for every account.
Unlike you and I, your password manager can remember hundreds of passwords without working up a sweat (not that computers sweat, but you know what I mean). Rumor has it that the single biggest reason that accounts get hacked is because the owner used the same password for all their accounts.
Are password managers safe?
Well-designed password managers are very safe.
- They should use strong encryption like the XChaCha20 encryption used by NordPass.
- They should offer 2-factor authorization (2FA) which protects your account even if a hacker somehow guesses your password.
- Their design should be zero-knowledge, which means no one, not even he company that created the password manager can read it.
- They should encrypt your data before it ever leaves your computer.
Do I have to retype all my information if I start using a password manager?
Most password managers have some ability to import data from web browsers and other password managers. Choosing a password manager that can import your data could save you from hours of retyping stuff. NordPass knows how to import data from many of the top password managers. This means the odds are good that it can import your data.
If you are looking at NordPass you are probably looking for a basic password manager with good security. If for whatever reason you decide NordPass is not right for you, you may want to check out Bitwarden. They offer a strong free plan and the Bitwarden code is open source. Like NordPass, Bitwarden has been audited by Cure53.
We have other alternatives listed in the best password managers guide.
NordPass review conclusion
With its recent updates, we believe that NordPass is competitive with other leading secure password managers. We also like the way Nord is pulling all their security products together under one account.We love NordVPN, and NordLocker is on its way to becoming a contender as well.
You can also select different products to add on to your account in the checkout process, which makes it easy to bundle different security products.
That results in ease of management now, and hopefully some kind of synergy later.
Overall, NordPass remains a very polished product. The recent updates have tipped the scales and convinced us to give it a strong recommendation. Check it out risk-free with the 30 day money-back guarantee.