- Free plan with unlimited passwords
- AES-256 encryption
- Comprehensive credentials management
- Ability to attach documents or files
- Not the smoothest interface
- Meager discount for annual payment
The password manager field is active and competitive, reflecting the growing number of people falling victim to identity theft due to weak, reused passwords. With so many choices available, users are in a good position to go with a password manager that targets their specific situation. Calling itself an “operating system for business” with 50 million users worldwide, India-based Zoho’s suite of business-oriented applications includes Zoho Vault, a scalable, secure manager of passwords and more, aimed at the needs of teams. The good news is that you don’t have to run a huge multinational to benefit from Zoho Vault: there’s a free-forever version that satisfies the needs of most individuals, or even families. Like its big brothers, the free version stores an unlimited number of passwords using AES-256 encryption – the strongest available. And if your needs extend to elaborate credentials access management across teams, departments, and divisions, Zoho Vault has the tools and integrations to make it all happen. Four plans are available – Free, Standard, Professional, and Enterprise – to cover the full spectrum of user requirements.
Because Zoho Vault is part of the company’s vast suite of business applications, it may not contain all the features found in standalone password managers geared towards personal use. For example, Zoho Vault doesn’t come with a registry cleaner, nor does it autofill web forms like many competing products. However, Zoho Vault does have a respectable collection of features that make it worth considering for individual and corporate users alike.
Large organizations will appreciate Zoho Vault’s ability to run on just about anything with a stable internet connection. Supported browsers include UC, Chromium, and Opera, as well as all the usual suspects. Further simplifying life for admins, user lists can be imported from Office 365, AD/LDAP, or G Suite, making it less challenging to add password management to an existing enterprise, no matter how large it is.
Key to Zoho Vault’s scalability is the way it groups credentials (“Secrets” in Zoho lingo). A Secret is a configurable container that can include a password or any other piece of data to be kept from prying eyes. It could be anything from a software license to a passport number. Secrets default to having two fields (username and password, for example), but fields can be added or subtracted as needed. One powerful feature – available even in the free version – is the ability to attach a file of up to 1MB to each Secret: a photo of a company asset, a scan of a handwritten document, sign-in instructions for a secure system, and so on.
There must be a Harry Potter fan lurking at Zoho, because Secrets are grouped into Chambers, which can be further divided into Sub-chambers. Secrets can appear in multiple Chambers or Sub-chambers, so members of teams within a department, division, or location can each have their own access to credentials. This makes it a simple matter to add, reassign, or remove users, or to give individuals access to a different set of credentials, thus making a simple, real-time procedure out of what could otherwise be a large company’s nightmare.
Secrets are encrypted in your browser using AES-256, then sent to a Zoho server in the US or Europe via SSL. The encryption key is a passphrase you create, and this passphrase had better be memorable: Zoho doesn’t store it anywhere. If the passphrase is ever lost, it will be impossible to decrypt your Secrets, and you will lose access to everything you’ve stored. But if this frightening scenario ever occurs, Zoho will at least send you your encrypted data in an HTML file in case the lost passphrase is ever remembered or found.
Setting up Zoho Vault is a fairly simple process, although we did encounter one quirk. The welcome email you receive after creating an account contains the password needed to sign in to Zoho Vault. This is the point where a passphrase should be created, but we didn’t seem to be prompted to do this the first time around. Instead, we had to use the ‘forgot passphrase’ option and start over. It might have been a temporary problem or an ambiguous on-screen instruction, but it did add a step to our setup procedure.
When adding Secrets to your new vault, Zoho conveniently provides a searchable list of 400 popular websites where users might already have accounts, all categorized under headings like social media, telecom, finance, shopping, and so on. Secrets can be designated as ‘personal’ or ‘enterprise’, with only the latter being sharable, although a Secret’s designation can be changed at any time. Chambers can be created before or after adding Secrets, allowing the overall structure to change and grow to meet changing needs. And Chambers don’t have to mimic a company’s organizational chart: they are equally useful in helping an individual user to compartmentalize the myriad passwords they’ve accumulated. For example, Secrets could equally be grouped by type, like social media sites in one Chamber and travel-related sites in another.
All Zoho Vault versions allow optional two-factor authentication using a mobile device, fingerprint, QR code, SMS, voice call, or Google Authenticator as a supplementary identity check. Unfortunately, this feature is not configurable on a per-user basis: once enabled, all users will be subject to TFA, even for their other Zoho applications.
Zoho Vault’s plain Jane interface won’t win any awards, but it gets the job done without making you hunt and peck for settings. Besides, this simplicity makes sense when you consider that the software runs on Unix and Ubuntu as well as Windows and macOS. The uncluttered dashboard shows a summary of the average strength of all your stored passwords using an analog scale divided into ‘poor’, ‘fair’, ‘good’ and ‘excellent’ ratings. Of course, there’s no reason not to use the built-in password generator to gain the extra measure of security that ironclad passwords bring to the table.
