Joshua Frisby
Summary
Below is a quick snapshot of our review. If you want to dive straight into the
6 things you need to know before using Norton Password Manager, scroll down a bit further.
500,000+ users trust Norton Password Manager.
3.2 out of 5 star rating based on 980+ customer reviews.
6 Things You Need to Know Before You Use Norton Password Manager.
Click on the icons below to discover more about Norton Password Manager and read our expert opinion.
1) Security
Norton has not published the details of their security model in a white paper and so, it is difficult to fully assess the effectiveness of it. However, I dug deep and this is what I found:
- The content of your private vault is wrapped in end-to-end encryption, meaning your passwords and other sensitive data are transformed into streams of random code from within your vault and then stored on Norton’s cloud servers.
- As your encrypted data passes from Norton’s servers to your device, its protected by TLS (Transport Layer Security) which can be compared to the same way that bubble wrap protects a fragile package as it is being transported.
- As a result of the encryption, Norton never sees your unencrypted credentials.
- Only you can decrypt your credentials by unlocking your vault using your master password.
It was all looking good up to this point but I then found out that there is no two-factor authentication, meaning that if a hacker managed to uncover your username and master password they would be able to unlock and decrypt your vault. There is no additional layer of security that they need to pass to gain access.
End-to-End Encryption & Master Password
The security features that are employed to protect passwords are very similar to the technology that other password managers use. You can store your confidential data in a secure vault that is encrypted using a 256-bit cipher (equivalent to military-grade encryption).
Thanks to the encryption of all the data stored in your vault, Norton never sees your unencrypted credentials. Instead, they see streams of randomly generated code. Only you can decrypt your data by unlocking your private vault with your master password.
If you lose your master password, the data stored in your secure vault will be lost too. There is no way to recover or reset a master password without erasing the contents of your vault unless you have biometric access set up on your mobile device. Your fingerprint or Face ID becomes your master password and therefore, gives you the opportunity to reset your password if you forget it. This is a major downfall if your device doesn’t support biometric authentication. Other password managers, like LastPass, offer SMS recovery where a verification code will be sent to your phone to reset your master password and regain access to all of your stored items.
Transport Layer Security (TLS)
Data synchronization is key to effective password management since you need to be able to access all of your passwords across your devices.
In the case of Norton, the passwords stored in your vault are synchronized via a TLS connection. TLS refers to “transport layer security” which, in simple terms, can be compared to bubble wrap. TLS protects your data against hackers as it travels from Norton’s cloud servers across the internet to your vault in the same way that bubble wrap protects a fragile package as it is being transported.
Two-Factor Authentication is Absent
Two-factor authentication is widely used across the web to grant rightful access to online accounts. It helps to ensure that only authorized users can unlock and decrypt the contents of your secure vault by adding a layer of security. Unfortunately, Norton only provides this service for your Norton account and not for the password manager. Note: To use the password manager, you need to first create a general Norton account (this is your parent account) and then an account for the password manager (this is your child account).
The absence of two-factor authentication is disappointing and takes a notch or two off of the level of security offered.
Other password managers use two-factor authentication by using something you know (your email address and master password) and something you have (your mobile device). When logging into your secure vault, they require you to authenticate yourself from your chosen mobile device. You can pair your password manager with an authentication app, such as Google Authenticator, to send a one-time password (6-digit code) to your phone every time a login attempt is made. The password manager app will then prompt you for the code and once it has been submitted, you can gain access to your vault.
Even if someone steals or guesses your password, they cannot access your vault as they need the code that has been sent to your phone to sign in.
2) Features
Basic features for a basic password manager.
From storing unlimited credentials in your privately encrypted vault, to auto-filling online form fields, and syncing your data across all your devices, Norton brings nothing new or special to the table.
One feature that can be commended is auto change where you change multiple passwords at once. Norton will directly log into each account, use the password generator to create new passwords on your behalf, and automatically saved them your vault, ready for use next time you want to log in.
However, all other features often fall short. For example, the Safety Dashboard does a great job of identifying duplicate, old, and weak passwords that need to be changed but it doesn’t notify you of any passwords that may have been exposed in a data breach.
I discuss more of the pitfalls in the pricing section of the review but overall, Norton doesn’t have the features needed to truly protect and maintain your security.
