Given how much of our personal data is stored across various online services, having a password manager has become essential. The perils of weak passwords are well-known – your accounts can be easily hacked, leading to a lot of misery. And since most people have a large number of accounts across various websites, remembering different strong passwords for each account becomes a chore. That’s why you should consider using a password manager such as Zoho Vault.
Zoho Vault is available on Android, iOS, and for desktop PCs via Chrome and Firefox extensions. The service requires you to create an account and a separate passphrase that protects your passwords. This passphrase will not be stored anywhere and cannot be recovered, so you need to make sure you remember this. All password manager apps have one master password that you’ll need to remember, so Zoho’s passphrase is nothing to be alarmed about, it’s the industry standard.
Once you’re signed in to your account and the vault, you’ll need to install the browser extensions on your PC in order to enable autofill. Whenever you open a website such as Twitter for example, where you have saved the password already, Zoho Vault will automatically enter your username and password. It also lets you stop your browser from offering to save passwords, which is a bonus.
Zoho Vault lets you share passwords with team members. You can create multiple vaults, dubbed Chambers, and just give team members access to certain vaults. This lets you easily segregate company-related accounts from your personal credentials, and you can simply let team members access the “Work” chamber to let them login to company accounts. Administrators will appreciate the fact that Zoho Vault lets them set a password policy, such as requiring 15-character alphanumeric passwords with lowercase and uppercase letters that needs to be changed every month.
Adding passwords to Zoho Vault is quite simple. You can either add them via the browser extension, or just log in to the website in question and Zoho Vault will offer to save your password on its own. We couldn’t find a way to add captured passwords to a Chamber directly. When you add a captured password to Zoho Vault, the extension doesn’t show an option to send that password to a Chamber. We had to do this manually via the extension.
Zoho Vault works fine for the most part, except when dealing with non-standard login pages. Some of our company’s internal login pages show up as pop-ups (HTTP authentication) in the browser. For these logins, you’ll have to save passwords manually to the vault, and then copy-paste them into the fields. Zoho Vault’s competitor 1Password has a neat auto-type feature that keys in login credentials in any browser tab you want. This is very effective in tackling non-standard login pages.
We also used Zoho Vault on an iPhone and weren’t very happy with the experience. The sign up process was cumbersome and the app, more than once, showed us a desktop-width screen with a vague error message. We signed up via a desktop browser and then returned to the iOS app, only to find that it wanted us to confirm our email before it let us sign in. It showed this error after we’d keyed in the login credentials and the passphrase. We had to do it all over again to use the app.
Secondly, the Zoho Vault app doesn’t enable Touch ID by default. The option is buried two layers deep in the app and certainly should be switched to default. Having to key in the passphrase again and again is a chore, especially on the tiny, cramped 4-inch iPhone 5s keyboard. Enabling Touch ID does makes signing in a breeze. Initially, the app’s Safari extension kept asking us to return to the app and log in even though we were already logged in. Force quitting Safari and relaunching it fixed this problem. These two issues apart, the app worked as it should.
On Android, the experience was frustrating at times. While the app itself worked well, its autofill feature had a worrying bug on our Asus ZenFone Zoom. The autofill pop-up showed up after a minor lag on Google Chrome, and we just couldn’t close it. Hitting the home button closed the browser but not the pop up. It didn’t even let us reboot the phone as the pop-up appeared above the power off/ reboot screen. However, Zoho Vault worked as expected most of the time and this happened just the once. Whenever you open a page with a log in form, the autofill pop-up will help you instantly key in your credentials. For the most part, this is a smooth process.
While browser-based password managers may not be offer the same control on data as password manager apps, they score a lot higher on the convenience factor. Whenever you open any page with a login form, browser-based password managers – on desktop and mobile – will automatically key in your passwords. This needs no input from you. If anyone gains access to your device, they can access all of your accounts because of saved passwords. To avoid this, password manager apps such as Zoho Vault add an extra layer of security in the form of a passphrase or Touch ID. This is why it’s even more important for the process to work smoothly every single time. Some of the bugs mentioned above could be a deterrent for someone trying password manager apps for the first time.
Having said that, overall, we were pleased with the way Zoho Vault works. It has all the essential features for personal and corporate use. Yes, it stores your passwords online, but the second time we used it, Zoho Vault asked us to enable two-factor authentication. This would require us to key in a separate code sent to us via text, a phone call or any authenticator app, to access credentials stored in Zoho Vault. This level of security is good enough for most people and companies. Storing passwords online means that they’re stored with Zoho, which may concern some. However, there isn’t much to worry about as Zoho encrypts your passwords, which makes them virtually impossible to access for anyone who doesn’t have access to your Chambers. Secondly, the passphrase for your account is not stored anywhere on Zoho’s servers and it’s not possible to access your passwords without that passphrase. Then there’s the other question of whether one should trust Zoho. Zoho is headquartered in California, with a strong Indian connection. The company has been around since 1996 and has a long history of making online collaboration tools and other enterprise apps. That and the multiple layers of security in Zoho Vault should allay any concerns people might have.
Zoho Vault also features offline access – it lets you access your passwords via a downloaded encrypted file. It offers a free tier that doesn’t let you share passwords, making it suitable for personal use. Paid tiers start at Rs. 60 per user per month and go all the way up to Rs. 420 per user per month. The pricing is very reasonable for team use, especially when you compare it with services such as 1Password for Teams (starts at roughly Rs. 350 per user per month). Zoho Vault also supports two-factor authentication for logging in, which makes it secure enough for most companies, even though it stores your passwords online. But if you’d rather store your team’s passwords offline, 1Password for Teams may be a better choice.