Few people can remember strong and varied passwords for each of their online accounts. That's fine because password managers such as NordPass are readily available. NordPass, from the team behind NordVPN, is a streamlined, easy-to-use service for securely accessing your passwords via desktop and mobile apps or on the web. It has added some notable features over time, including a Data Breach Scanner, password health report, web vault, and a password inheritance option. However, NordPass is pricey and its free version is not as usable as competitors'.
How Much Does NordPass Cost?
NordPass comes in a free version and a paid Premium version ($4.99 per month). The free version does not allow you to access your passwords on multiple devices at the same time nor can you use it to share items from your vault. Myki, our top free password manager, includes both features. NordPass does not limit how many passwords you can save, though, which is a plus.
You Can Trust Our Reviews
NordPass Premium gets rid of the free version's limitations, letting you access passwords on up to six devices and share items. This tier also unlocks access to the Data Breach Scanner and Password Health features.
NordPass' monthly price is high compared with other services' costs. You can get a discount by paying for one or two years of service in advance, but doing so doesn't lock you into the discounted rate after that. The renewal price is subject to change. So even though you may be tempted by the savings, we recommend starting with the monthly plan to make sure NordPass works for you—or at least sign up for the free 30-day trial.
For comparison, LastPass Premium costs $36 per year, and Keeper charges $34.99 per year. Dashlane offers a feature-limited edition that starts at $35.88 per year, and its $59.99-per-year plan includes a VPN. Bitwarden Premium costs just $10 per year. You can, at the time of this writing, get NordPass and NordVPN on a two-year deal for $135.83 (effectively about $5.66 per month).
Getting Started
NordPass offers browser extensions for Chrome, Edge, Firefox, and Safari. It has mobile apps for Android and iOS, as well as desktop clients for Windows, macOS, and Linux systems. You can also access your passwords from a new web vault.
To sign up for the free version of NordPass, you need to first provide an email address, confirm it via a six-digit code NordPass sends you, and then set a password. After that, you download the extension for the browser of your choice. We tested NordPass on the Edge browser, a Windows 10 laptop, and an Android 11 device.
To finish setting up NordPass, you need to sign in to the extension and create a master password for your account. The master password is different than your account password. The master password functions as the decryption key for your password vault, while the account password is used for account logins.
Make sure your master password is both unique and complex. If anyone gets ahold of your master password, all the account credentials stored in your vault will be compromised. At the same time, your master password should be memorable, as NordPass does not store it and cannot help you recover it specifically. NordPass does provide a single recovery code you can use to regain access to your account though, so make sure to copy it down too. If you forget your master password and lose your recovery code, your only option is to reset your NordPass account, a process that deletes everything from your password vault. This is the standard way of handling master passwords for any no-knowledge service. Keeper Password Manager & Digital Vault does allow you to reset your password in a secure way, which is helpful.
When you sign in for the first time, NordPass takes you to a screen for importing passwords from browsers such as Chrome, Opera, and Firefox, or from other password managers such as LastPass, 1Password, KeePass, RememBear, and RoboForm. Importing a CSV file is another option. You can also export your passwords to a CSV file at any point. NordPass can automatically import passwords from Chrome or Firefox during setup.
Security
Since you store passwords for sensitive accounts in a password manager, the security practices and privacy policies of the service you choose are paramount. With NordPass, your passwords are encrypted on your device locally using xChaCha20, before being sent to NordPass' servers. A company representative noted NordPass uses “Amazon Web Services as our cloud provider with our own key management solution for hardware encryption.”
When you need to access your passwords, the encrypted data syncs back to your device, at which point you need to decrypt it with your master password. As mentioned, NordPass says it employs a zero-knowledge infrastructure, which is to say the company never knows your master password and thus can never decrypt your data. Although this means you have few recovery options, it also means even a data breach won't risk exposing your information.
NordPass Business underwent an audit by security firm Cure53. A security audit, in this context, is an optional process where one companies hires an independent third party to look for vulnerabilities in its code and procedures. The idea is the company will use that information to help strength its security. You can read NordPass's summary of the results on its blog. Bitwarden has been audited several times, as well. More password managers should commit to regular audits.
NordPass supports biometric authentication on macOS, mobile devices, and Windows in lieu of your master password, which is convenient. It currently works with face and fingerprint recognition on your devices. Keep in mind there are some real risks to facial recognition software.
NordPass supports TOTP-based multi-factor authentication via authenticator app for protecting your account. NordPass also supports authentication via FIDO-certified U2F security keys, such as those from YubiKey's 5 series. To set up this security option, log in to your Nord Account and head to the Account Security section. 1Password, LastPass Premium, Bitwarden, and Keeper all support hardware-based authentication keys, too. You cannot use NordPass to generate TOTP codes for other apps and services. Keeper Password includes this functionality.
