It's a very new service, but NordVPN already runs just about everywhere, with iOS and Android apps, and browser addons available for Chrome, Firefox, Opera and Edge. (The Support site has setup guides for Brave and Vivaldi, too, and the company tells us desktop versions are in the works.)
Whatever platform you're using, NordPass gives you all the core functions you'd expect.
It can generate strong passwords, save them as they're entered and automatically fill login forms as required.
Credentials are encrypted on your device (using XChaCha20 encryption, with Argon2 for key derivation, if you're interested), and accessible only via the master password. Even NordVPN has no way to see your passwords.
Optional two-factor authentication helps keep your precious logins safe from attack.
You can synchronize all your passwords across up to six devices with one account.
NordPass isn't just about passwords. It can also securely store private notes, as well as save credit card details and automatically enter them into web forms.
There's no option to manage and autofill names, email and physical addresses. Apparently this is coming soon, but until it arrives you'll be completing most delivery and other forms yourself.
A free version gives you all NordPass core features, but limits you to a single active device only. You can install NordPass on your phone, PC, laptop and more, up to six devices, and sync between them, but if you log in from one device, you'll be logged out from all the others.
It's good to see there's no restriction on the number of passwords you can manage, though. Dashlane's free build limits you to 50, but NordPass can handle as many logins as you need.
The commercial edition is priced at $5 billed monthly, dropping to an equivalent $3 on the annual plan, or $2.50 over two years.
Installing the free NordPass gets you the option to run a 7-day trial, whenever you've time to check it out. There are no complications and you don't have to hand over your payment details; you just get to try out the full service for a week, and if you don't sign up, it falls back to the one-active-session-only free edition.
This is a fair deal, but you can get more features elsewhere.
For example, Dashlane Premium has more form-filling support (names, emails, addresses), can sync across unlimited devices, raises alerts if your credentials are found online in a data breach, can help automatically change passwords for some services, and even includes basic VPN access. But it's only marginally more expensive than NordPass at $3.33 a month on the annual plan.
Or, if you're looking for a bargain, check out the open-source Bitwarden. The free version syncs across unlimited apps, and the Premium edition adds more secure login options (YubiKey, FIDO U2F, & Duo), Password hygiene & vault health reports and 1GB of encrypted storage for just $10 a year.
The NordPass website does its best to persuade you to buy the service, but if you'd like to check it out first, download the free version from this page.
The setup process began with us handing over and verifying our email address. We were directed to a page on the NordPass website and prompted to install the appropriate extension for our browser (Chrome, Firefox, Opera and Edge are supported.)
Windows, Mac and Linux users are also asked to install the NordPass 'background app.' The website says this is required for encryption, but doesn't provide many other details.
We took a look, and found this isn't a separate app, or anything with an interface. It's just a separate executable which works as a helper app for the browser extension, apparently handling communications with NordPass servers and other very fundamental tasks.
It's a minor nuisance that it has to be installed, but from what we can see, it doesn't otherwise cause any hassles or use any significant system resources. And the background apps may not be an issue for long, anyway, as NordVPN tells us they'll soon be replaced by full desktop apps.
After choosing and confirming our master password, NordPass gave us a 'recovery code', which we could use to access our vault if we ever forgot the password.
Recovery code saved, we moved on to the rest of the package.
The NordPass management interface is plain, but straightforward and functional. A left-hand sidebar has links for the various types of data you can store in your vault (logins, secure notes, credit cards, more), and you can click to browse these, or type a domain name in the Search box to jump straight to that record.
You won't have anything to look at just yet, of course, but fortunately the NordPass Import option can import data from a range of browsers and other password managers: 1Password, BitWarden, Chrome, Dashlane, Firefox, KeePass, KeePassX, Keeper, LastPass, Opera, Remembear, RoboForm and TrueKey.
If that's not enough, an 'Other' option enables importing data from a generic CSV. This works, though only in the most basic of ways. The service won't try to figure out which fields represent what data types, and there's no way to open your CSV and point NordPass in the right direction. Instead, the 'Import from Other' option simply assumes your file follows a specific format - 'Site name, URL, Username, Password' - and if it doesn't, it simply won't work.
There is at least plenty of support to help you through the import process, including step-by-step guidance on how to export credentials from each of the supported browsers and password managers. They're brief, but get straight to the point, and worked well for us (check out the Dashlane advice here).
NordPass imports everything in the file, by default, but you're able to select or deselect particular logins if necessary.
We tried importing the contents of our Dashlane vault, and NordPass read our logins, secure notes and credit cards quickly and without difficulty.
Saving and auto filling passwords
Visit any login page in your browser and NordPass displays a tiny icon on the right-hand side of each text box.
Submit your credentials as usual and NordPass asks if you'd like to save them in its vault. You can agree with a click, or choose to add the site to a blacklist, ensuring you won't be prompted again.
(If you don't have a secure password yet, you can create one via NordPass built-in Password Generator. You're able to define the password length and whether you want to include digits, symbols, upper- or lower-case letters, then generate a password and copy it to the clipboard in a couple of clicks.)
When you next visit, clicking the NordPass icon displays a dropdown list of any usernames associated with the website (the service supports as many accounts as you need.) Tap the username you need, NordPass inserts your username and password in the form and you can log in with a click.
Some password managers display a floating window of usernames as soon as you access a URL with stored credentials, and might automatically log you in as soon as you choose an account, saving you one or two clicks overall. But NordPass handles the basics well enough, and some might prefer its simple, stripped-back approach.
NordPass can also save the key details of credit cards - cardholder name, card number, expiration date, CVV/CVC (the three digits on the back) - but it doesn't do much to help you enter them.
Sometimes, when NordPass thinks it's spotted a form field asking for a card number, it displays its small icon to the right of the box. But it didn't always detect card number fields during our tests.
When it works, tapping the icon displays the saved details, but it won't automatically enter them. You must tap a Copy button to copy each field to the clipboard, then manually paste it into the right box.
This looks a little underpowered, at least right now. Top competitors like Dashlane can automatically enter logins, credit card details, names, email addresses, physical addresses, your date of birth and more. NordPass tells us it'll be adding similar features in early 2020, but until that happens it's not going to save you very much form-filling time.
While you'll mostly access your NordPass credentials from the drop-down list until its address bar icon, the service can also display them in a slightly more capable full-screen form.
This enables listing your items by type - logins, notes, credit cards - which can make them a little easier to navigate. There are no other ways to organize data, though, such as by grouping logins into folders or categories. If you have a lot of passwords, that could make them more difficult to manage.
Individual logins can be viewed and edited, but with very few options, little more than the ability to edit the key fields (title, username, password, URL) or add a note.
There are no ways to customize the login, as we'll often see elsewhere. You can't define whether a login to a URL like accounts.company.com applies to all subdomains, or just accounts; you're not able to decide whether you're logged in automatically, or not; you can't protect particularly sensitive URLs by also prompting for the master password.
Although NordPass is strict about devices, limiting you to syncing across a maximum of six, there's no way to view or manage your devices from the extension.
What you do get is support for two-factor authentication, which requires you to log in with both your master password and a 6-digit authentication code sent to you via email (there's a description of how this works on the NordPass site).
That won't be necessary for everyone, but when you're protecting something as valuable as your website credentials, it's great to have the option available.
NordPass handles the password management basics well enough, but not a lot else, and you can get much more password-managing power elsewhere. That's no surprise for a new service, though, and with the NordVPN team behind it, it'll be interesting to see how it develops.
- We've also highlighted the best password manager