By: Kaspersky Lab.
Amongst the list of so many password managers, here comes Kaspersky Password Manager. Being part of billion-dollar cyber security company Kaspersky, we can hope for some good features in this password manager.
In this review, we will be checking all features and functions of this password manager, along with comparing it to top products. Then only we can conclude if the product is a genuine effort by developers or just another gimmick to squeeze customers.
Times have changed now from old days when people’s memory was quite sharp, and we could remember long numbers, do mental calculations, etc. But now, it can become a very annoying and cumbersome task to remember all these passwords and login IDs.
To fix these issues, we have password managers. The main goal of every password manager is accumulating passwords of the respective URLs along with their login IDs.
Now, many password managers have evolved out of the box and provided much support than mere password storage. The users can store notes, credit card info, identities, etc. on a password manager.
A password manager essentially has lots of sub-features with it. Apart from the usual password storing tasks, nowadays they provide auto fill, autosave, card entries, etc. In below writeup, we will review these features and give our verdict at the end of article.
Like any similar product, Kaspersky password manager has a primary chore to store the login IDs and their respective passwords in its database. To start with, users need to install the password manager on their device.
Once the password manager is installed, create a new account and start adding passwords in your account. The users can also utilize import function if they are migrating from another password manager.
The import part was quite annoying in our experience. They have no support to import via an XML, text, and from random CSV files. The import function only works for Dashlane, 1password, Keepass, Norton, and LastPass.
Although some may think these are enough, but in reality, they are not. Usually, top products allow the import through CSV and XML files. This is very basic, as in most organizations, password entries are done in CSV or XML format.
After the job of import and export, users can see list of passwords on main panel of desktop app. On this panel, users can see the active entries.
Free users get only 15 active entries, which means that all features like auto fill, autosave, modification, etc. are limited to these entries. The rest of entries are as good as dead.
This is one of the biggest flaws of free version of Kaspersky Password Manager. Most password managers offer a free trial over 30-days, and products like Sticky Password allow unlimited storage and access to passwords even after the trial expires.
There are only a few options given in this panel i.e. open in browser, favorites, edit, move and delete. The users can add more passwords manually via add accounts button. The user can enable auto-login for any login credential from here.
The auto login feature is also a part of password management. When using this application, users can see a black key icon in the form field where login credential will be entered. Hit that button, and you can see a small pop up beside that form field asking to fill the IDs in that field.
The auto-fill feature was very lagging when we used it. It will return an empty field for some websites even after the password was updated in the manager. The import function did an awful job in importing passwords in our testing across 30+ website logins.
We had imported more than 30 login IDs from Dashlane, and only 15 IDs were properly imported. Many of the password entries were detected, but the login credentials were missing. There may be multiple factors responsible for it, but this is a poor operation of password import service.
This can be possible due to restriction in free version, and whether true or not, it is a terrible way to annoy free users, who will end up never buying this product. The password saving popup in browsers thankfully worked fine.
Overall, this password management tool performed averagely in its primary function. With incomplete imports to highly restrictive usage of the services, Kaspersky has disappointed us in this section.
In most instances, apps come with a separate desktop interface nowadays with login fields. Users can login into this section and carry out their tasks.
Most password managers have a browser extension to keep an eye on the login fields, but they will need a separate method to detect the login areas in desktop apps.
Kaspersky Password Manager also has the app accounts feature where the users can capture and store the password of desktop applications.
The feature is supposed to be automatic or at least able to guide to the target windows. None of this was possible in it. Sticky Password and many other similar apps have given a drag and drop pointer to pick the window and the respective IDs in it.
To add app accounts in it, users need to go to manager app on desktop and open the app accounts tab. From here, users need to manually browse to app location and pick the .exe files and then input their credentials.
This was quite a lethargic procedure to add app credentials. The more surprising part was that we checked the feature on most commonly used apps like VPN, cloud software, social media, etc., and this feature responded only to few apps.
Now, there may be some reasons or bugs with this feature which made it underperform, but it was no better than the auto-fill feature in the web browsers. Kaspersky needs to pay more attention to both these parts first as they are crucial to password management.
Now comes one of the most used features in the password manager tools. Along with tons of credentials at our disposal, it can also be quite hectic to remember so many user identities and their addresses.
Also, in this modern age, we all use the online payment very frequently and so the credit card details are also utilized daily. The identities and payment feature in password managers can be used to save these details.
Kaspersky Password Manager has given two separate tabs to save the identities and card details. In the card details section, users can add credit card or debit card details like card number, CVV, expiry date, etc.
To save someone’s personal details like their name, address, phone, etc., users need to click the address tab. As it declares address, users can input a name, address, phone, email, etc. to a new field.
Merely saving tons of identities and cards cannot give the idea that function is working fine. We used several websites with sample form fields like the RoboForm’s autofill check, an autofill smoke tester on a GitHub project, etc.
While it did fill fields across them, many fields were skipped, and this feature seemed to fill only some of them. The auto-detection seemed flawed even for simple test sites. We really hope Kaspersky pays more attention to auto fill next update.