NordPass Desktop App and Web Experience
NordPass' desktop app and web extension are attractive, with a gray and white color scheme and a simple navigation menu on the left side. Item categories for your vault include Logins, Secure Notes, Credit Cards, Personal Info, Shared Items, Trash, and Settings. There's also a search bar in the upper left part of the screen as well as a button for locking the app at the bottom left. Aside from being able to import passwords and set up multi-factor authentication in the Settings, you can view account information, upgrade your plan, change your master password, change the interface's autolock settings, and reset your recovery code. That last feature could be vital if you lose your master password and are locked out of your account on every other platform.
In the Logins section, you get the same sparse layout of login items as well as an Add Login button in the upper left corner. One nice touch is that NordPass populates icons for all the services in your vault. NordPass has added the ability to organize passwords into folders. Folders appear in their own section and can contain any item type NordPass supports. 1Password goes one step further with the ability to create separate vaults of items. For instance, with 1Password, you could create separate vaults for personal and work items.
Adding a login is easy—just fill out a name for the item, email or username, password, and associated website URL. You cannot create a login without a URL, however, nor can you add multiple URLs to one login item, which could be useful if the login URL for a service's app and website are different. Notes are an optional field. When you enter your password, NordPass judges its strength on a scale of weak, moderate, and strong. NordPass rightfully rated egregious passwords such as “password,” “qwerty,” and “123456” as weak. It did list “Administrator” as moderate, as well as “Administrator1” as strong.
The random password generator feature is available via the desktop app and browser extension, and it works as expected. You can set a password length up to 60 characters (the default is 12), choose whether to include capital and lowercase letters, digits, symbols and avoid ambiguous characters (for example 0 and O). As you won't actually be typing any of these passwords, we recommend keeping all four character sets enabled. You can choose to either copy the password or generate a new one. Password Boss (20 characters) and Myki (32 characters) default to longer and therefore less easily cracked passwords lengths. You can also generate unique passphrases. NordPass defaults to a length of four words.
The Secure Notes section lets you create memos with titles and body text, but there's no support for attachments or links. However, all NordPass subscribers can get 3GB of free cloud storage via NordLocker. Services such as Keeper Password Manager & Digital Vault and Kaspersky Password Manager integrate secure storage space for relevant files.
The Credit Cards section lets you add payment options the app will autofill on the web, but, strangely, you can't add a billing address. NordPass offers the ability to create multiple identities and you can use these fields to fill personal details in online forms. The included fields are also only basic (such as an address, phone number, and city). In testing, it worked as advertised. On a checkout page, the NordPass icon appeared in the fields for which we had Personal Info information filled out. All we had to do was click on the button and then the correct entry. If you have multiple Personal Info entries, you choose the correct one from a drop-down menu.
Other password managers, such as RoboForm and Sticky Password include many more fields and even allow you to add custom ones. We'd like NordPass to add fields for passports, driver's licenses, and insurance cards, to name a few examples.
The Trash section is self-explanatory. Items you delete move here and then you can choose to get rid of things permanently.
One option specific to the desktop app is the ability to start NordPass automatically with your computer, which is enabled by default. Note that you still need to sign in to NordPass with your master password when it starts. This is the preferred behavior since otherwise, anyone who can get past your computer login could also access all your passwords. Other password managers' desktop apps offer additional features. For example, Keeper Password Manager's desktop app lets you capture and replay logins for local desktop apps.
NordPass also offers an encrypted web vault, which means you can securely access all your vault items from any browser. The web interface resembles that of the desktop app and includes all the same tools. In testing, we had no trouble accessing and using the web vault in Firefox. Note to use autofill and autosave features on the web, you still need to install the NordPass desktop app. You also can't access the web vault on mobile devices.
Using NordPass
When you encounter login fields on the web, NordPass populates both the username and password fields with an icon. If you visit a site for which you have credentials saved, a pop-up appears with an option to log in with the relevant account when you click into a field. Alternatively, you can click the NordPass extension in your browser's toolbar to see and select credentials from a suggested items list. If you don't have a saved login, simply enter your credentials as you normally would. After you submit them, NordPass asks if you want to save those credentials. In our testing, NordPass filled and saved credentials without issue, including Google's and Eventbrite's two-page login screens.
Password Health and Data Breach Scanner
NordPass has two important security features: an actionable password health report and a Data Breach Scanner. You need to be a subscriber to the Premium plan to use them.
The Password Health feature scans each of your saved passwords and alerts you if any are weak, reused, or old (meaning they have not been changed in more than 90 days). If it finds any offenders, you can click the Change Password button to navigate to that item in your vault. Don't change the password directly in NordPass; follow the link to the associated website in the notification that pops up and let NordPass capture the new one the next time you log in.
