It’s bad enough that you have to remember passwords for your own social media, email, and other accounts. Then you go to work and have another whole set of passwords you need to know. But Zoho Vault has both situations covered. This password management tool lets you keep business and personal logins separate, and includes business-friendly user management and collaboration features.

Many password managers offer a free edition with stringent limits, such as no more than 10 passwords, or no multi-device syncing. Zoho’s free edition puts no limits on passwords or devices, but it omits the multiuser features and a few other advanced features. The Standard edition, reviewed here, costs $1 per month, and is well suited for individual or family use. With a price of $4 per user per month and a minimum of five users, the Professional edition means business. Its advanced features include automatic password changing for 50 popular websites and an emergency mode that lets the master administrator gain access to every nonpersonal password for a limited time. At the top tier, the Enterprise edition ($7 per user per month) adds big-business features such as Active Directory integration and single sign-on.

The price of the Standard edition, which comes to $12 per year, is quite reasonable. LastPass used to go for the same rate, but that cost doubled earlier this year. Sticky Password costs just under $30, while Dashlane and LogMeOnce Password Management Suite Ultimate both go for almost $40 per year.

Zoho Vault is just one of several dozen applications supplied by Zoho. Most are business-focused, things like project management, bookkeeping, and email. However, they’re all free to individuals for personal use. As with Zoho Vault, the free editions tend to omit central administration and other business-specific features.

Getting Started

Starting a new Zoho account is a snap. You just enter your email and a password for the new account, then click a link in the confirmation email. Don’t worry about the prompt that asks whether your business already has an account. When you click No, the next page clarifies that, for personal use, you just enter your own name. The final step is to create a passphrase specifically for Vault, separate from the Zoho account password. Note that during the trial period you have access to all features, so you don’t have to commit to a subscription right away.

Zoho will prompt you to “start saving secrets” but there are a few things you should do first, for convenience. If you’re moving from a different password manager, you can import your existing passwords. Zoho imports from LastPass, Keeper, KeePass, Roboform, True Key and quite a few others. You can also import a CSV file containing password data. However, Zoho doesn’t import passwords stored in your browsers. You’ll want to transfer those yourself, and then you should turn off browser password capture, too.

There’s an option for offline mode, which simply saves your data as a local encrypted HTML file. You log into it just as you would your online account. With a paid account, you can also set Zoho to periodically email you a backup of your encrypted data.

Next, install the Zoho extension in your Chrome and Firefox browsers, which work under Windows, macOS, or Linux. New since my last review, there’s also an extension for Safari, and a Windows Store app. The browser extension gives you the expected password capture and replay features. If you’re using some other browser, or if you’re using a machine that doesn’t permit installing extensions, you can add a Login button to click. This button lives on the bookmarks toolbar. You click it to autofill existing credentials for the current website, much as you do with Intuitive Password

SecurityWatch

When you don’t have a browser extension available, perhaps because you’re using Internet Explorer, the process is different. You log in to the Vault online, click the link for the desired login, and finally press the Click-to-login button in the bookmarks toolbar. You can log in to your Zoho Vault from any browser, on any platform. Of course, if you don’t have a browser extension or login button installed, you’ll have to enter your credentials by copying and pasting.

Zoho offers apps for iOS and Android. Both include an internal browser that launches by default when you tap one of your saved logins. On Android, Zoho can fill in credentials in other browsers, and in apps. Those using it on iOS must either accept the internal browser or copy and paste credentials.

Enhanced Security

Like Sticky Password Premium

two-factor authentication. Once the administrator turns on this feature, at the next login each user must enter a phone number and choose to receive authentication information via SMS or phone call, or through Google Authenticator. Thereafter, the first login on a new browser or device will require both the password and a verification code.

Zoho Vault Two-Factor

Of course, this process could break down if you have no cell reception, your battery is dead, or your phone is lost. Don’t worry. As part of the setup process, Zoho creates a handful of backup codes for login. These one-use codes let you bypass smartphone-based two-factor authentication in an emergency. The company recommends keeping these in a safe place. If you use them up, or lose them, you can generate more using the online console.

