The California Consumer Privacy Act (CCPA) is a data protection law that came into effect on January 1, 2020. The CCPA is designed to give California consumers greater control over their personal information that is collected, received, used, shared, and/or sold (i.e. ‘processed’) by businesses. The CCPA is often compared to the European Union’s General Data Protection Regulation (GDPR) as it provides similar rights and protections to consumers.

The CCPA requires businesses to be transparent about their data collection and sharing practices, as well as to provide individuals with certain rights over their personal information, and to implement reasonable security measures to protect that information.

Today, we’re exploring CCPA. Let’s jump in right away.

Who must comply with the California Consumer Privacy Act?

The CCPA applies to businesses that operate in California and collect, and store with personal consumer data of California’s residents, and meet one or more of the following criteria:

1. Have an annual gross revenue of over $25 million.

2. Buy, receive, share or sell the personal information of 50,000 or more California consumers, households, or devices.

3. Derive 50% or more of their annual revenue from selling California consumers’ personal data.

The CCPA also applies to businesses that control or are controlled by a business that meets the above criteria and share common branding.

What is the definition of personal information?

The CCPA defines personal information as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The definition of personal information by the CCPA may also include but is not limited to names, aliases, postal addresses,, email addresses, social security numbers, IP addresses, biometric information and other information that helps to directly or indirectly identify a person.

Data Covered by the CCPA

CCPA is designed to ensure that individuals are the ones in control of their data, and because of that the act defines the way business should process individuals’ personal information.

This includes information obtained from the consumer directly or indirectly, such as through a third party. The CCPA also covers information about a consumer’s household, such as their family members’ names and ages.

However, the CCPA excludes certain data, such as publicly available information, deidentified or aggregated consumer information, and data covered by other laws, such as the Health Insurance Portability and Accountability Act (HIPAA).

What are the CCPA Requirements?

1. Right to know what personal information is being collected, used, shared and sold

2. Right to request deletion of personal information

3. Right to opt-out of the sale or sharing of personal information

4. Right to access personal information in a portable and easily understandable format

5. Right to non-discrimination for exercising their CCPA rights

6. Right to correct Inaccurate Personal Information

7. Right to Limit Use and Disclosure of Sensitive Personal Information

Businesses must also provide notice to consumers at or before the time of collection of their personal information. The notice must inform consumers of the categories of personal information that will be collected, the purposes for which the personal information will be used, and the categories of third parties with whom the information may be shared.

Furthermore, businesses must implement robust security measures to protect consumers’ personal information from unauthorized access, destruction, modification, or disclosure. On top of that companies are also expected to establish and maintain reasonable practices and procedures for responding and honoring to consumer requests.

H2: CCPA Compliance Checklist

Organizations subject to the CCPA should take several steps to comply with the law.

• Conduct a data inventory to identify personal information collected, used, and sold.

  To meet CCPA requirements, organizations should conduct a thorough review of their data practices to identify the personal information collected, used, and sold. This inventory should include a comprehensive assessment of data sources, purposes for which the information is collected, categories of third parties with whom information is shared, and security measures implemented to protect information.

• Update privacy policies to include CCPA-required notices.

  Organizations must ensure that their privacy policies are updated to include CCPA-required notices, which should be clear, concise, and written in plain language. The privacy policy must inform consumers of their CCPA rights, such as the right to access personal information, the right to request deletion of personal information, and the right to opt-out of the sale of their personal information.

• Implement processes for receiving and responding to consumers’ requests.

  To comply with the CCPA, organizations must have effective processes in place for receiving and responding to consumers’ requests. These requests may include access to personal information, deletion of personal information, or opting-out of the sale of personal information. Organizations should establish procedures to verify requesters’ identities and respond to requests within the CCPA’s required timeframe.

• Provide an opt-out mechanism for the sale of personal information.

  Organizations wishing to comply with the CCPA must provide a mechanism for consumers to opt-out of the sale of their personal information. This mechanism should be easy to use and prominently displayed on the organization’s website.

• Train employees on CCPA compliance.

  To comply with the CCPA, organizations must train their employees on CCPA compliance, including a review of CCPA requirements and guidance on handling consumer requests. Employees who handle personal information must also receive training on security policies and procedures.

• Implement reasonable security measures to protect personal information.

  Organizations must implement reasonable security measures to protect personal information. This includes physical, technical, and administrative safeguards to prevent unauthorized access, use, and disclosure of personal information.

• Monitor and update compliance measures as necessary.

  To maintain CCPA compliance, organizations must continuously monitor and update their compliance measures as necessary. Among other things, this includes regular review and updating of privacy policies, employee training on new requirements, and ensuri
  ng that their processes for receiving and responding to consumer requests are effective.

What new law goes into effect beginning January 1, 2023?

In November 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA). The CPRA is designed to amend and extend the original CCPA.

Not only does the CPRA expand consumer rights, but it also brings fresh rules to the table. The right to correction allows consumers to have incorrect information rectified while the right to limit sensitive personal information will give them greater control over their data in general.

Consumers can also request information on automated decision-making and opt-out of the use of such technologies.

The CPRA went into effect on 1st of January, 2023 and is now state-wide law.

Are there any penalties for violating CCPA?

Penalties for violating CCPA are very real. Businesses that fail to comply with the CCPA may face fines of up to $7,500 per violation. Consumers also have the right to bring a private action against a business that violates their CCPA rights.

What is the difference between GDPR and CCPA?

While the CCPA and GDPR share similarities, there are some key differences between the two laws. The GDPR applies to businesses that collect and process the personal data of individuals in the European Union, while the CCPA applies to businesses that collect and process the personal data of California residents only.

The GDPR also gives individuals more rights, such as the right to object to the processing of their personal data and the right to restrict processing in certain circumstances. The CCPA, on the other hand, gives consumers the right to opt-out of the sale of their personal information.

Another difference between the two laws is that the GDPR applies to all businesses, regardless of their size or revenue, while the CCPA only applies to larger businesses that meet certain criteria.

What does CCPA mean for cybersecurity?

In terms of cybersecurity, the CCPA has significant implications. Companies that collect and store personal information are required to implement reasonable security measures to protect that data from unauthorized access or theft.

Under the CCPA, companies can be held liable for breaches that occur due to their failure to implement reasonable security measures. This means that companies must ensure that they have robust cybersecurity policies, procedures and tools in place to protect consumer data. The CCPA also requires companies to conduct regular risk assessments and to update their security measures as needed.

Overall, the CCPA represents a significant shift in the way that companies collect, store, and use personal information and at the same time provides Californian consumers with greater control over their data. On top of that the CCPA holds companies accountable for protecting that data from unauthorized access or theft. As such, the CCPA is likely to have a positive impact on cybersecurity by encouraging companies to take their data privacy and security obligations seriously.

CCPA and NordPass Business

Organizations can ensure the security of personal information through the security measures that the legal act encourages to implement in order to comply with CCPA. One of effective security measures is a password manager such as NordPass Business. Password management is a crucial aspect of data security, and NordPass Business provides organizations with an easy-to-use, yet robust solution that can help them implement security measures needed to comply with the CCPA.

Firstly, NordPass Business can help you ensure that passwords across the organization are unique and complex. With the option to generate strong and unique passwords for each account, organizations can rest assured that their users’ accounts are secure.

NordPass Business allows organizations to securely share passwords. Sharing passwords can be a security risk, but in some cases, it is necessary for business operations. NordPass Business provides a secure way for organizations to share passwords, ensuring that only authorized users can access personal information. This feature is especially important for organizations that have employees working remotely or have multiple team members who need access to certain accounts.

By using NordPass Business to store passwords, organizations can demonstrate that they are taking measures to protect their users’ personal information.

In today’s world, Zoom has become an essential tool for both personal and professional communication. Whether you’re conducting a virtual meeting with colleagues or catching up with friends and family, Zoom is the go-to platform. However, with so many passwords to remember, it’s not uncommon to forget your Zoom password. If you’re in this situation right now, don’t worry – resetting your forgotten Zoom password is a straightforward process.