The Data Breach scanner scans the web and lets you know if any of your accounts or saved credit cards have appeared in any data breaches. If it finds any instances, NordPass tells you the site, the date of the breach, what type of information is affected (such as password, name, employer, and phone number), as well as a description of the site.
These tools are excellent inclusions and simple to understand. Note that they don't run continuously. You have to manually run them each time. Dashlane, Keeper, and LastPass all offer similar capabilities.
Sharing and Inheritance
To share an item, mouse over it, click the three-dot menu on the right, and select Share. Then enter a recipient's email and hit Share Item. Anyone can sign up for an account to access items shared with them, but only Premium users can share items. NordPass now lets you share multiple items at a time, including folders. Another change is that you can change the permission levels for shared items. The Full Access option allows the recipient to see and edit all the information related to an item, while the Limited Access option doesn't allow them to see or edit an entry's sensitive information.
NordPass has a feature called Trusted Contacts for paid subscribers. Essentially, this feature helps you manually exchange and confirm an encrypted message with a contact. In theory, this reduces the chance of a man-in-the-middle attack. You can set up trusted contacts under the advanced section of the settings tab on the web or desktop apps. While it might be useful for some, this process seems overly complex, and we don't see it as a reason to upgrade from the free tier.
NordPass offers a password inheritance feature, allowing authorized family members or friends access to a password vault. The authorized users can request access without needing to know the master password in the event of an emergency or your death. LogMeOnce, Zoho Vault, and RoboForm are some competitors that also offer digital legacy features.
NordPass on Mobile
We installed NordPass on an Android 11 device and had no issues logging in to our account. Remember that free users cannot access their passwords on more than one device at the same time. So, for example, if you're logged in to the web extension and then try to sign in on mobile, NordPass will log you out of your desktop browser session. This behavior may seem inconvenient, but it's better than other services that simply won't sync your passwords to a second device at all.
NordPass' Android app is basic but attractive. In the middle of the screen, NordPass lists all your vault items. At the bottom of the page, there's a plus button for adding new logins, notes, credit cards, personal info, and folders. The bottom navigation menu allows you to switch between the home page, all item categories, and the app settings. Notably, the Data Breach Scanner, password generator, and Password Health tools are available on mobile. NordPass does support biometric mobile logins and we were able to authenticate with a fingerprint without issue.
NordPass can now launch apps associated with saved login items in addition to the service's website. NordPass can also autofill fields in apps without issue. You can also scan credit cards to import them into your vault.
NordPass for Business
NordPass Business focuses on password hygiene in its suite of tools for businesses. The administrator panel features a Password Health reporting dashboard, much like Dashlane. The reporting dashboard reveals which employees have weak, reused, or old passwords in their vaults.
There’s also a Data Breach Scanner, which allows you to scan for leaked company data and determine if your company’s information showed up in a data breach. The admin panel includes an Activity Log, so you can see what your employees are up to in the password manager in real time.
Administrators can set a Password Policy for employees. We recommend a minimum of 20 characters for passwords and including uppercase letters, digits, and special characters. Administrators can also determine the time frame in which a password should change, ranging from 30 to 180 days.
Each employee has access to a vault, and they can share credentials with other employees or outsiders who download the NordPass app. Employees can control access to their credentials by granting full rights to the password, which allows the recipient to see and edit it, or they can grant Limited rights, which does not allow the recipient to view or edit the password. Administrators can prevent employees from sharing passwords and other items with outsiders by visiting the Settings menu and toggling the Guest Sharing function.
NordPass Business also has a Groups feature to share many passwords at once with different departments or teams. We don’t recommend sharing credentials with a lot of people, but if you’re going to do it, sharing via a password manager is the safest way.
As with competitors such as Dashlane and Zoho Vault, NordPass Business supports single sign-on. There’s also an Automatic Lock function administrators can use to lock inactive or potentially vulnerable vaults. Vaults can lock after one minute, five minutes, 15 minutes, one hour, four hours, one day, one week, or never. Organization owners can also restore any account within their business, even if the employee no longer has the recovery codes and master password.
Each business account includes a free account for every employee. If an admin needs to remove someone from the organization, they can delete the user in the Members section of the Admin panel, and that person will permanently lose access to the company’s vault. If an admin wants to suspend access to the organization’s vault temporarily, they can click the three dots next to a person’s name, and tap Suspend.
Progress and Improvements
NordPass is an easy-to-use password manager with attractive web, desktop, and mobile apps, and it offers security features such as a Data Breach Scanner, an actionable password health report, and support for hardware key-based authentication. However, several other free password managers are less restrictive.
If you plan to pay for your password manager, Editors' Choice picks Dashlane, LastPass, and Keeper Password Manager & Digital Vault are your best options because they offer more advanced features at the same or lower price. For those looking for a free password manager, we recommend Editors' Choice winners, Myki and Bitwarden, which have fewer limitations.
Like What You're Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba