VPN provider NordVPN launched its password management solution NordPass recently after a prolonged early access test.
The solution is available for iOS and Android, and the browsers Chrome, Firefox, Opera and Microsoft Edge at the time of writing. Browser extensions require a companion app, called NordPass Background App that needs to be downloaded and installed on desktop devices. You may only use the extensions on desktop devices if the background application is running.
A free version is available that is limited to a single device. Users who need access to their data on multiple devices need to upgrade their account to a paid plan. Paid plans start at $2.49 for a 2-year subscription.
NordVPN promises that “all encryption and decryption” happens on the user’s device. The service uses AES-256-GCM with Argon2 and zero-knowledge encryption. Any data that leaves the system is encrypted before it does so.
Users are asked to pick a master password during setup after they have entered their NordPass email address and verified the email. Access appears to be limited to NordPass customers at the time of writing or users who sign-up for a paid plan. A recovery code is displayed that may be used to recover access if the master password is lost.
Options to import passwords from various browsers and password management solutions is provided. NordPass supports imports from Chrome, Opera and Firefox, and numerous password managers such as KeePass, LastPass, 1Password, Dashlane, or BitWarden. Options to import data from CSV files are also available.
Customers may enable two-factor authentication in the account settings to add another layer of protection to the account; this is highly recommended for users of the service as a breach provides access to all saved passwords. NordPass’ two-factor authentication solution works with popular authentication apps like Authy, Google Authenticator or Duo Mobile.
The password manager displays icons next to login fields; activation displays available logins and options to select these to sign-in to the service in question.
The service does not indicate to the user if logins are available for the particular site; neither the icon in the browser’s address bar nor the icons in the password fields highlight that. You find out only after you click on the icon in the field.
Sign-ins are semi-automated. The service does not seem to support auto-logins into sites which means that you need to select an account manually and hit the log-in button each time you want to sign in. Some users prefer it that way because of added security, others will probably miss the auto-login option as it makes the process more convenient.
The service may be used to pick passwords for new accounts and password changes for existing accounts. Options to modify the parameters for generated passwords are not provided. New accounts and changes are picked up by the service automatically and are saved on user request.
Other features that NordPass supports:
- NordPass users may save notes and credit card information as well using the service.
- Password sharing.
If you look at NordPass and compare it to other password management solutions, you may come to the conclusion that the service is too expensive for what it offers. Even if you compare the free version, you may notice that it lacks in comparison to other applications.
My main gripes with the service are that it requires a background app if you use a browser extension, that it lacks critical settings, e.g. to change password generation parameters, and needs more polishing as well, e.g. an indicator that a login was found for the active site.
I can see this do well as part of a bundle with NordVPN but the service will have a hard time getting traction on its own because of the better, and often times cheaper, solutions that are out there.