In this article, we’ll guide you through the steps to reset your Zoom password, answer frequently asked questions, and provide tips to keep your passwords secure.

How do I change my Zoom password?

Before we dive into resetting a forgotten Zoom password, let’s look at how to change the password. Changing your Zoom password regularly is an essential security measure, especially if you use Zoom for confidential meetings. To change your password, simply follow these steps:

1. Log in to your Zoom account on the web portal.

2. Click “Profile” in the left-hand menu.

3. Scroll down to “Password” and select “Edit.”

4. Enter your current password, followed by a new password.

5. Click “Save changes.”

You’re all set now.

How do I reset my Zoom Password?

Resetting your Zoom password is not that much different from changing it. Here are the steps to reset your forgotten Zoom password:

1. Open your browser and go to zoom.us/forgot_password.

2. Enter the email address associated with your Zoom account.

3. Verify the reCAPTCHA.

4. Click “Send” and wait for the reset password link to arrive in your email inbox.

5. Check your email inbox for an email from Zoom with a link to reset your password. If you can’t find the email in your inbox, check your Spam folder.

6. Click on the link in the email.

7. Enter your new password.

8. Enter it again for confirmation.

9. Click “Save.”

10. You have successfully reset your password and can now log in to the Zoom web portal.

Can I get into a Zoom meeting without a password?

It is possible to set up a Zoom meeting without a password, and it’s also possible to join a meeting without a password.

However, if you’re hosting a Zoom cloud meeting, it’s essential to set up a password to protect your meeting from unwanted guests. Without a password, anyone with the meeting ID can join your Zoom conference, which can lead to unwanted interruptions or something far worse — actual security breaches.

You can set up a Zoom meeting password by navigating to the Zoom website and logging into your account. From there, you can schedule a new meeting and enable the “Require meeting password” option. This will generate a unique password that you can share with your participants to ensure secure access to your meeting.

FAQ regarding a forgotten Zoom password

How to reset a password for a user in your account

If you are a Zoom account administrator and need to reset a password for a Zoom client user in your account, follow these steps:

1. Log in to the Zoom website.

2. Click on “User management” in the left-hand menu.

3. Click on the user’s name.

4. Scroll down to “Password,” and click “Edit.”

5. Enter the new password.

6. Click “Save changes.”

The user will receive an email with the new password.

I can’t reset my password on Zoom

If you are having trouble resetting your Zoom password, there are a few things you can try. First, make sure you are entering the correct email associated with your account. If you are still having trouble, try clearing your browser cache and cookies, and then try resetting your password again.

I didn’t receive a confirmation email

Sometimes, you may not receive the confirmation email from Zoom. This could happen for a variety of reasons, including issues with your email provider, spam filters, or incorrect email address. If you don’t receive the confirmation email within a few minutes, check your spam folder to see if it was mistakenly marked as spam. If it’s not in your spam folder, try requesting another email by clicking on the “Resend confirmation email” button on the Zoom website.

What should I do if the link has expired?

If you clicked on the reset password link in the email and it has expired, you will need to request a new one. Go to the Zoom website and click on the “Forgot password” button. Enter your email address, and then click on the “Send” button. Zoom will send you a new password reset link via email, and you can click on it to create a new password. Make sure to reset your password as soon as possible after receiving the link to avoid it expiring again.

Keep your Zoom password safe with NordPass

In today’s digital age, passwords are an integral part of our daily lives. From online shopping to social media and beyond, we rely on passwords to keep our personal information secure. However, with so many different accounts to manage, it can be challenging to remember every login detail. That’s where a password manager such as NordPass comes in handy. NordPass is a secure and user-friendly password manager that can help you store and manage all of your passwords safely in one place.

With NordPass, you don’t have to worry about forgetting your Zoom password ever again. NordPass securely stores passwords, credit card details, personal information and secure notes in a single place. What’s great about this is that you can easily access your Zoom or any other password from any device using the NordPass app. Everything you store in NordPass is secure thanks to advanced encryption technology.

On top of all that NordPass makes the online experience much more enjoyable. Thanks to autosave and autofill, you will no longer need to worry about coming up with passwords or manually typing them whenever you want to access one of your online accounts. Give NordPass a try and get peace of mind online.

These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.

But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.

What is a business continuity plan?

A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.

Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.

What’s the difference between business continuity and disaster recovery plans?

We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.

Importance of business continuity planning

The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.

Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.

To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.

Business continuity plan template

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Business Continuity Plan Example

[Company Name]

[Date]

I. Introduction

• Purpose of the Plan

• Scope of the Plan

• Budget

• Timeline

The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.

The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.

The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.

The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.

II. Risk Assessment

• Identification of Risks

• Prioritization of Risks

• Mitigation Strategies

The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.

The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.

Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.

The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.

III. Emergency Response

• Emergency Response Team

• Communication Plan

• Emergency Procedures

This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.

The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.

The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.

The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.

IV. Business Impact Analysis

The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.

The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.

V. Recovery and Restoration

• Procedures for recovery and restoration of critical processes

• Prioritization of recovery efforts

• Establishment of recovery time objectives

The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.

The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.

The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.

Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.

VI. Plan Activation

• Plan Activation Procedures

The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.

The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.

VII. Testing and Maintenance

• Testing Procedures

• Maintenance Procedures

• Review and Update Procedures

This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.

Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.

The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.

The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.

What should a business continuity plan checklist include?

Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.

• Clearly defined areas of responsibility

  A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.

• Crisis communication plan

  In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.

• Recovery teams

  A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.

• Alternative site of operations

  Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.

• Backup power and data backups

  Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.

• Recovery guidelines

  If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.

Business continuity planning steps

Here are some general guidelines that an organization looking to develop a BCP should consider:

Analysis

A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.

Design and development

Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.

Implementation

Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.

Testing

Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.

Maintenance and updating

Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.

Level up your company’s security with NordPass Business

A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.

Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.

With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.

In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.

If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.

With the rise of remote working came a surge in cybercrime. Business Email Compromise (BEC) attacks have seen a 150% year-over-year increase, so the odds are not in any business’s favor. However, staying vigilant and educated can protect your company and avoid such attacks. Keep reading to find out the main dangers business email accounts face and get 10 business email security tips.

What is Business Email Compromise (BEC)?

BEC is a type of cybercrime that involves impersonating a trusted business contact, such as a CEO or supplier, in order to trick employees into transferring money or sensitive information to the criminal’s account. These schemes often involve careful research and social engineering to create a convincing ruse.

According to the FBI, BEC fraud has cost companies over $26 billion globally since 2016, and the threat continues to grow. Small businesses are particularly vulnerable, as they may not have the resources or expertise to detect and prevent these attacks.

One example of a BEC scam involved the director of Puerto Rico’s Industrial Development Company, Ruben Rivera, who mistakenly made the transaction of $2.6 million to a fake bank account. In another case, Ubiquiti Networks Inc., the San Jose-based manufacturer of high-performance networking technologies, fell victim to a BEC attack that resulted in a loss of $46.7 million.

As the use of email continues to be an essential aspect of business communication, it is crucial for companies to remain vigilant and take proactive measures to defend against the threat of BEC.

Phishing is the number one email security threat

Phishing is a type of digital scam that is especially common in emails. It’s a form of social engineering where a hacker tries to deceive an employee into believing the email is coming from a credible source. Phishing emails usually have some sort of CTA: it’s like a form of marketing, if you will. Except that phishing CTAs usually involve clicking on a malicious link or revealing sensitive company data to outsiders.

Well, just like any other marketer, hackers employ creative techniques to improve the conversion rates of their scams. The more deceitful the email, the higher the conversion rate. That’s why phishing emails can be difficult to spot at times. Examples of phishing emails include:

• Account verification scam. You may receive a phishing email that looks something like this: “Due to a recent security threat, we would like to ask you to verify your account by signing in through the link below. Failing to do so will result in the permanent deactivation of your account.”

• Fake invoice scam. Hackers may send out emails saying, “We still haven’t received your payment for our services. Please use the link below to complete the transaction.”

• Spear phishing. This is a more advanced and tailored form of phishing that requires hackers to do some research on your company. For instance, an employee may receive an email that looks like it’s coming from a specific coworker, instructing them to visit a website or disclose information.

