NordPass is a password manager offered by the creators of NordVPN. Given that this is one of our top-rated VPN providers, we had high hopes for this password manager performing well. That said, with a fairly crowded password manager market to compete in, this tool has a lot to live up to.
The aspects of this password manager we will explore include:
- Ease of use
- Value for money
If you’re wondering if NordPass is right for you, we’ve got all the details you need to make the right decision.
NordPass review summary
NordPass comes with plenty of standard features to satisfy most users, plus it’s backed by strong encryption. There are some logistical issues that will be a turnoff for some, but at $2.99 per month, we’d be willing to recommend this password manager as a solid alternative to major rivals.
NordPass overview and features
NordPass’s free version is very functional, but the paid version is well-priced at $36 for a year. The latter can be used on six devices at once, so it’s definitely worth the fee. Secure sharing is an additional paid-only feature that may be attractive to some users.
You can access your dashboard via the desktop or mobile apps. Browser extensions allow for easy saving and auto-filling of credentials. Note that when using browser extensions, you may want to disable your browser’s built-in password manager to use NordPass, to save confusion and dealing with multiple password-related requests.
The benefits of the NordPass app
Here are the main features you’ll find in the NordPass app:
- Master password to access password vault
- Store passwords in folders in the cloud
- Access passwords on desktop or mobile apps
- Generate random passwords (adjustable according to account requirements)
- Autosave passwords when you log in to a new account
- Autofill passwords when you revisit websites
- Easy import for existing passwords
- Password strength checker
- Regular automatic backups to the cloud and syncing across devices
- Share passwords with trusted contacts safely (avoid man-in-the-middle attacks)
- Add encrypted notes to store other password-related information
- Store credit card details for easy access
- XChaCha20 encryption to secure your data, which is used by some of the biggest tech corporations
- Zero-knowledge architecture so no one has access to your information
- Two-factor authentication and biometric authentication
- OCR scanning for inputting card details and other information
- Offline mode
- Straightforward export options
These features are beneficial either from a usability or security standpoint. For example, a random password generator and password strength checker will help you rely on strong passwords, which will protect you from unauthorized access. Meanwhile, autosave and autofill passwords, and easy import for existing passwords, can be real time-saving features.
The features of the free plan
The NordPass free tier enables you to:
- Save unlimited passwords
- Keep notes and credit card numbers
- Sync across devices
However, you can only use it on one device at a time. This is pretty normal, although there are free options out there that work on multiple devices.
The added benefits of the premium plan
When you opt for the premium tier, you’ll be able to:
- Log in on multiple devices
- Enjoy automatic cloud backups
- Add trusted contacts
- Securely share login information with your contacts
- Use a data breach scanner
- Check your Password Health
The longer the plan, the more you’ll save
The paid NordPass plan has several price tiers depending on the term length you go for:
- A month-to-month plan costs $4.99 per month, but you can get a large discount for paying for a longer period in advance.
- The one-year plan is $2.99 per month.
- The two-year option is $2.49 per month.
The family plan can help you save, too
Nord also offers a family premium plan that can help you save since the costs can be divided up between everyone in the same household. The benefits of this plan include having up to five unique accounts and the ability to store unlimited passwords.
The premium plan comes with a 30-day money-back guarantee. Payment options include:
- Major credit cards
- Several cryptocurrencies
No bundle deals
Nord offers three services:
- The NordPass password manager
- A file encryption tool called NordLocker
These are all billed separately and there is no bundle deal. This is a positive in the sense that you only pay for the services you’re using, but some loyal Nord users may miss not being rewarded.
Look out for limited time offers
Nord also adds offers for NordPass periodically, usually just before the holiday season. However, these are only available for a limited time. It’s worth looking out for these deals. For example, during Spring 2021, you could enjoy up to 70% off NordPass plans.
When you’re signing up for a password manager, one of the most important questions is whether or not you can trust this provider.
Nord has a good track record
Nord has been around for a long time and has a solid track record when it comes to security. For example, NordVPN scored very highly when we compared the security standards of multiple VPNs side-by-side. In fact, its privacy and security score was only beaten by one other provider (CyberGhost), and that was only minimally.
The VPN logging policy has twice been audited by PricewaterhouseCoopers in 2018 and 2020. The 2020 audit was much broader, yet the VPN’s no-logs policy still aced the test this second time around.
There was a 2019 report of a data breach involving NordVPN passwords. However, it should be noted that this was due to users using the same passwords across accounts (making them discoverable via credential stuffing attacks) and did not involve a breach of NordVPN’s security systems.
With NordPass, you never have to be concerned that someone will get their hands on your password. Your data is secured by XChaCha20 encryption, which is used by the likes of Google and Cloudflare. The service is built on zero-knowledge architecture, which means that no one at NordPass can view your passwords (including your master password), credit card details, or encrypted notes. Even if there was a breach of the company’s systems, your information would be safe.
The advantages of XChaCha20 encryption:
Most password managers rely on AES-256 encryption, which is a security standard. However, NordPass went with the XChaCha20 algorithm for encrypting and decrypting data for several reasons, including:
- It’s faster than AES-256 and around three times faster on platforms that don’t have AES hardware.
- It’s less susceptible to technical and human errors.
- It doesn’t require hardware support.
- Mobile platforms are gradually moving to XChaCha20, so it could be recognized on an even wider scale in the near future.
Extra security for greater peace of mind:
Accounts come with the option of two-factor authentication and biometric authentication (on mobile). There’s also an Autolock feature that lets you control how long you stay signed into the app. This is handy, for example, if you’re using NordPass on a shared device.
Extra security can have its downsides:
The fact that no one at NordPass can see any of your passwords is an extra layer of security. But this does mean that you need to remember your master password. NordPass will provide you with a recovery key, but if both of these are lost, you will lose access to your vault.
How to use NordPass
Many password managers provide access to password vaults via a web browser and mobile apps. NordPass works a bit differently: while it does offer mobile apps (for iOS and Android), it doesn’t allow users to access their vaults via a web browser. There is a “dashboard” available via the web, but this just lets you manage your Nord account subscriptions (for NordVPN, NordPass, and NordLocker).
Instead, desktop users must download a client (available for Windows, MacOS, and Linux) from which to manage their passwords. This may be a drawback for some users as it means you can’t simply log in on any device to look up your passwords.
Setting up NordPass desktop apps
Already have a NordVPN or NordLocker account? If so, you can use the same login for NordPass (although you’ll still need to create a master password).
If not, to sign up, you can go to My Account > Create a Nord Account on the website or click Create Nord Account when you launch the desktop client or mobile app.
The desktop downloads can be located in the Apps tab on the NordPass website.
On the Nord Account signup page, you’ll be prompted to enter your email address.
You’ll then be prompted to check your email inbox and activate your account.
Next, you can create your password for your account. Things get a little confusing as you’ll still need to create a master password for your NordPass account a bit later. This first password will be your password for your Nord Account which will give you access to the browser-based dashboard showing all three Nord products (although you’ll only be able to use those for which you have subscriptions).
Again, you don’t actually manage your passwords from within this dashboard. You’ll need to install the NordPass app to view your passwords. When you first launch an app, you’ll be asked to log into your Nord Account.
Then you’ll be prompted to create your master password. Bear in mind this will be your master password for all of the passwords NordPass is going to store for you. This means it needs to be very strong (comprise more than eight characters and include symbols and upper and lower case letters) and you need to remember it.
Next, you’ll be provided with a recovery key. This is provided in case you ever lose or forget your master password. If you lose your master password and your recovery key, you will not be able to access NordPass.
Adding NordPass browser extensions
NordPass provides plugins for:
Adding browser extensions makes it easy to save and autofill passwords.
Once you’ve saved your recovery code in the step above, you’ll be prompted to install browser extensions. Select an extension and you’ll be directed to the relevant store to complete the installation.
You can add browser extensions at any time by searching for NordPass in the relevant extension store or going to Settings > Browser Extensions within the app.
Installing NordPass mobile apps
To set up a NordPass mobile app, download, install, and log in to the relevant NordPass app for your device. To log in to the mobile app, you’ll need to use an email activation code each time.
There is no way to disable this requirement, but you can adjust the Autolock setting so that you stay logged in. However, if you’re on the free plan, you can only stay logged in to one device at a time.
Now you’re ready to start using NordPass’s features, which we’ll describe below.
NordPass features review
NordPass has plenty of features on offer, most of which will be attractive to the everyday user. There is some room for improvement, but overall this is an intuitive and practical tool that will no doubt make your life easier. Here’s a breakdown of some of the main features.
Once you’re signed in to your NordPass account, the first thing you’ll likely want to do is add passwords. You can add them one at a time or in bulk. There are a couple of ways to add a password.
- Manually: If you just want to add a set of credentials without logging into the account, you can go to the NordPass vault and add it manually. Log in to the desktop app and go to All Items > Add Item. In the mobile app, click + and select Login.
- Web browser: Within a web browser, make sure you have the appropriate NordPass extension installed and you’re logged in. Then, navigate to the login page for the account you want to add. Log into that account as normal. The NordPass extension will initiate a popup that asks if you want to add these credentials to your vault. Fill in any additional information required and hit Save.