Securely Store Your Passwords in an Encrypted Vault That Only You Can Access
You can save an unlimited number of passwords and other sensitive data, including credit card details and addresses, in your vault. To gain access to your vault, you need to enter your master password which can be compared to the key to your home. This is the only password you will ever need to remember again since Norton will auto-fill your login credentials (more on that later). This is not unique to Norton, but rather a standard set of features that is to be expected.
Data from other password managers can be imported into your Norton vault (but I wouldn’t recommend switching since Norton’s password manager is the worst one I have tested). Alternatively, you can add new credentials as and when you browse the internet. For example, once you visit a new site and create an account, or change a password of an existing account, Norton will ask if it should be saved in your vault.
Previously, you could choose to either have a local or cloud vault. If you initially decide to use a local vault and later choose to change to a cloud-based one, the contents of your local vault would be transferred to the cloud one but in the process, the data stored in your local one would be permanently removed. This makes for a really poor user experience for existing customers and is one of the main reasons why I rate Norton so low on ease-of-use. Norton has now abandoned the local vault meaning new users only have access to the cloud version.
However, Norton’s cloud vault can only be accessed from another device that already has the Norton Password Manager browser extension installed. This, again, puts a dent in Norton’s ease of use. Other, more adept, password managers like Dashlane, provide web vaults. These vaults can be accessed from any browser like you would access any other website. They are not dependent on a browser extension, meaning you can login and use your password manager on any device.
Create Complex Passwords With the Built-in Password Generator
Using a password generator is crucial because password strength is vital to improving online security. As humans, we find it difficult to create strong, complex passwords for every account that we have. It’s no surprise that we reuse the same passwords, especially since the average person can have up to 97 work-related passwords, and that’s not even including personal ones.
The Norton password generator offers an easy solution that can be accessed from within your vault to create strong, unique passwords for every account you have. You can select the number of characters, the use of numbers, punctuation marks, and capital or lowercase letters.
Although it is a nice touch, there are far better generators to use. For example, Bitwarden has one where it will calculate the amount of time needed by a hacker to crack your password. Having additional insight like this can make the difference to the security of your accounts.
Auto Change Multiple Passwords at Once
Auto change enhances your online security with its ability to automatically change passwords for online accounts without you needing to navigate to different websites. It works by directly logging into each account and uses the password generator to create new passwords on your behalf.
After auto change has worked its magic, your new passwords are automatically saved in your vault, ready for use next time you want to log in.
However, it doesn’t always work. If some sites require two-factor authentication (i.e. send you a code via SMS that you have to enter to gain access), you need to manually authenticate the login.
One good thing about auto change is that it will clearly show you which accounts have been successfully updated, as well as those that were not. It does this by using green and red indicators. The green equals success, the red equals failure.
Another indicator of the effectiveness of auto change is your safety score. Norton provides a score based on how strong your passwords are. If the score is increased, your accounts have become more secure.
Not all password managers offer auto change so Norton can be commended here, especially as it can be a time-saver when you quickly need to update many passwords at once.
Auto-fill & Save Your Credentials
Auto-fill and save is crucial to all password managers. Without it, they are useless.
As a standard feature, Norton auto-fills your credentials when visiting sites you have accounts with. It will ask you to authorize the filling of your data before completing an online form. This helps to keep your personal information safe and gives you greater control over where your sensitive data is filled.
Surprisingly, Norton’s auto-fill feature is as easy to use as the market-leading password managers including Dashlane, LastPass and 1Password. You just need to click on the Norton icon within the form field and select the login you want to fill.
In addition to usernames and passwords, you can save credit card and address details including your name, date of birth, physical address, gender, phone numbers, and email addresses in your secure vault. Although your primary use of the password manager will be for login credentials, adding these additional details enables a seamless form-filling experience. I highly suggest taking advantage of adding all the different types of data available.
For example, say you decide to shop online. You visit Amazon and let Norton auto-fill your login credentials. Once logged in, you pick a product and go to checkout. Norton then fills your card and address credentials. You’ve completed your transaction and all it took was 3 clicks. One to log in, another to fill your card details, and the final one to enter your address. You didn’t need to scramble around the house trying to find your wallet or manually enter your details. Auto-fill did all the hard work for you.
Not only can creating payment profiles lead to a faster checkout process, using Norton to securely fill your credentials makes them less susceptible to cybercrime. You no longer need to rely on the websites that you are using to save your card information, instead, you can keep it in your encrypted vault and fill it whenever you need at a click of a button. If you were to store your card credentials in a retailer’s site and their database was to be hacked – your details could be exposed and exploited by hackers.
Similarly, auto-save is simple and straightforward to use. Once you visit a new site and create an account, or change a password of an existing account, Norton sends a push-notification that pop-ups on your screen asking whether to save the new login credentials to your vault.
Secure Notes
Besides the storing of credentials, you can also save secure notes. This can be important information like passport or license numbers, frequent flyer information, or any text needed for future reference.
From having used a wide range of password managers, I don’t tend to use secure notes all that often, but one tip that I can share with you to make your life easier is to save answers to security questions in your notes. The majority of online accounts require you to enter a security question and answer as a backup for recovering your account if you forget your password. We are all guilty of flippantly entering this information and it can be forgotten quickly. Using secure notes is a good way to keep a record of your security answers. These are encrypted using the same security protocols as all the other information stored in your vault, so you can rest assured that they are safe.
Sync Your Vault Across All Your Devices
To make password management painless across devices, you need to be able to effectively sync your vault. For example, if you add a new password to your vault while using the cloud vault via desktop, you’d also want access to that on your mobile device via the app, and vice-versa.
While Norton supports device syncing across all devices, you first need to authorize each device you want to use. The good news is that there is no limitation on the number of devices that you can sync across. The bad news is that you need to manually sync your data. This only takes a few seconds and a click of a button but it lags behind the competition where your vaults are automatically synced without having to lift a finger. It’s easy to forget to sync your vaults which can be frustrating at times.
During the data synchronization process, the contents of your vault are protected by TLS (Transport Layer Security) which wraps your sensitive information in a security shield to avoid man-in-the-middle attacks. Man-in-the-middle attacks secretly relay and, sometimes, alter the communication between two parties.
TLS protects your data against hackers as it travels from Norton’s cloud servers across the internet to your vault in the same way that bubble wrap protects a fragile package as it is being transported.
Safety Dashboard
The Safety Dashboard simply shows the health status of all your stored passwords. The purpose is to aid you in improving the level of complexity of your passwords to strengthen the security of your accounts.
The insights provided are actionable – they highlight duplicate, old, and weak passwords that need to be changed. You can either use the password generator to manually change them or use auto change to let Norton do all the hard work for you by changing multiple passwords at once.
Each password is given a security score. All your scores are then aggregated to formulate an overall score.
A major pitfall is that there is no report to highlight passwords or other credentials that may have been exposed in data breaches. So, although the safety dashboard is a nice feature, it’s not a fool-proof method to truly measure the strength of your security. Data breaches exposed 4.1 billion records in the first half of 2019. Compromised data is often sold on the dark web where cybercriminals can exploit your identity for financial gain. Therefore, data breach reports are vitally important and should be a feature of any password manager that you choose. The best reporting mechanism that I’ve used is Dashlane’s Dark Web Scan that continually monitors the dark web searching for any compromised personal information including usernames and passwords, credit card numbers, phone numbers, addresses, and much more.
Biometric Access
Although your master password is the only password you will ever need to remember again, you can opt to use either your fingerprint or Face ID to unlock your vault on your mobile device. It is as effortless to unlock your vault as it is to unlock your phone.
This feature extends beyond just being able to log into your vault, it is crucial that if you decide to sign up to Norton (which I don’t recommend) that you immediately set up biometric access. Here’s why:
There is no way to recover or reset a master password without erasing the contents of your vault if your mobile device doesn’t support biometric authentication. Your fingerprint or Face ID becomes your master password and therefore, gives you the opportunity to reset your password if you forget it.
Mobile Unlock
Very simply, mobile unlock lets you unlock your vault without having to manually enter your master password.
Once you launch a desktop browser that has the Norton Password Manager extension installed, a vault unlock request notification is automatically sent to your mobile device for you to approve.
