By: Abine Inc.,
In this internet era, we are accustomed to having multiple profiles across various websites, with many login credentials across them. It will be a superhuman feat if someone can remember all those random passwords across all such sites. For ordinary folks like us, we need a good and secure password manager.
A password manager is a software program that allows us to store the user name, password, and login URL of the respective site. Not only that password managers are also equipped with an auto form-fill feature to complete those tedious forms that you have to fill every time you make a new account on a website.
Blur is one of the password management tools for online users that want to save their login credentials across numerous websites in one place, keep them secure and use the autofill to access those websites.
Blur is a product of Abine Inc., situated in the technology center of world Massachusetts, USA.
Built with password storage as a primary feature, Blur also helps to manage those passwords, use masked emails, masked phone numbers, and credit card info to hide the real you from the data marketing snoopers.
They claim to provide the best services for both trial and paid customers and promise to secure all your personal data no matter what.
In this review, we are going to see and test all the features of Blur along with their data storage policies to see if they can stand up for these claims or is it all just a farce.
Well, it is the only job of a password manager to store your credentials or to provide any other facilities to better interact with the user abilities and the firmware to give the best services to customers.
The primary features of Blur are detailed as below:
Blur stores all the password and any kind of login credentials the user has before or after they have installed the product. This works by providing a browser extension or dedicated app for Android and iOS systems.
Once you have logged in on these platforms via the Blur account, the automatic detection of any login/signup session and their credentials’ storage begin.
Tired of filling those name and address field repeatedly for every new account sign up you do on different websites? Well then, Blur provides you with the facility to create your own identity to fill those tedious forms with one click.
You can right-click on a field you want to fill and have separate detail for it, other than the one that you saved before. It can fill all information on a sign-up page of a website like a Name, address, Email ID, Phone number, a random password, etc.
The users can add any number of identities to be used across several websites. We tried this feature to auto-fill email fields, address fields, credit card info, etc. and this worked quite smoothly. You can also complain to support team if this feature is unable to fill forms on certain websites.
For many regular internet users, some sites will not let you visit them without an email submission, or you accidentally filed it in one of the sites, or you subscribed to them ages ago.
These websites exchange this info with data marketing folks and then the endless horde of advertisement spam cover your inbox.
To save yourself from that and to hide your real Email ID, you can utilize the masked Email feature. This regular feature allows the user to create a fake Email ID which is linked to your main given Email ID.
Whenever you put this Masked Email to any of the sites, the email is sent to this masked ID rather than the primary ID. This saves to leaking your anonymity to data snoops.
The users can then select which mail to forward to primary Email and which to qualify as spams. They insert a header in this forwarded mail to put that mail under spam category and block them.
Things are a bit fine till your Email lands up with any data sniffers, but if your phone number is revealed to them, it is going to be annoying soon. Also, you need to sign up on some websites that use OTP authentication for it.
To avoid using the real phone number, Blur users have Masked Phone Number feature to create a pseudo number linked to your primary contact number.
The masked number will receive all the calls and SMS and forward it to the main phone number. The entire details of every conversation can be viewed from the mobile app they provide for Android and iOS users. This will not reveal the actual number to the sender services. You can turn to forward off for any number you feel like spam. You can so make calls and send messages using this masked phone number.
This feature is limited to 13 countries only. It is also wallet heavy compared to your local service providers. Paid users get only $3/month for calls with $0.01 to connect and another $0.01 for each extra minute. Similarly, each text message received is $0.01. Quite costly ehhh!
In the current era of online payments and transactions, private account details like credit card info, bank details, etc. are always under the highly-sensitive radar and are frequently targeted by hackers and sniffing tools. To take care of this, Masked card service is beneficial.
The masked card is similar to an online gift card. It contains the exact amount to be paid along with temporary pseudo credit card info to complete payment across any website you want. Once the amount is paid, the details of this pseudo card are flushed, and so your main credit card details are safe.
