-SOURCE-Nordpass-(cropped).jpg "Review: NordPass Password Manager")
Folders do the job, but for someone like me with hundreds of entries, I hoped for more on this front. On the plus side, NordPass’s narrow organization options mean you can easily see different categories and folders in the browser extension. With the dense organization features of a service like 1Password or Proton Pass, you have to open the web app to get a grip on things.
NordPass offers desktop apps for Windows, Linux, and macOS, as well as mobile versions on Android and iOS. But you’ll probably just want to use the browser extension, at least on desktop, which is available on Chrome, Firefox, Safari, Edge, and Brave.
In Chrome, NordPass works a treat. I didn’t have any issues with autofill, and the extension didn’t throw up false negatives on fields it should fill. The only place where NordPass stumbled was in dropdowns. With credit card autofill, NordPass filled text fields without any issues, but it usually missed drop-downs for the expiration date. The same was true for some address fields, though I didn’t run into that issue as often.
You have a lot of control over how autofill works in your browser. NordPass shows up automatically in fields, but you can change the autofill behavior to only show up when you select or hover over a field. There’s also subdomain matching and auto login available, both of which you can disable, along with a list of disabled websites if you want to permanently remove autofill.
On mobile, NordPass works just as well for autofill. You always need some level of tolerance for jank with autofill in mobile browsers, but NordPass didn’t throw up any major red flags during testing. It worked well in applications, and although some fields failed to autofill in Chrome, that’s true of all mobile password managers.
A Unique Cipher
NordPass heavily markets its use of the xChaCha20 cipher for encryption, which helps it stand out among a sea of password managers that largely use AES-256. Both are symmetric ciphers, using a 256-bit key for both encryption and decryption. From that standpoint, they’re equal. xChaCha 20 is at least as secure as AES-256.
However, there’s an argument that xChaCha20 is more secure due to its better safety margins, and there are two reasons for that. First, xChaCha20 is easier to implement, leaving less room for error when it comes to key management. More importantly, in a 2019 paper, Swiss cryptographer Jean-Philippe Aumasson suggested xChaCha20 needed fewer encryption rounds than AES-256 to be secure.