It seems like Norton introduced this feature to make up for a lack of two-factor authentication but it doesn’t cut the mustard. (You can read more about the absence of two-factor authentication in the security section).
Automatic Logout
You can set the password manager to perform an automatic logout after a set period of inactivity.
This is particularly useful when other people have access to your computer or when you are away from your desk, but does it make up for the pitfalls in the security model? I’m afraid not.
3) Ease of Use
Creating an account is fairly convoluted. You first need to create a general Norton account and then create an account for the password manager. The first account is somewhat redundant, especially if you just want to sign up for the password manager and none of their other security solutions.
Installing the password manager is on-par with some of the market-leaders. Since there is no local application (meaning you don’t need to download any software) you are not limited by your operating system (e.g. Windows, Mac, Linux, etc). But, you are limited by the browsers that are supported, if you use Chrome, Edge, Safari, Internet Explorer, or Firefox, you will be fine – anything else and you can’t use Norton.
However, your vault can only be conveniently accessed if the desktop device that you are using has the browser extension installed. Other, more adept, password managers like Dashlane, provide web vaults. These vaults can be accessed from any browser like you would access any other website. They are not dependent on a browser extension, meaning you can login and use your password manager on any device.
You can also download the mobile app for both android and iOS.
How to Setup and Use On Desktop
Once you have gone through the convoluted process of setting up both your Norton account and Norton Password Manager account, you can begin the installation of the browser extensions.
Surprisingly, adding credentials to your vault via the extension is very intuitive.
The basic interface delivers a good user experience, but, of course, Norton has left some stones unturned. Aside from having folders for your logins, credit cards, addresses, and notes, there is no way to organize your vault. You’re only given a search bar and can favorite different credentials. Although this isn’t a major issue, it’s another aspect of the password manager that lags behind the competition. Simple things like this are often a good indicator of how invested the company is in providing a top-notch product.
You can add credentials manually or import them from Chrome, Firefox, Dashlane, 1Password, and LastPass. Unfortunately, you can’t import passwords from Safari.
Similarly, you can add new credentials as and when you browse the internet. When you log into a new site or change a password for an existing account, Norton will ask if it should be saved in your vault.
How to Setup and Use on Mobile
If you have an existing account, you can simply download the app from the App Store or Google Play, and log into your vault with your email and master password.
I recommend setting the cloud vault up on desktop first so that you can quickly take advantage of the mobile app, especially as adding passwords in bulk via the import method can only be done through the browser extension.
The intuitive desktop design is carried over to the mobile app but it also introduces step-by-step guides. For example, they use two videos in the app – the first shows you how to enable auto-fill, and the second showing how to use your mobile as a way to unlock your desktop vault without having to enter your master password. Both short guides are simple to follow and easy to execute – no technical knowledge is needed.
Interestingly, Norton included their Safe Search browser directly within the app to protect you from threats whilst surfing the web. This is the first time that I’ve seen the security giant use its existing products to add value to and enhance, the password manager. It is a nice addition that helps you identify and avoid malicious websites.
Last but not least is the ability to enable fingerprint or Face ID to unlock your vault. After the first time that you log in, providing your device supports biometric authentication, the app will automatically use your biometric data to grant access for future logins. Out of interest, I looked to see if I could disable biometric authentication since some people are wary of using it, but could not find any settings to do so. Nevertheless, it’s best to keep it enabled as it also acts as your backup to reset your master password without permanently deleting the contents of your vault.
4) Support
Support is minimal.
The only form of support is a limited collection of FAQs and the community forum. To be brutally honest, it doesn’t make the cut when compared to all the other password managers I have reviewed.
The Norton community forum is intended to be the place where you can ask questions and interact with other users but I found that a staggering 81% of forum entries were left unresolved.
Based on help and support alone, I cannot recommend Norton Password Manager.
Getting in touch:
Ask the Community
The Norton community forum is intended to be the place where you can ask questions and interact with other users. The biggest problem is that not all questions are solved.
In fact, I decided to dig deep and looked back over the past 3 months of forum entries. I found that a staggering 81% were left unresolved. Based on help and support alone, I cannot recommend Norton Password Manager.