Chambers and Secrets

Zoho supports several other types of stored secret data, among them Bank Account, Health Care, and Windows login. However, Zoho doesn’t use these entries to fill Web forms.

You (in your capacity as administrator) can also create custom types. This is more likely to be useful in a business setting. Each secret type can have as many data fields as needed, and you can flag those that are mandatory.

As noted, you can enter tags for each secret as you capture it, or add them later in the editor. Tags can help narrow the search if you have a lot of secrets. You can also define as many such “chambers” as you like. These function much like folders in other products, except that a secret can belong to multiple chambers. New in this edition, you can create nested chambers. Nested folders in LastPass and a few others become nested menus that appear when you click the browser extension. That doesn’t happen with Zoho.

Password Generator

I didn’t see Zoho’s password generator at first. It’s represented by a simple key icon next to the password field in the editor. Clicking it immediately replaces the password with a new, random password matching the selected password policy.

Zoho defaults to the predefined Strong policy, which requires passwords to be from 8 to 14 characters in length, using all character types. Settings include a few unusual ones, like forcing passwords to start with a letter, and listing characters not permitted in passwords. You can define your own password policies; I’d recommend creating a super-strong policy that raises the minimum password length to at least 12, and the maximum to at least 16.

LastPass, RoboForm 8 Everywhere, and many others let you configure the password generator right where you’re using it, and they also rate the strength of the created password. I prefer this to Zoho’s system that separates password policy from password generation. Note, though, that in a multiuser situation Zoho lets administrators enforce password policies that mere users can’t change.

Zoho Vault Strength Report

New since my last review, Zoho offers a password assessment report. Like the similar feature in LastPass 4.0 Premium and Dashlane, it lists all your passwords, from weakest to strongest. It also reports on specific problems including passwords that contain dictionary words and passwords that haven’t changed for a long time. As expected, the report flags duplicate passwords. Zoho also flags what it calls recycled passwords—ones you’ve used before. My report was pretty dismal, because many of my sample logins were fakes. Oddly, Zoho did not flag the password “password” in the dictionary words category.

Sharing and Transferring Secrets

LastPass, Dashlane, and a few others let you share credentials with other users of the program. The mechanism varies; some let the recipient log in without getting a view of the password, while for others the sharing goes both ways. Consistent with its business emphasis, Zoho emphasizes sharing only the company. In a home setting, this would translate to sharing within the family. As noted, the free edition doesn’t include sharing.

There’s a new option to share with someone who doesn’t use Zoho. You provide the email address and a personal message. Zoho displays a one-off encryption key that you send under separate cover. Sharing ends after 24 hours, or 30 minutes after the recipient makes use of the login. Zoho suggests that once the need for sharing is over, you should change the password.

Password Boss Premium, RoboForm, and a few others offer a kind of password inheritance, ensuring that your heirs can access your accounts. This feature typically includes some kind of waiting period. If your heir requests access, you get an email, and if you’re not dead yet, you have some time to cancel the request.

With Zoho, it’s not about you, it’s about the business. An employee who’s on the way out can select some or all saved secrets and choose Transfer Ownership to immediately transfer them to another user. If the parting wasn’t so amicable, an administrator can choose Acquire Secrets to forcibly transfer nonpersonal secrets.

Worth a Look

As long as you stick with Chrome, Firefox or Safari, Zoho Vault gives you the fully automatic password management most users expect. You can still auto-fill passwords on unsupported browsers, and you can log in to your saved password data from any browser, on any platform. Paid editions add user management, login sharing, and more.

Zoho does have some unusual features, but it also has limitations. It still can’t handle two-page logins like those used by Gmail, Yahoo, and others. It doesn’t fill web forms, and doesn’t support Internet Explorer. Automatic password changing isn’t part of the Standard edition, and in any case, it supports just 50 websites.

Top picks Dashlane, LastPass Premium, and LogMeOnce Password Management Suite Ultimate all offer secure password sharing, password inheritance, and automated password updates, among many other features. And Sticky Password Premium’s unusual features include extra-secure syncing via local Wi-Fi and management of application passwords.