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Best practices for business email security

Falling for phishing scams can expose your company to data breaches and malware. Taking steps to appropriately ensure the security of your email will help protect your business from phishing and other forms of cybercrime:

1. Conduct phishing awareness training

Emails usually get breached through employee negligence and lack of knowledge. So the first way to increase email cybersecurity is to raise awareness about the main threat: phishing. All employees should receive in-depth training on recognizing and avoiding attempted phishing schemes. The main points to cover here are:

• Becoming familiar with the main phishing schemes

• Being suspicious about unusual requests

• Never clicking on random links received through email

Once employees are familiar with these precautions, your company’s susceptibility to phishing emails will significantly decrease and your business email security will improve in general.

2. Train employees on how to deal with email attachments and suspicious email links

Email attachments and suspicious links are the most common methods cybercrooks use to spread malicious software. Ensure that your employees are well aware of these devious practices and are trained to spot them in real-life situations. With time and a lot of practice, your team will develop a sense for suspicious email links and attachments, which should considerably lower the potential attack vector and significantly improve your overall security posture.

3. Enable multi-factor authentication

You can make your account safer from hackers by connecting your smartphone to your email. Even if the passwords to your email accounts are leaked, no outsiders will be able to access them without having access to the device it’s connected to. All vital business accounts, not just email accounts, should have multi-factor authentication enabled.

4. Avoid using email when on public Wi-Fi

Public Wi-Fi poses massive risks to email security. If it’s unencrypted (which it often is), anybody can connect to the same network. You never know when a hacker will be that someone.

If a hacker intercepts your connection with unencrypted public Wi-Fi and catches you logging into your email, they can steal your email password. It’s best to steer clear of public Wi-Fi altogether, but if connecting to it is necessary, never transmit important data while on it.

5. Avoid using business emails for private purposes and vice versa

Most office jobs these days come with an email address. Some people get the temptation to use the new email address for all sign-ins. Need to sign up for a new streaming service? Well, why not use your brand new business email for that? Everybody else does it, anyway, right?

At first, it might sound like a great idea. Yet using your enterprise email for private purposes and vice versa could cause significant security concerns for you as an individual and the company.

First, using a company email for your personal online activities allows for easier and simpler profiling. Consequently, that could lead to spear-phishing — a targeted phishing campaign or other targeted cyberattacks.

6. Encrypt company email

Encrypting company email using special email security software is a great way to steer hackers away. Encryption ensures that the only people able to view the emails are th
e sender and recipient. If a hacker intercepts an employee’s Wi-Fi connection or email account, they will not see any sensitive data.

7. Set up email security protocols

Email security protocols are immensely important because they provide an extra layer of security to your digital communications. The protocols are designed to ensure the safety of your communications as they pass through webmail services over the internet. Without the aid of email security protocols, bad actors can intercept communication in a relatively easy manner. Please familiarize yourself with different email security protocols and enable them to ensure secure communications.

8. Improve endpoint security

To further fortify your security stance, take action to improve your endpoint security. Often the easiest and most effective way to boost endpoint security is by implementing security tools for company-wide use.

Consider deploying a VPN like NordLayer — a tool that encrypts the internet connection and data transferred over your business network. Antivirus software is another tool that should be used on all business workstations to ensure a proactive defense.

9. Don’t change passwords too often

Password fatigue is a fact of life — today, the average user has about 100 passwords on their hands. Keeping track of all the passwords is a challenge.

The conventional wisdom regarding password security is that you should change your passwords every 90 days. While that might sound like a reasonable security practice, it could lead to simpler and easy-to-crack passwords being used.

If you know that your employees take password hygiene seriously and craft hard-to-guess passwords and that none of their passwords were ever leaked, then they should stick to the passwords they already use. If any password (no matter how strong it is) is leaked or breached — the change should be immediate.

10. Use strong passwords for email accounts

Strong passwords are the backbone of account safety. Yet businesses often fail to secure their emails with strong passwords. If your business is like this, you should know that the easier the password, the easier it is to hack, especially through brute-force attacks. Brute-force attacks are when hackers try to guess a password by flooding your account with thousands of attempts.

To protect your business email from such attacks, ensure everyone in your organization secures their passwords. Secure email passwords are:

• Long

• Complicated

• Contain different types of characters

• Unique (never reused from other accounts)

These points are crucial if you want to ensure the safety of your business. However, passwords that are difficult to hack are also difficult to remember. The last thing anyone would want is to secure their account so well that they couldn’t even access it themselves.

Luckily, the business password manager by NordPass can come to the rescue. If all members of your company use it for their accounts, their emails will be safe, and they won’t need to scratch their heads trying to remember their passwords.

Bottom line

Business email security is never a given. Even though platforms like Gmail or Outlook do their best to ensure the safety of their users, you can easily fall victim to hackers if you don’t actively protect your account. By following these five email security best practices, the chances of getting your business emails hacked will be much slimmer because hackers will likely prefer more vulnerable prey.

The consequences of non-compliance can be devastating.

In 2023, businesses have more to fear than just the formal penalties issued by regulatory or legislative entities. With cybercrime rates at a seemingly all-time high, and even once-trusted cybersecurity companies proving susceptible to breaches, organizations are on high alert.

Failing to comply is more than just a compliance issue or an unchecked box. It can represent an unchecked vulnerability that may give way to a data breach that will have your brand name on consumers’ lips for all the wrong reasons.

That’s why we invited two compliance and security experts to speak on the future and state of compliance. Here’s a short recap of the conversation moderated by Gerald Kasulis, VP of business operations at Nord Security, with:

• Deena Swatzie, SVP, Cyber Security Strategy and Digital Innovation at Truist,

• Joy Bryan, GRC/Privacy Technology Analyst, RNSC Technologies, LLC.

Kasulis asked the panelists astute questions about the implications of adopting tech powered by AI, the current corporate climate, and how businesses can prioritize compliance on a shoestring budget.

Watch the webinar recording in full right now or keep reading to find out three takeaways that will help kickstart or support your compliance agenda this year.

Increasingly savvy consumers will hold businesses accountable

When data breaches happen, usually it’s the consumers who suffer. The consequences range in severity and kind, but whether major or minor, reputational or financial, a violation of one’s privacy through personal data exposure is never a welcome outcome.

As businesses become hyperaware of the likelihood of a data breach, consumers are equally tuned in.

 

Consumers are getting smarter in that [data privacy] space. They’re going to expect more, they’re going to hold companies accountable. And so that’s why your compliance needs to be in place.

– Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

Consumers are more likely than ever to want assurances that their personal data will be kept safe as concerns surrounding data privacy become more mainstream. They want to know how their information will be stored and what measures businesses are taking to protect it.

In today’s climate, trust is a linchpin of customer satisfaction. A recent survey revealed that 71% of consumers are unlikely to buy from a company that loses their trust — which is bad news for businesses that have suffered major breaches.

Meeting compliance standards and earning certifications can be a shorthand for establishing (or re-establishing) customers’ confidence: this ensures that businesses are following the agreed-upon best practices in a verifiable way.

At the end of the day, the buck stops with corporations who collect and store personal data. They will be held accountable for their (in)ability to protect the data they keep.

“Consider yourself as the consumer,” says Swatzie. She suggests that businesses should use the golden rule as a framework — treat consumer data as you would hope and expect yours to be treated.

Additional resources may not be the answer

 

Even when we talk about talent and the workforce, everyone’s immediate response is ‘we need more resources.’ You don’t always necessarily need more resources.

– Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Swatzie explained that it’s important to understand what exactly is required to meet compliance standards so that you can balance what you have with what you need. Here, collaboration between teams is key. Security and compliance initiatives will overlap.

Both experts agree that it’s best to start by looking at in-house tech and talent before making an investment. And on the occasion when you do require an additional resource, like software, be sure that you’re adopting tools that serve multiple functions.

 

I think that whatever platforms and technologies are implemented should have a collaborative feel — where you’re tackling multiple things at once.

– Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

NordPass Business, for instance, delivers so much more than password management. Get a powerful data breach scanner, password health metrics, a detailed activity log, company-wide advanced security settings, and multi-factor authentication.

On the topic of breaches, take solace in NordPass’ zero-knowledge architecture which ensures that only you hold the key to your business credentials and vault items. In the unlikely event of a breach at NordPass, your private information will remain encrypted and out of reach to cybercriminals.

New investments in tech solutions should add value to what many teams are likely to prioritize the most: workflow efficiency. Consider how and whether security and compliance tools speak to that need.

Get into the nitty gritty. Take the time to consider your existing and prospective tools’ full scope to avoid overinvesting in overlapping functions.

According to Swatzie, “Privacy is everybody’s responsibility. Security is everybody’s responsibility. Compliance is everyone’s responsibility.” For that reason, it’s important not to take buy-in for granted with a top-down approach.

Ask yourself: will my team be open to adopting this policy or software? Does it promote or detract from their respective top priorities?

The word of the day is “proactive”

If we had to summarize the experts’ advice in just two words: be proactive. Specifically, on the topic of lessons learned from a turbulent 2022:

 

I would hope that in terms of lessons learned, it allows businesses to be a little bit more proactive in their approach and in their strategies.

– Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

If your compliance and security strategy is only reactive, then it shows a lack of forward-thinking, meaning you’re likely to be continuously caught off guard and lagging behind. Swatzie suggests that compliance professionals and business leaders “put on their auditor hat.”

 

I’m used to being heavily regulated and audited so I’ve learned enough from the auditors to know exactly what they’re going to ask me before they ask me. So going back to what Joy said earlier, be as proactive as possible.

– Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Where possible, brace your business for what’s likely to come down the compliance pipeline by studying the standards themselves. With an intimate understanding of the “spirit of the law” you should be able to intuit what’s next and prepare accordingly.

That being said, it’s not a lack of motivation that leaves security and compliance professionals in a reactive position. When it comes to cyber incidents, board and senior leadership members sometimes struggle to see prevention as the cure — waiting until after an event has occurred to implement more stringent security measures.

To learn more about how to get buy-in from colleagues and management before the fact, read our guide on how to campaign internally for cybersecurity.

Summary

Facing increasingly savvy and appropriately demanding consumers, businesses should understand that they will be held accountable for breaches of personal data and plan accordingly.

But, that doesn’t necessarily mean rushing to acquire additional talent and technological resources. Invest wisely and make it count. In particular, security software should be multi-functional.

Finally, the key to success is in forward-thinking. Adopt a proactive strategy to avoid a constant scramble to respond after-the-fact.

You lightly place your thumb at the bottom of your phone screen and, lo and behold, it’s unlocked instantly. So why can’t we do the same at the bank or when logging in to Twitter or YouTube? Well, soon we’ll be able to do it all. The passwordless future is inevitable and it’s almost here.

At NordPass, we’re thrilled to be creating a passwordless future. But what is passwordless authentication? How does it work? Let’s answer these questions.

Why should we consider going passwordless?

Year after year, we see either “123456” or “password” top our Most Common Passwords List. Millions of people reuse absurdly simple passwords across multiple platforms, even though they are very easy to crack by using a dictionary or brute force attacks. It makes passwords (and the people using them) one of the weakest links security-wise in any company or service.

Weak passwords are just part of the problem. The way we treat passwords is an issue as well. One of the worst password sins that all of us can attest to is reusing passwords. Having a single password to secure multiple accounts is a huge security risk, to put it mildly. In such instances, a single compromised account indicates that all of user’s accounts are essentially compromised as well.

The solution lies in biometric authentication and passkeys, which combined become one of the safest and smoothest passwordless authentication options available.

Passkeys: The key to passwordless authentication

In an age where technology usage continues to rise, the need for secure and efficient authentication methods becomes all the more pressing. Passwords, which have long reigned supreme as a solution for securing online accounts, have over time proven to be unreliable and susceptible to hacking. In turn, many organizations and companies have been looking for new, more efficient, and robust ways to authenticate users.

One organization at the forefront of the effort to go passwordless is the FIDO Alliance. The alliance works with various companies, including NordPass, to develop and promote open standards for passwordless authentication.

According to the FIDO Alliance, the technology set to replace passwords is passkeys. Passkeys are digital credentials that are generated by the user’s device. Usually used in combination with biometric data, such as a fingerprint or facial recognition, to offer an extra layer of security, passkeys provide access to websites and other online services.

What passkeys bring to the table

One of the major advantages of passkeys is that the private key, which is used to generate the passkey, never leaves the user’s device. This makes it almost impossible for attackers to gain access to the key through phishing or other forms of cyberattack. Furthermore, passkeys are almost impossible to hack, making them more secure overall.

Unlike traditional passwords, passkeys are invisible to the user and are never revealed or entered manually.

Going passwordless will also improve user experience. A fingerprint scanner, for example, is a fast and reliable authentication method. It would also mean that there would be no more password reset procedures — IT departments throughout the world will be very grateful. Also, when it comes to biometric authentication, you don’t need to remember anything. You won’t have any Post-its on the computer screen or notes in your planner. You can’t lose, steal, or forget your fingerprint.

Room for improvement for current passkey-based authentication

Right now, passwordless authentication is gaining major traction among such tech giants as Microsoft, Apple, and Google. All of these companies have been introducing passwordless authentication solutions, and in most instances the solutions include the use of passkeys.

However, current passkey-based solutions have a long way to go. At the moment, these solutions limit users to a single ecosystem, which makes it difficult to share them between, say, an Android user and an iOS user. In addition, the current solutions do not offer any kind of sync with password managers.

But this is where NordPass comes into play. We are currently working on integrating passkeys into your favorite password manager.

Introducing passwordless authentication to NordPass

At NordPass, we’re excited to be at the forefront of the passwordless revolution. And by early 2023, NordPass is set to introduce passwordless authentication both for individuals and businesses.

Passwordless access to NordPass

We are currently working on enabling a passwordless sign-in to NordPass. It will be a faster and simpler process than the one now, since it will require a single biometric confirmation. In simple language, this means that you will be able to access your Nord Account and NordPass with a single tap of a finger. You read it right. No more manually entering your Nord Account and Master Password each time you need to log in. Passwordless access to NordPass is set to significantly improve user experience and overall security.

NordPass passkey storage

All NordPass users will have the ability to save passkeys for any website or app in the encrypted vault and use them to access those online services later. With NordPass, you’ll be able to use, share, and sync passkeys between multiple devices and platforms, whereas many passwordless authentication solutions tend to lack such functionalities. This will make NordPass a single place for all of your digital valuables, including passwords, passkeys, credit cards, and other sensitive information.

Passwordless multi-factor authentication (MFA) for businesses

Password-based authentication is still the industry standard. However, due to the inherent vulnerabilities that come with password-based authentication, most businesses face a variety of cybersecurity risks. To significantly reduce the risk of suffering a phishing or an account takeover attack, businesses need to rethink their security approach with regard to access to endpoint devices such as laptops, desktops, workstations, and mobile devices as well as applications that leverage regular passwords or even single sign-on solutions.

With the introduction of passwordless MFA, we’re looking to help businesses improve their overall security stance by eliminating the need for passwords and introducing an authentication method based solely on biometrics.

Passkey integration for online service providers

The world is already moving rapidly towards a passwordless future. Unfortunately, not everyone can adapt smoothly and efficiently. Many small to medium-sized businesses (SMBs) lack the resources and know-how to implement passkey authentication for their users. However, at NordPass we’re ready to leverage our security expertise to make the transition from passwords to passkeys as smooth as possible. We believe that the frictionless user experience offered by passkeys across multiple platforms and devices, combined with superior security, will help your business increase conversion rates, user engagement, and user satisfaction.

You can expect big things as early as 2023. So stay tuned, and be prepared for the inevitable passwordless future – it’s just around the corner.

You’re dozing off to one of your favorite shows on Netflix, and suddenly a notification flashes on your phone. You look down and see a weird message: “Someone signed into your Netflix account at 03:23 in Nigeria.” Odd, because you were asleep at that time – and certainly haven’t been to Nigeria before. Looks like it’s time to change your Netflix password.

