NordVPN launches NordPass password manager — what can we tell from early access?
NordVPN has been providing cyber security services for seven years, and they are rightly considered one of the market leaders. Their VPN serves more than 12 million users worldwide, has thousands of servers around the globe and a reliable reputation.
A couple of days ago they announced new service, a password manager called NordPass. It’s still in early access, but users can register and receive bonuses for trying it out in this stage of development. I consider password managers to be a comfortable and secure way to organize one’s online credentials and decided to try it out. This is what I found out.
What do we know of NordPass so far?
I signed to their early access offer and found three products in one. First of all, NordPass is a password manager that stores your credentials in an online encrypted vault. It supports auto-fill function, saving some time you would spend remembering and typing the passwords, thus enhancing your browsing experience. It uses AES-256-CBC encryption, the same that is used by the US government, so it’s a top-notch security standard.
Second, you get a password generator.
You can choose the length of the password (which is up to 60 symbols), and options to include/exclude lower and upper case letters, digits, symbols, and ambiguous characters. It’s a comfortable and straightforward way to generate strong passwords. Furthermore, there’s a password strength checker that evaluates the complexity of your password and returns one of the three values: weak, moderate, and strong.
The third service is worth a closer look because it’s seldom seen in other password managers. Using NordPass you can check whether your password has been leaked.
So far, the most popular way to do that is to visit www.haveibeenpwned.com and check your email/password for leaks. NordPass will have their database of known leaks and will alert you how many times your password has been exposed. Is their database better than haveibeenpwned remains to be seen, but the fact that cyber security experts develop it is promising.
Why do you need a password manager?
Weak passwords are an ongoing issue and one of the main reasons why hackers are still profiting from careless netizens. According to the study carried out by the UK’s National Cyber Security Centre, most popular passwords are…”123456" and “password.” Another issue is that people use same password for different accounts, making it easier for hackers to gain access to confidential information.
Then there are numerous data-leaks. Cyber security experts were shocked to find a massive file for sale on Dark Web that contains 2.2 billions of leaked usernames and passwords. All the hackers have to do is buy it, get some additional software and execute credential stuffing attack. It’s a relatively new hacking method that exploits data-leaks and the fact that people use same simple passwords for different accounts.
A password manager is your first line of defense against credential stuffing. First of all, you don’t need to remember each and every one of your passwords, because they are stored in a secure password vault. That means you don’t have to use simple and easily remembered passwords anymore. You can create a long password with lower and upper case letters, numbers, and symbols, which is much harder to crack than “123456”.
How much will it cost?
It will be a paid service, but the exact price is not announced. However, early participators are divided into three categories that will receive bonuses for participation.
The first one thousand registered users will get to use NordPass premium for free for one year, which means that there will be at least two pricing plans: standard and premium.
The next four thousand registered users will receive exclusive discounts for the product.
And the remaining fifteen thousand users will have the privilege to participate in the early access and try out the emerging product for free.
There are only few things that I didn’t like. First, password leak checker is inbuilt into password strength checker, and that might be a bit confusing. In my opinion, these two services should be separated.
Second, there’s little information about the vault management. Most likely the vault will be cloud-based, but what about encryption and decryption? Will decryption execute on local device-level, as LastPass does? There’s also no information about browser extension support.
However, they are open about the product being in an early access stage, and I’m sure all this information will be revealed before the official release. Password leak checker hints towards an innovative approach towards password management, and I would expect nothing else from NordVPN brand. They climbed the cyber security ladder by thinking outside the box, and now they’re going to test their steel in the password management market.