Import and export passwords
Want to add passwords in bulk from another password manager? You can do this fairly easily with NordPass’s import option from desktop or Android.
In your desktop app, go to Settings > Import/Export and you’ll see a selection of password managers to choose from. You’ll see browser options there too, so if you’ve been using your browser’s built-in password manager, you can import from that.
Note you will need to download a CSV file from your other password manager to import your passwords. If you need help with this step, simply click Learn how to export CSV file for instructions that are tailored to the password manager you’ve selected.
Android users have the option to import passwords from a browser using their mobile device. In the Android NordPass app, go to Settings. In the Import section, select Import Logins. Now select the browser you’d like to import login information from and follow the directions provided.
Coming up with a new strong password for every account can be tough. Thankfully, similar to most other password managers, NordPass will generate random passwords for you. When generating passwords, you can adjust settings such as length and character types, so that you get the password strength you desire and adhere to any password rules put in place by the platform you’re using.
To generate a new password, make sure you’re logged in to your NordPass browser extension or app. Log in to the account for which you want to change the password. Navigate to the section where you change your password — depending on the platform, this may be in the main account section or in a separate password or security tab.
You should see a NordPass symbol in the New Password field. Click this and a new password will automatically generate. If you’re happy with it, select Use Password. If you want to adjust password settings, for example the length, click More options to see a selection of criteria.
When you’re setting up a brand new account with a platform, you’ll have the option to generate a password from the signup page.
Now that you’ve added passwords to your vault, this is where the real magic kicks in. Each time you visit the login page for a site for which you’ve stored credentials in your vault, NordPass will offer to fill in those credentials for you.
On the login page, in the username and password fields, you’ll see the NordPass symbol. Click on one of these and you should see one or more options for sets of credentials.
Click the one that corresponds to this account and NordPass will automatically fill the credentials for you. Now you can complete the login process (complete the reCAPTCHA if necessary and hit the login button) and you should be logged in successfully.
Another way to access an account is to go directly from the NordPass app or browser extension and launch the login page from there. When you added passwords earlier, NordPass remembered the URL for the platform login page. So when you click the Launch button next to an account, you’ll be taken straight there.
Note that on the mobile app, you have to enable autofill by going to Settings > Passwords and Accounts > Autofill Passwords and selecting NordPass.
One issue here was that we found the NordPass app worked with some mobile apps, but not all. For example, it worked with the Twitter app but not the Netflix app. That said, we are able to use it for Netflix within a mobile web browser.
Password strength checker
Wondering if an existing password is strong enough? NordPass has a built-in password strength checker that will let you know if your password measures up. For existing passwords, view your login details within the app and the password strength will be indicated by a colored bar beneath the password. Red is weak, orange is okay, and green is strong.
The strength of new passwords will be automatically indicated when you generate them.
If you want more information about your password strength, you can use NordPass’s online password strength checker tool. This will tell you the strength of your password, an estimated time for how long it will take to crack, and how many times it’s been exposed in a data breach. You can also use Comparitech’s own password strength test.
Setting up 2FA
Two-Factor Authentication (2FA) can add an extra layer of security to your account by requiring that you perform an additional step each time you log in. It is recommended to use 2FA so that you prevent unauthorized users from accessing your account and the sensitive information you have on there. 2FA will prevent hackers gaining this information even if they know the password to your NordPass account (assuming they don’t also have your mobile phone and know the passcode for that).
How to enable 2FA on NordPass:
To enable 2FA on the desktop apps, you’ll need a third-party mobile app such as Authy or Google Authenticator.
In the desktop app, go to Settings, scroll down to Two-Factor Authentication, and click Enable. You’ll be prompted to enter your master password and then hit Continue.
Now you’ll be issued a QR code and secret key. You can scan the code using your mobile authenticator app or manually enter the key into your app.
Then click Continue. You’ll be prompted to enter the six-digit time-sensitive code produced by your authenticator app.
If you’re enabling 2FA in the mobile app, instead of being issued a QR code, you’ll just be prompted to select Open Authenticator App. Then an Add token popup will appear. Select Yes.
Then you’re all done. Each time you log into a NordPass app, you’ll need to enter a code from your mobile authenticator app.
Note that if you enable this feature on desktop, it will also be enabled on mobile. This might seem like overkill though as the mobile app already has an additional step (the email verification code) by default. So now you have three steps to complete (an email code, an authenticator app code, and the master password) to log into your mobile app.
Setting up biometric authentication
To use biometric authentication on the mobile app, you need to have already set up fingerprint or other biometric recognition within your device settings. To enable biometric authentication, go to Settings and toggle Unlock with Biometrics to the on (green) position. You’ll be prompted to enter your master password.