Whether you have forgotten your password, want to wrangle Netflix away from your ex-spouse, or just want to update your passwords, this guide will tell you how to easily change your Netflix password.

How to change your Netflix password on desktop

Fortunately, Netflix foresaw the need for expediency when it comes to changing your password – the process is quick and straightforward.

1. Open up your browser and go to the Netflix login page. Once you’ve logged in, bring your mouse to hover over your profile picture in the top right corner. Click on “Account.”

   

2. The first thing you’ll see is a section marked “Membership and billing.” On the right-hand side of this section are a few hyperlinked options. Click on the “Change password” link.

   

3. You’re now on the page where you can reset your password. Before you do, check out our password generator to craft the perfect password that will be extremely difficult to crack.

   

4. There you have it — your Netflix password is now changed. Remember that you’ll need to re-enter this new password on whatever devices your Netflix account is connected to.

How to change your Netflix password on mobile devices

1. Open the Netflix app on your mobile device and log in to your account.
2. Tap the profile icon located in the upper-left corner of the screen and select “Account.” If you are using a tablet, tap “More” at the bottom of the screen and select “Account” there.
3. Now tap “Change password.”
4. Now enter your current and new passwords.
5. Tap “Save” to confirm. The changes should take effect immediately.

How can you reset your Netflix password?

If you have forgotten your Netflix password, the only way to regain access to your account is by resetting your passwords. Here’s a quick guide on how to reset your Netflix password:

1. Visit the “Sign in” page and select “Need help?” which is located below the “Sign in” button.
2. Choose “Email” and enter your email address. Click “Email me.”

   

3. You will receive an email from Netflix with instructions on how to reset your password and create a new one.
4. You can also choose the “Text message” (SMS) option. Simply enter your phone number and select “Text me.”
5. You will receive a text message from Netflix with instructions on how to reset your password and create a new one.

If it’s been years since you last had to reset your password, don’t worry: all hope is not lost yet! In the above image, you can see the option at the bottom that says “I don’t remember my email or phone.” Click on it.

Now, you can enter your personal and payment details to reset your password. Netflix’s UI is intuitive enough to make resetting the details of your account effortless. Just follow the on-screen instructions, and you’ll have a new password in no time.

Invest in a password manager

This is the most guaranteed way to never have to worry about your passwords again. NordPass can automatically generate top-tier strength passwords, store them in an encrypted vault, and then autofill them to whichever account it’s associated with. The unnecessary hassle of memorizing and creating passwords will be a thing of the past. With NordPass, online life is smoother and safer.

NordPass 4.37 (latest)

We’ve waved bye-bye to some pesky bugs and have also spruced up the place a touch – enjoy!

NordPass 4.36

We’re starting off 2023 on the right foot with a release that’s faster and more reliable. Stay tuned for some bigger announcements!

NordPass 4.35

No major updates this time, just a new and improved app release with some under-the-hood performance upgrades – enjoy!

NordPass 4.34

We’re happy to present you with a new release. Here’s what we’ve got this time:

• DESIGN CHANGES TO ITEMS. We updated how your item details are displayed. Hope you’ll like it.

NordPass 4.33

Building good things takes time. So since the last release, we have mainly focused on catching and eliminating pesky bugs.

NordPass 4.32

This time we’ve waved bye-bye to some pesky bugs and have also spruced up the place a touch – enjoy.

NordPass 4.31

We’re happy to present you with a new release. Here’s what we’ve got this time:

• AUTOFILL DISABLEMENT ON WEBSITES. You can now disable autofill on any page that you don’t want to fill your details. It won’t reset when you refresh the page but you can turn it back on at any time.
• BUG FIXES.

NordPass 4.30

Here’s what you’ll see in the new NordPass release:

• ONBOARDING UPDATE. New users will be greeted by a refreshed onboarding experience that will help them familiarize themselves with NordPass.

NordPass 4.29

No major updates this time, just a new and improved app release with some under-the-hood performance upgrades – enjoy!

NordPass 4.28

Building good things takes time. So since the last release, we have mainly focused on catching and eliminating pesky bugs.

NordPass 4.27

This time we’ve waved bye-bye to some pesky bugs and have also spruced up the place a touch – enjoy!

NordPass 4.26

No big announcements from us this time. However, we hope you’ll still enjoy an updated NordPass version with fewer bugs and better autofill.

NordPass 4.25

Our bug busters have been working hard since the last time you heard from us. That’s why today we can proudly present another NordPass release with even fewer bugs. We hope you’ll like it.

NordPass 4.24

Building good things takes time. So since the last release, we have mainly focused on catching and eliminating pesky bugs.

NordPass 4.23

We’re happy to present you with a new NordPass release. Here’s what we’ve got this time:

• UPDATED PASSWORD INFO. Now you’ll get more guidance on making your passwords more secure. Open any of your passwords, and you’ll see whether it’s been reused on other accounts or it’s too old and needs changing.
• BUG FIXES. Rome wasn’t built in a day. Therefore, we continuously aim to catch pesky bugs and provide you with the best password management experience.

NordPass 4.22

Here’s what you’ll see in the new NordPass release:

• SWITCH ACCOUNT. A long-awaited feature is here! If you have a few NordPass accounts, like personal and business, switching between them will now be a breeze. Just click on your profile account and look for a “Switch Account” button.
• LITHUANIAN LANGUAGE. For our Lithuanian friends out there, you can now use NordPass in your mother tongue. Simply head to Settings to change the language.
• BUG FIXES.

NordPass 4.21

Our bug busters have been working hard since the last time you heard from us. That’s why today we can proudly present another NordPass release with even fewer bugs. We hope you’ll like it.

NordPass 4.20

We’re happy to present you with a new NordPass release. Here’s what we’ve got this week:

• CARD PIN. From now on, you can also add your PIN when saving card details. Don’t worry; it won’t be autofilled. It’s for your reference only.
• DELETE CLIPBOARD SETTING. When you copy your password or other item data, it’s normally saved in the clipboard. To avoid pasting it somewhere you didn’t intend; you can now choose the clipboard to clear after a set time.
• BUG FIXES.

NordPass 4.19

It’s international women’s day! So we want to take this opportunity and say thank you to all the beautiful women who tirelessly work at NordPass. It wouldn’t be the same without you.

P.S. We mainly focused on fixing bugs this time, so we hope you like a better running app.

NordPass 4.18

Here’s what you’ll see in the new NordPass release:

• SUBDOMAIN SORTING IMPROVEMENTS. From now on, if you have multiple items saved for one domain, the account with the matching subdomain will be shown first.
• BUG FIXES.

NordPass 4.17

Did you know that January has a Blue Monday – the most depressing day of the year? The good news is it’s over. But if you’re still feeling a little bit blue, here’s a few things we’ve updated to hopefully cheer you up.

• Safari import. You can now import passwords saved in Safari straight to NordPass.
• Data Breach Report update. If your password appears in a Data Breach report and you update it on the website, select “Resolve” and the same details won’t appear next time you run the report.
• Bug fixes. Caught many annoying bugs that hinder your experience.

Some write songs, some dedicate sonnets, some built monuments. We create release notes to honor each update of NordPass app for Windows, macOS and Linux. A single click of that magical “Update” button unlocks the newer, faster, better-performing world of stress-free password management.

NordPass 4.16

As Christmas is over, it’s time to make some New Year’s resolutions. But why wait? We want to become a better, smoother-running, and more user-friendly app now. We have strived for perfection since NordPass was launched, and this week is no exception. So we present you a new NordPass version with fewer bugs and more Autofill fixes.

NordPass 4.15

A good beginning makes a good ending, so why not start a week with a new NordPass release? Here’s what we’ve got this week:

• BREACH SCANNER UPDATE. If your password was leaked in a data breach and you’ve reused it on other accounts, a new ‘Accounts at risk` tab will appear. There you’ll see a list of accounts that may be vulnerable. Don’t wait for a second and change their passwords to prevent cyber attacks.
• AUTOFILL UPDATE. We’ve fixed a ton of autofill bugs so you’d have a smoother autofill experience on even more websites.