The service was exceptionally smooth although they charge for every transaction now. Apart from that, it is a feature only for premium users. They still cost $2 per card you create below $100 and an additional 1.5% of card value for above $100 transactions.
Given that many big banks now provide their premium account holders this facility for free, an extra perk along with a password manager is always good.
The online websites that indulge in database marketing or information selling are most notorious for installing trackers once you visit their website.
From your last online purchase to a list of your previous online dates, they rack everything. This becomes a massive privacy breach and can potentially be misused by someone.
To avoid that, Blur also has a feature called Tracker Blocker. This function blocks all the tracking cookies and scripts on a webpage and saves the user data to be leaked to these parties. This feature is available in chrome extension for free in Ghostery.
Nothing was found to be an extraordinary here given that it is one of their advertised features for premium plans.
When it comes to configuring the product for daily usage, Blur provides an easy user interface. Blur offers two ways to set the service to be used. The users need to make a new account on the blur website first. You can opt to use the trial version for 30 days or pay from the get-go.
Once the account is created, Blur will ask for generating a password for login into Blur account. Then there will appear a pop-up which will show you the Backup paraphrase. This is a long sentence with some random words to secure your account. Remember this to reset password in case you lose it. Then Blur will prompt for a further setting like setting up an extension, turning on tracker blockers, making autofill entries, etc.
Once you have logged in into the account, you will see the main dashboard. The main dashboard will have all the required features to be tweaked, i.e., password manager, masked email, phone, and credit card info, tracker blocker and auto-fill for identity, credit cards, and addresses.
The Password manager has an option to tweak each saved password individually. Here, you can either delete them, open them in new tab for login, edit the credentials and attach an encrypted note to them.
The options to add masked identities are also useful. The customers can opt for any masked identity to create a false Email ID, phone number or credit card. There are already many websites available which can generate fake email IDs saving you from spamming. However, such sites do not offer a permanent fake Email ID; it's temporary till you close the session. The masked Email, however, behaves like a full Email client. Same goes for Masked phone number and credit card info. We tested out all three features, and they did work well.
Then there are to autofill options for form filling websites. The user can use distinct options like edit, create, or delete to tweak the identities they have created to fill forms on sites.
On top right-hand corner, the user can see the status of their backup and sync, their registered name and ID. You can do additional settings from clicking the user name here. It also has a FAQ section to help users having set up or technical issues.
The browser extension is quite simple to use and displays the same option as the main website dashboard. It has tracker blocker also added to it.
They also have a support feature in the settings menu. The support includes a direct ticket submission, Live chat, and Email support. There are various FAQs available for inexperienced users to learn how to use the services and what function each of these services provide.
A password manager has a critical responsibility to encrypt and protect the sensitive user info by all means. Less secure algorithms to encrypt the user data can result in a severe loss to many users in case of a cyber-attack.
Blur uses AES-256-bit encryption to protect user data. Then it transfers this data via SSL server to its cloud storage. This cloud storage cannot decrypt user data and only deals with storing it. They have a zero-knowledge model for this.
Blur also offers Two-factor Authentication for users to keep a strict check on their login activities. The TFA is a security measure taken for a highly secure login using two checkpoints before users can log into their accounts. They are time base OTP passwords intended as the second login credential.
The first is to enter the user credentials in the login window. After that, Blur uses either Google authentication, Authy or FreeOTP to send users second authentication keys. This second key can finally give users access to their account.
This TFA allows you to save your account in case the main login credentials are leaked. Apart from that, Blur also a feature to generate a secure password when you create a new account or change existing ones on a website. They use a combination of alphabets, numbers and special characters and randomize them to generate passwords up to 10 digits. Other similar software like LastPass, 1password, etc. can create more than 20-digit passwords.
However, as mentioned on official announcment it shows that Abine’s server vulnerabilities were caught, and later many of the user information was leaked. After this incident, they have increased their security and made several updates in the product. This however is a very serious thing for a password manager.
