NordPass Review: An Almost Flawless Password Manager
-SOURCE-Nordpass-(cropped).jpg?w=780&resize=780,470&ssl=1 "NordPass Review: An Almost Flawless Password Manager")
The folders do the trick, but for someone like me with hundreds of entries, I was hoping to learn more on this front. On the plus side, NordPass’s tight organization options mean you can easily see different categories and folders within the browser extension. With the dense organization features of a service like 1Password or Proton Pass, you have to open the web app to be in control.
NordPass offers desktop apps for Windows, Linux and macOS, as well as mobile versions on Android and iOS. But you’ll probably just want to use the browser extension, at least on desktop, available on Chrome, Firefox, Safari, Edge, and Brave.
In Chrome, NordPass works wonderfully. I had no issues with autofill and the extension didn’t generate false negatives in fields it should populate. The only place NordPass stumbled was in the drop-down lists. With credit card autofill, NordPass filled the text fields without any problems, but it generally missed the drop-down boxes for the expiration date. The same was true for some address fields, although I didn’t encounter this problem as often.
You have a lot of control over how autofill works in your browser. NordPass automatically appears in fields, but you can change the autofill behavior so that it only appears when you select or hover over a field. There is also subdomain matching and autologin available, both of which you can turn off, as well as a list of disabled websites if you want to remove autofill permanently.
On mobile, NordPass works just as well for autofill. You still need a certain level of spam tolerance with autofill in mobile browsers, but NordPass didn’t raise any major red flags in testing. This worked well in apps, and while some fields failed to autofill in Chrome, this is true for all mobile password managers.
A single digit
NordPass widely markets its use of xChaCha20 for encryption, making it stand out among a sea of password managers that largely use AES-256. Both are symmetric ciphers, using a 256-bit key for encryption and decryption. From this point of view, they are equal. xChaCha 20 is at least as secure as AES-256.
However, there is an argument that xChaCha20 is more secure due to its better safety margins, for two reasons. First, xChaCha20 is easier to implement, leaving less room for error when it comes to key management. More importantly, in a 2019 paper, Swiss cryptographer Jean-Philippe Aumasson suggested that xChaCha20 required fewer encryption cycles than AES-256 to be secure.