NordPass 4.14

We know that sometimes life throws challenges right at you. At those times, the last thing you want to think about is how and where to access your passwords.

That’s why from now on, you can give emergency access to your passwords and other items. Choose a person you really trust and invite them to be your emergency contact. Once they accept it, you can give them access immediately or wait for 7 days to be given automatically. Note: You can only give emergency access to another NordPass user with a Personal or Family plan.

NordPass 4.13

Trick or treat? Who are we kidding? It’s always just treated here at NordPass. So here’s our Halloween treat to you – a brand new NordPass release. Don’t worry, nothing to be scared of—just a smoother running version of your password manager.

NordPass 4.12

Tired of too many emails and banners? We get you, and we want to improve our communication with you. That’s why from now on, a lot of important information will appear as in-app notifications. So if you open the app and see a red dot next to a bell icon, just know that it’s something important from us to you.

P.S. We also solved a number of bugs.

NordPass 4.11

Getting your data stolen isn’t nice. But if that happens to you, it’s important to identify the stolen information and act quickly. That’s why with this release, Data Breach Scanner has gone even better. How?

If your data has ever appeared in any breach, you can now use the Breach Scanner to identify not just what type of data was leaked, but also see it in plain text. This includes passwords, your address, social security number, birth date, and other data types.

In addition to all this, we are continually working to improve one of our core features – Autofill. So expect to see more websites working flawlessly with NordPass.

NordPass 4.10

Can’t find tools to improve your password security? We got you. You’ll find security tools such as Password Generator, Data Breach Scanner, and Password Health in the sidebar from this release. More accessible to access and easier to use.

We also solved some pesky bugs to make your NordPass experience more enjoyable.

NordPass 4.9

What do you have in the box this time NordPass? Well, let me see…

• Title and website address suggestion. That’s right, now when creating a new item, you only need to enter a few letters in the Title or Website address fields, and NordPass will suggest filling it with one of the thousand popular websites.
• Spanish and Italian languages are now available on the NordPass extension.
• Bug fixes, bug fixes, and more bug fixes.

NordPass 4.8

It’s August my friend. And you know what August is good for? Learning new languages.

Hablas español? Parli italiano? If you do, lucky you. Because you can now use NordPass in Spanish and Italian. Enjoy!

NordPass 4.7

Did you know that no one else has the same fingerprint as you? That’s why it’s the most unique password you can have. Dedicated Mac users, this release is for you. Yes, you can now sign in to your NordPass app with a fingerprint. Feeling like James Bond yet? We are!

P.S. We also solved a ton of pesky bugs to make your experience smoother than ever.

NordPass 4.6

Dear bugs, it’s time. Time to say goodbye. It won’t be the same without you. It will be better. The password managing experience will be much greater now.

NordPass 4.5

It’s officially summer, NordPass people! (Or winter, if you live in the southern hemisphere.) Wherever you are, we hope it’s sunny so that you can enjoy the brand new release. Here’s what we’ve got:

• MULTIPLE ITEM SHARING. Sharing is caring, right? Well, now you can select multiple items and share them all at once. Easy peasy. Just always make sure you trust the people you share your credentials with.
• PASSWORD GENERATOR HISTORY. You know that moment when you create a super-strong password with the NordPass Generator and forget to save it? Yeah, we’ve been there too. That’s why you’ll now see a little clock icon in your Generator where you can check your previously generated passwords.
• BUG FIXES. And, of course, we won’t release a new NordPass version without getting rid of as many bugs as possible.

NordPass 4.4

“Speed” was the main keyword at NordPass this week. So what to expect in this release?

• Updated designs so you could find your passwords or any other items at the speed of light.
• Tons of bug fixes and maintenance work so that your app would work faster than ever and would be as pretty on the inside as it is on the outside.

NordPass 4.3

Don’t worry if you missed the chance to get NordPass Premium for less. The Summer Kick-Off Sale is here! Use this offer to get access to all the amazing Premium features.

Also, we have a little something for our Business users. From now on, all members who are added or removed from groups will be notified by email.

NordPass 4.2.18

Hello, world! We’ve prepared a nice little juicy pack of updates – just for you. Please give a warm welcome to:

• Double EXTENSION-upgrade: from now on, not only it speaks German fluently but also is available in Dark Mode. Ready to give some rest for those sore eyes?
• A new ge-ne-ra-tion for stronger passwords! Check out the PASSWORD GENERATOR to enjoy shiny new looks and (finally!) PASS-PHRASES for nice-and-strong-memorable-passwords.

NordPass 4.1

We are working hard on bringing Dark Mode to the NordPass extension. In the meantime, we are also doing some good old maintenance work. So expect to see some design changes in the browser extension and forget the existence of annoying bugs.

NordPass 4.0

Today is the day! You know what we are talking about. You asked for it; we delivered it. And oh boy, how good it looks! You’ll believe it once you see it.

OK, we recommend sitting down for this one. Then open your NordPass app, update it to the newest version and enjoy the shiny new DARK MODE.

And if that doesn’t impress you, well, then we have more news. You can now use NordPass in German. Whether it’s your mother tongue or just want to polish your German skills, you can now change your language preference in Settings.

NordPass 3.31

This time we’ve got many design changes to make your life easier. So let’s get to it. Here’s what you’ll see in this release.

• TOAST MESSAGES UPDATE. Some of the success messages, such as when you import items or update your app, were outdated, so we made them easier to understand.
• MULTISELECT REWORK. We noticed that the sorting option was missing when multiple items were selected. We introduced this option and changed long-winded buttons to visually pleasing icons.
• BROWSER EXTENSION UPDATE. You can now access Tools from the NordPass extension, including the Password Health and the Data Breach Scanner.

NordPass 3.30

Are you ready to switch off the lights? Because Dark Mode is coming very very soon. We are working hard to make sure everything looks perfect for the release. A few more things, and we are done. Keep your eyes peeled.

In other news, we fixed some annoying bugs we found in Groups and took care of other bugs.

NordPass 3.29

Sometimes what we do is either too difficult to explain or too difficult to see. Yes, you guessed it. This week we put all our effort into finding and getting rid of bugs. We hope we’ll have something more exciting for you next week.

NordPass 2.34

NordPass has gone through some serious spring cleaning with this release. Why do we say so? Here’s what we did:

• B2B GROUPS BUG FIXES. It’s new, fresh, and now with fewer bugs.
• APP BUG FIXES. We’ll never give up on perfecting NordPass.
• EXTENSION DESIGN REWORK. So much better looking now! You have to see it to believe it.

And something exciting is coming up very soon. So stay tuned. 😉

NordPass 2.33

This time, we’ve got good news for Business users. Let us introduce GROUPS. Admins and Owners can now assign members to groups and share passwords with a number of people instantly. Think, your finance department sharing login details every accountant needs to access.

Anything else? Of course, we got rid of more nasty bugs.

NordPass 2.32

Happy April Fool’s! Stay vigilant, and don’t get tricked by any hackers. Keep your passwords safe with an updated NordPass app. Here’s what we’ve got this time:

• CHANGES TO MASTER PASSWORD CREATION. Now it’s easier to understand what that mysterious Master Password is and how it is different from your Nord Account password. BUG FIXES as usual.

NordPass 2.31

It’s spring! Flowers are blooming, birds are chirping, and NordPass is releasing another update. In this release, you’ll find: KEYBOARD SHORTCUTS. You can now use CTRL + F to search your items and CTRL + L to lock your app instantly. BUG FIXES. No bugs allowed here.

NordPass 2.30

NordPass bug hunters strike again. Yes, you guessed it. We got rid of more pesky bugs so you could enjoy an even smoother experience with NordPass. That’s it for now!

NordPass 2.29

“Could NordPass be any better?” asks our team every single week. And the answer never changes. YES, it can!

But it’s not always about new features and crazy advancements. Sometimes it’s all about perfecting those nitty-gritty details. So this week, we say another goodbye to a bunch of bugs. Bye, we won’t miss you.