Now you’ll be able to use a biometric method of authentication instead of entering your master password.
Other features: Encrypted notes, credit cards, and more
NordPass comes with several other features to help you secure your accounts. Here’s a little more explanation about the ones you’re most likely to benefit from:
- Secure notes: This feature allows you to store information in an encrypted format. Its main purpose is to jot down related information that doesn’t fall into the realm of straightforward credentials for auto-filling. For example, you could use it to store wifi passwords, security question answers or prompts, or alarm codes.
- Credit cards: Find it a pain to enter your credit card information for every purchase? You can store your card details so that they’re auto-filled on sites where you need to enter payment information. It sounds unsafe, but browsers already offer this service, and so do many websites. A breach of any one of these could expose your data. Storing your details in a password manager is probably far safer than in a whole bunch of sites with questionable security measures.
- Shared items: This is a premium feature that allows you to securely share logins, secure notes, or credit card details with another user. You can share information with anyone in your “Trusted Contacts” list. To add a new trusted contact, go to Settings > Advanced.
- OCR scanning: This is a neat tool in the mobile app that enables you to scan text, for example, bank card details or a wifi password, without having to enter anything. This is particularly handy if you don’t want to store your credit card details within the vault or have to deal with entering them each time you want to make an online purchase.
- Offline access: Another perk of the mobile app is that NordPass will work even when you don’t have internet access.
Should you use NordPass?
The advantages of NordPass
NordPass is a secure password manager that will certainly make your life easier. It comes with all the basic necessities including strong security features and the ability to generate, save, and autofill passwords on desktop and mobile. It also packs some handy add-ons such as secure notes, credit card detail storage, and secure sharing.
The NordPass free tier is very functional, the major downside being that you can only use it on one device at a time. That said, the premium plan is very reasonably priced and is recommended if you tend to switch between devices frequently.
A few downsides
This password manager does have a few downsides, but the importance of these will depend on the individual user:
- The mobile app is a little cumbersome to use as it forces an email verification step that can’t be disabled. To make things more complex, if you want to use 2FA on desktop, you’ll have to deal with a three-step verification process on mobile. While this is good for security, it’s a negative in terms of usability.
- One more issue with the mobile app is that it doesn’t always work with other apps. While it does seem to work reliably within browsers, this could be frustrating for some users who use apps that require frequent logins, such as banking apps and cryptocurrency wallets.
- Another logistical aspect that may be a problem for some users is the lack of browser access to the password vault. Passwords can only be accessed on a device on which a native NordPass app is installed. This doesn’t work in some instances, for example, when borrowing a device from a friend or using a school computer.
NordPass has the potential to be a great product but it could use some fine-tuning. If you’re mainly looking for a password manager to use on your phone or tablet, some of the nuances in the mobile apps could be a turnoff. However, if you’re primarily a desktop user, NordPass is far more palatable and will serve you well as a practical and secure password manager.
Password manager alternatives
If any of the disadvantages of NordPass make you want to try out an alternative, there are many options available. Some password manager we’d also highly recommend checking out include:
What else can you do to protect your security?
A password manager like NordPass should always be one component of a much more comprehensive security strategy. You can take other steps to protect your security, by using the following tools:
Methodology: How we tested NordPass
Testing NordPass involved a first-hand, direct approach. We didn’t rely on other tests of this provider. We used it for ourselves to see what the experience was like. This meant using the different features of the password manager, as well as seeing how this provider compared and contrasted with others we have previously tested. Our tests basically centered on three areas: features, effectiveness, and trustworthiness. Let’s describe how we explored these in turn.
When we used NordPass, we looked at how many features were included in each of the available packages, including the free version. We underscored the crucial features that came with each package, as well as those that were missing and which we thought should’ve been included. We also pointed out any extra features that might be useful from a security or usability standpoint, or which could be seen as a nice bonus.
The cost-effectiveness of NordPass was also part of this analysis. This meant deciding whether the benefits and downsides were reasonable in terms of what you would pay.
We judged the effectiveness of NordPass in various ways. We tried to see how effective this provider was from a security point of view. This meant making sure that NordPass had a strong encryption algorithm in place, as well as checking for features like 2FA and biometric authentication. We also spent time using the main features of NordPass, so we could honestly inform you if these delivered the promised results, as well as how easy they were to use.
Lastly, we decided whether or not we thought NordPass was generally a trustworthy provider. This involved seeing how transparent the provider was about how its pricing plans worked, as well as how reliable and helpful their customer support was.
Here is a full description of our testing methodology for password managers.