Overall, one can say that Blur has done an excellent job in securing the users’ database and provided high-end security encryption to protect their information.
Thousands of unique features and every one of them costs a buck; things can go very costly if that happens. For that reason, any software products need to have reasonable pricing for every customer.
On a base level, Blur comes with a 30-day trial version. This trial version has all feature unlocked except the masked credit card and masked phone number. They are only available in the paid version.
The base price of the Blur is $39/year, $59/2 years, or $79/3 years. The difference in features seems to be extremely low when switching from free to a paid account.
There is also a separate charge for each extra call and messages after $3 balance is used as discussed before.
Once the trial period ends, the backup and sync features are also stopped which is a huge bummer, to be honest. The only way for free users to save their data is local cache, which if deleted can clear all information of the user.
The pricings are definitely high for additional benefits like masked email, phone, and credit card info.
The more the ability if the software to reach various platforms to provide services to customers, the better it is.
Most password managers are spread across various platforms. This allows users to synchronize their passwords to be used on any device.
Blur has support for PC, Android, and iOS devices. For PC devices, the users have to use the Blur website and Blur browser extension for them together. Blur extension is available on Chrome, Firefox, and Safari browsers.
For mobile devices, it is available on Android and iOS systems. The mobile app has an inbuilt feature of the masked phone and base features like auto fill, secure payments, etc. However, the user review on both mobile platforms reveals that so much overhaul is needed for mobile apps. The app work clunky at times when we used it. The auto fill will not work sometimes, nor it will auto-fill the login field. Our experience was not so good with the mobile apps they provided.
Other than that, there is no support for Linux users nor any other non-mainstream OS.
Every product you use collects various information about you including your personal information like name, address, phone number, etc. along with banking and credit card details in case you are using their paid services.
Many people will instead remember all the hectic passwords for every site they go or have similar combination along them than providing all the login credentials, credit card info, full identity to any company.
Same goes for Blur too. You basically handover all your confidential data to a company and in case someone hacks it, or any intelligence agencies want to frame you, things can turn very nasty in such circumstances.
Blur and its mobile platform collects some of the user data for debugging uses. These collected data are as below:
They claim that all the data sent to the server, be it regarding the temporary/fake Email and Phone services or stored passwords is highly protected via AES-256-bit encryption.
Blur and its mobile app use third party service providers to provide the masked services. This means that these third parties can access the data. This is also a breach of trust policy since any indulgence of third party can lead to potential data leaks. Companies usually ward off their hands when blunder is done by third parties and this usually harm the customers in the end. You can try using a VPN when accessing the masked services for extra layer of protection.
Abine Inc. will only store user log for a maximum of 6 months after they have canceled a premium subscription (except for basic details of the transaction occurred), and six months for any website visitors, except for any payment details that they must check for fraud usage.
However, a subpoena by law can make them reveal all your user information. They say they can inform the customer but cannot refuse if asked for it a valid court order.
Given that they are in the USA, one of five eye nations, intelligence agencies may find a loophole to discover all your stored credentials. Given that they encrypt data before sending and storing it on their server, the only way to access it will be a subpoena.
It is a very tedious job to remember and write down every password you have on any site. For this Blur is a simple tool to ease that task for you.
In our testing, we found that the product is quite good and works pretty well on computer devices. It is definitely not up to the mark on mobile devices and needs some help here.
The security features are decent enough to secure your data. The masked features are also working very well.
The only thing that we found odd was their partiality in back up and sync, where they only allow trial or paid users to save the data in their servers. Free users are at risk of losing the data if they delete their cache. They also have restricted credit card feature for trial users.
Thus, Blur has everything to be a decent password manager, but we would like them to make their pricing bit affordable or add extra features like LastPass to justify those prices. You can definitely try the trial version for 30 days and later decide for yourself if you want to go for a yearly subscription.