NordPass 2.28

Another week, another release of a better, faster, and more secure NordPass app. And for this we say a BIG thank you to our bug hunters (aka developers). You guys rock.

NordPass 2.27

If NordPass was a dog, what would he say to a flea?

• Stop bugging me.

The good news NordPass doesn’t need to endure nasty bugs. Bye-bye, bugs. We don’t wanna see you no more.

NordPass 2.26

Ready, set, new release! What can you expect to see in the new and shiny NordPass 2.26?

EXTENSION REWORK. Updated, upgraded, and overall better-looking browser extension. But what did we actually do? Well, we just made it even more similar to your desktop app, meaning more functional and easier to use. Voila!

BUG FIXES. Can you tell we don’t like insects? No bugs are allowed in our app. Yuck.

NordPass 2.25

It’s a very special day today. We thought about it over and over again. We were constantly considering, overthinking, and having sleepless nights about it. We even visited a fortune teller to ask if you’ll like it, or not. Yet still, our developers were nervously (but carefully!) coding that code.

And here it comes. A sincere love letter. In PDF format. Containing your Recovery Code. Save it, delete it, save it again, print it – do whatever you want, but please, keep it safe. And don’t show to anyone else! It was created from the bottom of our hearts to express how much we LOVE YOU.

Take care!

And don’t forget to update the app to get those extra bug fixes.

NordPass 2.24

Once upon a time, in a faraway land, a password manager named NordPass lived. His goal was to become the best password manager that there ever was. And he did it one release at a time.

He proudly presents his latest achievements:

• AUTOSAVE AND PASSWORD EDIT UPDATES. Now it will be easier to understand when NordPass is prompting to update an old password or when it is offering to save a new one automatically.
• HELP SECTION ADDED TO SETTINGS. If you need help using NordPass, head to Settings to be directed to the Help Center.
• COPY CHANGES. Salvador Dali might have said not to fear perfection as we’ll never reach it, but we’ll still give it a good go.
• BUG FIXES. No need to call the pest control officer; we got it fixed.

NordPass 2.23

AbraCadabra boom! No, it’s not magic. It’s just your passwords and personal information filling in quicker and smoother than ever before. Bye-bye, annoying bugs who tried to stop you. What else can you expect in this release?

• ONLINE/OFFLINE INDICATOR appears in the NordPass extension.
• COPY CHANGES to make the app easier to navigate.
• MORE BUG FIXES.

NordPass 2.22

New Year, new NordPass release. Here’s what you’ll see in the latest version:

• EASIER LOG IN WITH NORD ACCOUNT. We tweaked the steps you take logging in to NordPass for a smoother experience.
• BUG FIXES, because no one likes bugs.
• RECOVERY CODE PDF. You will now be able to download your Recovery Code in PDF. Keep it somewhere safe. 😉

NordPass 2.21

Yeah, Christmas will be different this year. But we’ve still got something to spread a little cheer.

In this release, you will see:

• ICONLESS ITEMS STYLING. Your passwords that don’t have dedicated icons will light up in a variety of colors.
• BUG FIXES. Well, it cannot be called a release without bug fixes, right?

NordPass 2.20

“You guys give up? Or are you thirsty for more?” – Kevin, Home Alone, 1990

That’s the NordPass spirit, Kevin! We’ve got more:

• Design changes. Yes, the sky’s the limit for our designers, sorry.
• Password Generator update. Did we mention that it’s important to have long and unique passwords?
• Browser extension update. Easier to understand, prettier to look at.

NordPass 2.19

I don’t want a lot for Christmas
There is just one thing I need
I don’t care about the presents
Underneath the Christmas tree

Don’t want NordPass for my own
More than you could ever know
Making this wish come true
Giving a bug-free NordPass for you

P.S. Thanks Mariah Carey for inspiration.

NordPass 2.18

NordPass has turned 1 year old this week. Just on time for Thanksgiving, can you believe it? And we can honestly say this year we are the most grateful for YOU, our dear NordPass user. You, who believed in us and drove us to release one update after another.

So here’s one more. Full of even more design edits, bug fixes, and love:

• LOGINS TURN TO PASSWORDS. Now all across the app, you’ll see the term “Password” instead of “Login” because it’s just easier to understand.
• CHOOSE FOLDER WHEN AUTOSAVING to organize your passwords there and then.
• RENEWED IMPORT. Importing passwords in bulk is now easier than ever.
• MINOR DESIGN CHANGES because, let’s be honest, who doesn’t like a good-looking app.
• NORD ACCOUNT DEEPLINK FIXES. No more accidental logouts when you use NordVPN and change your IP.

NordPass 2.17

Xmas is in less than 35 days. You’re welcome.

In other news, our designers, developers, and copywriters are presenting you with another brand new update. This time we fixed the annoying-forever-loading spinner, made minor changes to the way you see your items’ details, and updated the copy to make your app even more easier to navigate. Until next time 😉

NordPass 2.16

We know you have better things to do (like keep up with the news on the current presidential election. Yikes, so intense!). So we thought, ‘who are we to bombard you with more messages?’. Poof! Your login and logout messages are gone.

To make your day a little bit brighter, we also made some improvements to your items layout. And we can describe it with just one word – SLEEK. You’ll believe it when you see it 😉

And NordPass update wouldn’t be an update without bug fixes. We did the dirty work and crushed them once again.

NordPass 2.15

Trick or treat? Treat, always. We might be a few days late to any online Halloween party, but, to make up for it, we are bringing new treats to your desktop app:

• ADD ITEM IN FOLDER. You can now add items straight from your folders. Easy, breazy, and all your items are organized.
• ITEM DETAILS FIXES. “There is no limit to perfection!” screams the NordPass design team. Your items will now look more beautiful than ever.
• OTHER LITTLE BUG FIXES. Little bugs and spiders might fit the Halloween theme, but they don’t look good in your NordPass app. We got rid of them to make your experience smoother and safer.

NordPass 2.14

Providing high-quality password-managing experience, routine maintenance and working under-the-hood is just as essential as releasing a new shiny feature. So nothing grand this time — just the usual bug-fixing and design-improving business. We’re packing and sending best wishes along with app improvements your way!

NordPass 2.13

• BUG FIXES. Sometimes you couldn’t scroll down to the end of your passwords list. You simply couldn’t. The good news is that we did some magic tricks, so now you can.
• BUG FIXES. We’ve also changed the font style, the button style, and the spacing style in the context menu of your passwords list (not exactly a bug, but we wanted to keep the release notes in style).
• BUG FIXES for everyone.
• BUG FIXES. Sometimes you couldn’t scroll down to the end of your passwords list. You simply couldn’t. The good news is that we did some magic tricks, so now you can.

NordPass 2.12

When life gives you Monday, we release the app update. Let’s see what we’ve got:

• IN-APP NOTIFICATIONS sometimes were over-competitive and tried to overlap each other. Someone smart once said that the best way to kill competition is to partner it. So after some inspiring conversations about team spirit, the attitude was fixed – all notifications now act super friendly.
• DESIGN BUG FIXES. Yes, sometimes bugs may look stylish. Even pretty. They are still bugs – and they are out now.
• PASSWORD HEALTH IMPROVEMENTS. The development department was very excited about changing something with the algorithm. All I know is that the health of your passwords will be calculated even more accurately. I only write release notes – please don’t judge me. And have a nice day!

NordPass 2.11

Hey there! How are you? Ready for the update? Let’s go:

• BREACH REPORT. This one feels like a lottery. By clicking a ‘Scan’ button, you can find out if any of your accounts were ever caught in data breaches. However, it probably is the first lottery where it’s better not to ‘win’ anything.
• DESIGN IMPROVEMENTS. They see you scrollin’, they hatin’, – because scrolling with that new scroll bar has never felt so good. Just give it a go.

NordPass 2.1

Another week – another update. Let’s roll!

• DESIGN IMPROVEMENTS. Yes, we did it again. We’ve played with UI, got lost in perfecting the details. Oh, baby baby. Yes, the item lists now look neat, the font is sent from above. It all looks perfect now!
• PERFORMANCE IMPROVEMENTS. Let’s be honest – after entering your Master Password to unlock the vault, the app window was getting overexcited and moved all over the place. Not that it was a bad thing – but those moves really weren’t good. So, we’ve sent the app to some dancing classes. The result – the app learned some solid, stylish but still moves – more like JLo style.