Help Resources:
FAQs and Guides
Norton provides a limited range of FAQs and step-by-step user guides scattered through their site. They are quite difficult to find and require a bit of digging to get your hands on them. There’s no search function so you have to hope and pray that you stumble across a relevant article that can help you.
System Status
The only aspect of help and support that you can rely on is the system status page to tell you one of three things:
- Service is running without problems
- Service is experiencing problems
- Service is down
This is useful for keeping up-to-date on whether the password manager is working or not but it won’t help you troubleshoot.
5) Pricing
Norton Password Manager may be free but it is the worst password manager that I’ve reviewed.
It’s missing crucial security features, doesn’t provide adequate help and support, and although aspects of the manager, such as the interface, are easy to use, it has some major pitfalls that lead to an overall poor user experience.
For example:
- You can’t organize the contents of your vault.
- Secure sharing is not supported.
- There are no data breaches checks.
- Two-factor authentication is not included.
- No option to restore deleted items.
- If you forget your master password you run the risk of risk of erasing the contents of your entire vault.
Free Plan
Norton Password Manager is only available as a free plan with the following limited features:
- Encrypted vault – Store your passwords, credit card details, addresses, and private notes away from prying eyes.
- Built-in password generator – Create complex passwords for each account with ease.
- Auto change – Let Norton do all the hard work for you by changing multiple passwords for different accounts at once.
- Auto-fill & save – You no longer need to remember or laboriously enter your credentials. Norton will auto-fill your details when visiting sites you have accounts with, as well as ask to save new credentials to your vault as and when you create an account or change a password of an existing one.
- Sync across multiple devices – If you add a new password to your vault, it will be synced across all your devices that use the password manager.
Safety dashboard – Identify duplicate, old, and weak passwords that need to be changed. - Biometric access – Replace your master password with your fingerprint or Face ID to unlock your vault on your mobile device.
- Mobile unlock – Each time you launch your desktop browser with the Norton Password Manager extension installed, a vault unlock request notification is automatically sent to your mobile device instead of manually entering your vault password.
- Automatic logout – Set the password manager to perform an automatic logout after a set period of inactivity.
The plan only allows one vault for every user and cannot be used by businesses or families which restricts its versatility.
Aside from the features listed below, it doesn’t offer the ability to organize the contents of your vault, securely share your credentials, monitor your details against known data breaches checking for compromised information or facilitate two-factor authentication. There is also no option to restore deleted items which can be slightly frustrating at times and let’s not forget that you run the risk of erasing the contents of your vault if you forget your master password.
These missing features put you at three major risks of exploitation.
Firstly, it leaves you with the only option to share passwords insecurely. Whether you use a spreadsheet, send them over text, or email you open your communication to the possibility of man-in-the-middle attacks where the attacker can secretly relay the communication between you and the person you are sharing a password with.
Secondly, while you may use Norton to protect your passwords, your credentials are still at risk if the websites you have accounts with experience a data breach. Compromised data is often sold on the dark web where cybercriminals can exploit your identity for financial gain. Therefore, data breach reports are vitally important so you can be notified of any compromised data and take immediate action (i.e. changing your passwords).
Thirdly, the absence of two-factor authentication means that if a hacker manages to uncover your username and master password they will be able to unlock and decrypt your vault. There is no additional layer of security that they need to pass to gain access.
The combination of missing security features and protocols, as well as poor help and support, makes Norton the worst password manager I’ve reviewed.
6) Alternatives
Norton vs Dashlane vs LastPass – Who Should you Pick?
I strongly advise against signing up for Norton.
If you are looking for a free password manager, I recommend LastPass Free.
However, if you want a password manager that can give you a comprehensive and sophisticated set of security features, a solid help and support foundation, and great value for money, then Dashlane Premium is your best bet.
Both LastPass and Dashlane offer a wider range of support channels, as well as robust guides and tutorials which are ideal for troubleshooting. Dashlane, however, takes the crown thanks to its more advanced security features. Most notable features include:
- Dark Web Scan – It scans the dark web for any compromised usernames, passwords, credit card numbers, phone numbers, addresses, and much more so you can be notified and take immediate action to avoid exploitation.
- Built-in VPN – To protect you when using unsecured public WiFi services.
Dashlane
Dashlane is hands down the best password manager.
It has the most comprehensive and sophisticated set of security features, a solid help and support foundation, and provides the best value for money.
Here’s how Norton shapes up against Dashlane:
- Dashlane uses its proprietary Dark Web Scan technology to monitor the dark web for any compromised usernames, passwords, credit card numbers, phone numbers, addresses, and much more. Norton doesn’t check for compromised data.
- Dashlane is the only password manager to provide a VPN as part of its password manager to protect you when using unsecured public WiFi services.
- Norton only offers a free plan for use by a single user, Dashlane has a range of different plans for personal and business use.
- You can securely share passwords while using Dashlane. The same cannot be said for Norton.
- Your vault is more secure with Dashlane thanks to two-factor authentication. Dashlane is also the only password manager to have a U.S. patented security model.
- Getting in touch with Dashlane is simple. They offer a range of communication channels stretching from Twitter to email to live chat, as well as an extensive range of guides and tutorials which can answer pretty much any troubleshooting questions you may have. Norton’s help and support is out-dated and sub-par.
To find out more about why Dashlane is so much better than Norton, read my full review and pricing review.
LastPass
If you are looking for a free password manager, LastPass is your best bet over Norton by a long shot.
Here are the key differences:
- In addition to passwords, credit card details, addresses, and secure notes, LastPass also lets store files. These could be sensitive contracts, photos of your passport for safekeeping, or any other type of file you want to lock away.
- Unlike Norton, you can organize your vault using folders.
- LastPass holds your deleted items for 30-days giving you the opportunity to restore any if needed. Norton does not.
- You can enable multi-factor authentication to add additional layers of security that need to be passed to access your LastPass vault. This is absent in Norton.
- LastPass Free users get the ability to share passwords one-to-one (passwords can be shared with one other user but not with multiple users). Sharing with multiple users is available in the premium version.
- Both communication channels and self-help resources provided by LastPass are superior to that of Norton.
To find out more about LastPass, read my full review.
FAQs
Security
Norton Password Manager uses military-grade encryption to protect the data stored in your secure vault. The vault can only be accessed with your master password. The master password is only known to you and is never stored on any of Norton’s servers. However, the absence of two-factor authentication puts the level of security down a peg or two.
Norton uses a combination of end-to-end encryption and TLS (Transport Layer Security) to protect your data against hackers as it travels from Norton’s cloud servers across the internet to your vault in the same way that bubble wrap protects a fragile package as it is being transported.
It uses a zero-knowledge model where Norton never sees or stores any of your unencrypted passwords. Only you can decrypt the contents of your vault using your master password which is known only by you. As a result, it can be considered to be secure but not necessarily the most robust password manager. Other password managers give you the option to use multi-factor authentication to further enhance the security of your vault.
Any password manager can be hacked. What matters is if your unencrypted data can be stolen. Because of the zero-knowledge model, even if Norton was to be hacked, the hacker would only be able to get their hands on encrypted data – which is useless to them.
Pricing Plans
Norton Password Manager is free.
Although it doesn’t cost anything, it is not worthwhile signing up – there are much better options available. LastPass Free is my recommended choice for anyone wanting a top-notch free password manager that has all the basic features you need to protect your sensitive data, as well as a solid foundation of help and support.
General
Norton Password Manager protects your credentials from malicious hackers by letting you securely store and safely manage them in an encrypted vault.
It facilitates security and convenience when logging into online accounts. You no longer need to remember long complex passwords, instead, let Norton do all the hard work for you and automatically fill your login credentials whenever you need them.
Once you have created your Norton Password Manager account, you can begin to add your login credentials and other sensitive information, such as credit card numbers, addresses, and digital identities. Once your credentials have been saved in your vault, the next time you visit a website that you have an account with, the password manager will ask you whether you want it to automatically fill your login details. This allows for a seamless logging in experience and means that you no longer need to remember any of your credentials. If you create a new account or change the password of an existing one, Norton will ask you whether you want to save it in your vault.
Ultimately, Norton Password Manager works by allowing you to effectively store and manage your credentials in a vault cocooned in encryption away from prying hackers that have malicious intent.
Norton Password Manager stores your encrypted passwords in their secure cloud servers where they are transmitted to your password vault ready for decryption following the successful entry of your email and master password.