The following makes sense from a security standpoint, though it still felt a little inconvenient that the sign-in screen doesn’t support cut-and-paste or autofill from a different password manager or a form-filling app – at least not in Chrome. If you’re one of those people who does the unthinkable and stores passwords in a text file, you won’t be able to copy-and-paste your Zoho Vault passphrase into its log in screen. Naturally, it’s best all around just to create a truly memorable passphrase for yourself – a modified acronym of a sentence with personal meaning for example – and put it where it can’t be hacked, like on paper or in your head.
Mobile and Add-ons
One of the key requirements of any password manager is for it to work across platforms, giving users the freedom to access password-protected sites from anywhere, and from any device. Zoho Vault does well in this regard. Android devices from version 4.1 are supported, as is anything running iOS 8.0 and beyond, bringing the app to everything from iPhones and iPads to the Apple Watch. There are browser extensions for Safari, Firefox, Opera, Google Chrome and Chrome-based Brave, Vivaldi, Chromium, and UC as well as Firefox and Microsoft Edge (though not for the fading Internet Explorer).
This functionality isn’t limited to the paid versions either: you have mobile access to all your passwords from the free-forever version too. We tested the Android app and liked its clean, simple look. All the key functions were easy to navigate and use. Zoho deserves kudos for supporting Android devices stretching back to Jelly Bean, which was released back in 2012. This will be a breath of fresh air to users still packing a cherished veteran Android gadget who are tired of being told that apps aren’t compatible with their device.
For a company with its own suite of business apps – including everything from a word processor to a CRM system – Zoho offers a solid list of possible integrations, with the expected slant towards enterprise-friendly software. Moving up to one of the paid versions of Zoho Vault gains you authentication for Office 365 and G Suite. Users of the top-of-the-line Enterprise plan get treated to AD/LDAP and Azure AD authentication, as well as the SAML 2.0 authentication that opens the door to single-sign-on (SSO) apps like Okta and OneLogin. Encrypted copies of passwords and other data can be periodically and automatically sent to the user’s Dropbox, Google Drive, or Amazon S3 accounts. A further integration grants JIRA users access to passwords through their valid JIRA issue ID.
Unless new users choose to upgrade at the end of the 15-day trial period, they are automatically put on the free plan. This may sound like a handicap, but Zoho Vault Free is a generous offering. If you’ve never used a password manager (or you’ve been relying on an insecure browser to do the job), the fundamental benefits of enhanced security and convenience will be a welcome gift. Throw in unlimited password storage, two-factor authentication, mobile and offline access, browser extensions, one-click logins, a password generator, and the ability to import and export passwords from other programs, and the needs of most individuals are handily met. There are no annoying upgrade pop-ups, and no credit card is required to sign up.
Zoho Vault’s four plans are reasonably priced, especially on a per-user basis. At $1 per user per month, the Standard plan adds Office 365 integration, password sharing between team members, one-time sharing with third parties, and cloud backup. Zoho Vault Professional adds Chamber sharing, “break glass” emergency access, and a suite of activity reports, all for $4 per user per month. The Enterprise plan leads Zoho Vault’s offerings at $8 per user per month, and tops up the features list with Azure, SAML and AD authentication and advanced management tools like instant password activity alerts, single sign-on for cloud apps, and the ability to import users from AD, LDAP, and Azure.
Be aware that plans renew automatically, but upgrades and downgrades are permissible at any time. The company accepts Visa, Mastercard, American Express, or PayPal, with bank transfers accepted only for plans billed annually. For all paid plans, paying yearly lowers the price by a flat 10% compared to the monthly payment. Zoho kindly makes unspecified discounts available to educational institutions and non-profit organizations on approved request.
Zoho Vault offers a limited number of support channels, especially for free accounts (unsurprisingly). Free users get only email support, but all three paid plans receive priority support via email, phone, or remote assistance. There’s no live chat, but we couldn’t find evidence that the hours at the call centers (with numbers in Australia, U.S., UK, and India) were limited to only certain times or days. On its website, Zoho shares a dozen helpful videos and some archived webinars, downloadable Best Practices and Admin guides, and the usual FAQ and Help, although these are not the most comprehensive or searchable we’ve seen.
Zoho is also very active on Facebook and Twitter, with new posts appearing almost daily, and a separate Twitter feed just for support. It should be pointed out that these social media channels are not specific to Zoho Vault but serve users of the company’s entire range of business applications.
With a free-forever plan giving users the security and convenience benefits of a multi-platform, encrypted password and secrets manager, Zoho Vault is hard to beat. And its scalability makes Zoho Vault a solid choice for growing companies looking to avoid a credentials management nightmare. Admittedly, having all your eggs in one basket involves a certain degree of trust, especially when using complex, non-memorable generated passwords. A lost passphrase or system outage (heaven forbid) could block you from every one of the sites you use frequently – social media, email, shopping, even banking. But with identity theft on the rise and with dozens of passwords to keep track of, most users will find that a straightforward solution like Zoho Vault is a well worth its modest cost.
Best Alternative Password Managers
|Editor's Choice 2020|