NordPass 2.9

Faster than light.
Supersonic.
Fleet-footed.
Pronto.
Winged.

We’ve spent hours trying to find the right word to describe the improved speed of opening your passwords (and other items) in the vault, but none of them was good enough. They say that action speaks a thousand words, so enjoy viewing your items at full speed.

NordPass 2.8

Passwords are more human-natured than you could possibly think. They need a safe and cozy place to stay. Most of them eat well (cheat days included 😉 ) and constantly work out to become faster and stronger. However, sometimes they also may feel weak and unwell, so regular health check-ups are crucial. Luckily, we’ve found an easy way to maintain their well-being – set up a password health checker in the app. Take a chance to make your precious passwords happier (and accounts safer) without leaving the house.

Stay safe, everyone!

NordPass 2.7

The idea of throwing this party came out of thin air. Why not, we thought – work hard, party harder, right?

So we’ve ordered lots of food and drinks (everyone was curious seeing what new employees look like when they’re drunk), brought in a magical photo booth (making selfies was too mainstream), and prized trivia (to avoid awkward silences), and live music by our beloved DJ “Vibe Manager”.

Time flew, the party’s got in full swing (no one seemed to be running out of things to talk about – phew). Even NordVPN and NordLocker stopped by. After a not-work-related heated discussion about data privacy and online security, they promised to join our “Tools” department. Like, forever.

Autofill department surprised everyone with funky moves – those icons felt like dancin’ till the break of dawn. It was fun until the ‘fun’ went out of control – and out of login fields. Luckily, after taking a chill pill, everything’s got back in order.

By the way, some unwanted URL spaces were trying to crash both the party and the app. That’s kind of rude, so we’ve asked them to leave.

We’ve finished with a small team-building session with cleaning the office – it’s now nice and clean – and so is the app (we hope so).

That’s it – peace out!

NordPass 2.6

Our engineers are all about perfection. They literally were calculating coordinates for pixel-perfect autofill icons placement. However, some “wind of change” has happened, and those icons ended up finding their home OUTSIDE the login fields. Sorry for that – this unforgivable mistake was fixed.

Also, some sneaky, crawly, totally gross bugs were caught and removed. The app is much better without them – enjoy!

NordPass 2.5

This release contains some behind-the-scenes magic, usual tinkering-under-the-hood and minor design tweaks. By hitting the “Update” button, you will get one step closer to top-notch password-managing experience. Stay well!

NordPass 2.4

They say – small changes make a big difference. Behold – the update with a bunch of app upgrades is here. Let’s see what we’ve got here:

• VISUAL IMPROVEMENTS. Mirror mirror on the wall, who is prettiest of them all? Well, our designer’s brush made some magic tweaks, so the answer is clear now – it’s those tiny cute little app icons. Lookin’ good!
• APP LOADING FASTER. Need for speed? You’re welcome! Fasten your seatbelt and put the pedal to the metal – the project “Make the app faster” was completed successfully.
• BUG FIXES. Dear sneaky bugs, thanks for visiting, farewell, let’s never meet again.

On December 22, 2022, LastPass announced that a data breach first disclosed in August 2022 was far more extensive than initially thought. The news sent shockwaves through the industry, leaving many password manager users — especially LastPass users — concerned about the security of their sensitive information.

The breach serves as a stark reminder that no online service provider may be completely bulletproof breach-wise. So today, let’s get into the LastPass data breach and what it means for NordPass users.

The LastPass data breach breakdown

Cybercriminal activity has been on a steady rise for the last decade, and it looks that the trend is not about to change. In fact, today, cybercrime is the most lucrative criminal activity and is estimated to cost the world $10.5 trillion annually by 2025.

So as our personal and financial information is increasingly getting stored online, it is critical that companies take all necessary steps to protect their customers’ data. Unfortunately, the recent LastPass data breach shows that even well-known companies can fall short security-wise.

The company’s latest statement explains that an unauthorized party was able to access LastPass’ cloud-based storage environment and copy customer vault data along with information from a backup of customer account information.

The extent of the breach is not yet clear, but it is likely that it included some personally identifiable data such as email addresses, phone numbers, and billing information for some users.

The response from LastPass to the breach has been met with criticism from both industry experts and customers. In fact, it has already led to a class-action lawsuit, with one plaintiff alleging that the data breach resulted in the theft of around $53,000 worth of Bitcoin.

Did the LastPass data breach affect all password manager users?

Let’s be clear — the LastPass data breach does not have any direct effect on NordPass, its users, or users data.

After all, we’re two different companies and products with completely different security approaches and mindsets. However, we admit that seeing a competitor affected by a breach of this magnitude is an acute reminder to stay vigilant and prepared at all times.

Is NordPass a secure place for your digital valuables?

Given the severity of the LastPass data breach, it’s only natural that people are questioning the security of their password manager, including NordPass.

First, one of the key elements of NordPass is that it is a zero-knowledge password manager equipped with an advanced encryption algorithm known as XChaCha20 to ensure protection of everything you store in NordPass.

This means that all data stored in the NordPass vault is first encrypted on your device and only then sent to the cloud-based server. Because of the way NordPass is set up, it is only you — the user — who holds the decryption key and has access to everything stored in their vault.

The NordPass team can’t see or access anything. The same principle applies in situations of breaches. Even if a bad actor were able to get their hands on your vault data, they would still need your device, which holds the decryption key, to access the actual contents of the vault data.

NordPass CTO Tomas Smalakys offers a more detailed explanation:

Each NordPass user has a unique public-key cryptography key pair. The Public Key is always stored in plaintext form. The Private Key, on the other hand, exists in plaintext form only on the user’s end device for a limited period of time and never leaves it.

When we need to store a user’s Private Key, it’s encrypted with secret-key cryptography (XChaCha20-Poly1305-IETF) on the user’s device and only then passed to us. While the app is unlocked, the unencrypted Private Key is stored in the secure memory accessible only to the NordPass application. When the application is locked, either by the user or automatically after a set period of inactivity, the Private Key is deleted from the secure memory.

For the user’s Private Key encryption, the Master Key is used. The Master Key is derived from the Master Password and a 16-byte unique-per-user cryptographic salt using the key derivation function (Argon2id). We ask the user for the Master Password every time we need to decrypt the user’s Private Key.

 

– Tomas Smalakys

NordPass CTO

Tomas further explains that in addition to the encryption principles above, every item (folder, password, credit card, etc.) has two types of data:

• Metadata (title, website address, cardholder name, etc.)

• Secret data.

For secret-key (symmetric) cryptography, we use an authenticated encryption algorithm:

• XChaCha20 stream cipher encryption.

• Poly1305 MAC authentication.

For public-key (asymmetric) cryptography, we use an authenticated encryption algorithm:

• X25519 key exchange.

• XSalsa20 stream cipher encryption.

• Poly1305 MAC authentication.

User data is encrypted on their devices and never leaves the device in plain text. This means that when the data is in transit or at rest, it is fully encrypted. In the database, both metadata and secret data is encrypted. This means that if bad actors are able to get access to the database or any of its backups, no user data can be accessed.

Furthermore, at NordPass, we feel that due to the nature of our product, our security practices should be transparent. Both NordPass and NordPass Business have had their security posture thoroughly audited by Cure53, a renowned German auditing firm.

NordPass Business has also successfully passed the SOC 2 Type 1 Audit, which ensures that NordPass Business provides proper security controls to manage customer data and protect their interests with regard to privacy.

All these measures help to ensure that the sensitive data stored in NordPass vaults is protected at all times. However, these days bad actors are creative and no longer function as a one-person operation. So it’s always important to be vigilant with your own security and use strong, unique passwords for each account as well as enable two-factor authentication whenever possible.

Bottom line

It remains to be seen how the LastPass breach will impact the company and the password management industry as a whole, but one thing is clear: it has shaken user trust and serves as a cautionary tale for the importance of data security.