Among one of the most useful spare feature in password managers nowadays is secure notes and document storing vaults. It is convenient to access these notes, memos, or any important documents on the go from anywhere in the world.
To notes section can be accessed in the desktop app. Unlike other password managers, there is not much customization possible in Kaspersky Password Manager. The users can only add plain text to the files.
Sticky Password has also provided passcode protection in notes section, which is not given in this password manager. Also, Kaspersky lacks much customization like font color, shape, size and other simple formatting options like in other password managers.
Next tab is the documents section in password manager. In this segment, users can add several documents like image files, pdf, etc. Once again there is no passcode protection given as extra protection for document files.
One more flaw in this section is lack of support for other common file types like word files, sheets, HTML or CSV files. Until now, we have got an average vibe from using the product. Most of the features we saw until now are all half-baked.
Some of you may not realize it, but the synchronization of data in the password manager is very important. This is because we cannot carry the software along with the default device to everywhere.
For this, we can use the sync feature of the password manager. The sync feature is available only for a limited time to free users on top of other restrictions.
The sync feature can be used as an auto or manual backup for all data stored in this app. Now, along with sync feature, we may also need to directly copy or send some of user data to other people or say another account of ourselves.
In this case, the import/export and sharing option is very obvious and common choice for most of the service providers. To use import/export function, users can access it from settings menu under the left side navigation tabs.
Under this section, import button has very limited choices. As we have mentioned earlier, this feature is very frustrating to use. They have not used any standalone import function for XML, CSV or text files.
The export button is also mediocre and can only export files either in text format or in their default vault format.
It will not require an expert to point so many flaws in this section. They need to rectify them fast and provide ways for both secure and faster data exchange between two application or devices.
Other methods for secure sharing like USB sharing, Email sharing, etc. are missing from the export section. We really hope Kaspersky does not take this product lightly, research superior products like LastPass, 1password, etc. and develop it properly.
Usually, a critical part of any password manager, both password reviewer and generator are frequently used. Both of them can help users to use more secure passwords for their credentials.
The password generator in Kaspersky is very basic and can generate 50+ character passcode with combinations of letters, cases, numbers, and special symbols.
The users can checklist any items from above to create a random secure password. It is advisable to use more than 10-character combination for secure passwords.
In case there are some passwords stored by you which are weak or repetitive, the password checker tool will aid you to recognize and change those passwords.
To use the password checking tool, the users need to use the Password Check Tool in desktop setup. This tool is not so much detailed compared to other password managers like 1Password, Sticky Password, LastPass, etc.
All these top products have pie charts to give a visually sophisticated view of weak, medium and strong passwords. The tool will auto group the IDs with same passwords.
The users can click change password button to open login page of that site and then use change password option and replacing it with a new and strong password. This feature needs more efforts and functionalities to compete with above-mentioned password managers.
Being surrounded by tons of devices with each having distinct functions and uses, it is obvious that we develop an application for most of them. Most probably, smart devices that we generally use mostly like smartphones, tabs, notebooks, etc. have more importance.
It is quite evident that we need password manager across these devices. To login again and again on these devices also can be quite hectic. For this reason, password managers now have given same features on its mobile-based apps on Android and iOS.
Kaspersky has given its password management service across devices like desktop OS like Windows and MacOS, and for mobile OS like Android, and iOS.
Let us now explore one of the most commonly used interfaces for most password manager services. The desktop application is quite easy to use and consists of major features of application.
To access desktop app, users need to download the setup from Kaspersky website and install it on their device. Login into the account by entering respective master password and login ID.
The UI in the desktop app is sleek. It will neither give you an outstanding vibe nor a hazy one. The first tab in password manager UI is the All Entries Tab. This tab lists out every password, documents, notes, identities, etc. that you stored in the vault, on its main page.
The UI has an option to move password items randomly and place them as your preferences. The list view was very congested and did not display the password entries properly.
The users can use folder icon on top and create new folders in this panel. Using these folders as groups for various entries can help for a more organized collection in the vault.
The next section to main panel is Login IDs tab. As the name says, this tab stores explicitly all login IDS that you have saved in your vault. As usual, there were no extra features allocated in it.
The subsequent tab is Applications tab. In this, users add new application outside of web interface. After this, users will find card and identities tab. Both of them have a simple UI to add or remove payment and address details of a person.
The last few tabs are Notes, Documents and password check section. Most of these features are still under-developed so having a smooth UI does not help much to utilize them properly.
Only useful item in the general settings was compromised passwords check and ignore websites. The compromised password tab is an automatic feature.
The stored passwords are converted to the SHA entry and these SHA values are checked with list of leaked items online. This can help the user to get alerted and change their password before someone can use those compromised accounts.
Lastly, you can see sync and password generator button in bottom left. Unlike other password managers, UI was mediocre. Even though the navigation across features seemed easy, lack of proper implementation of some features is what reduced the usability of the UI.
Now for second most used platform for password manager services is mobile applications. Nowadays we have so much use for various login platforms on phones like social media websites, app-locks, or other similar apps that require logins.
The mobile application can be downloaded from mobile store of the respective OS. Just input credentials in the app, and you will be redirected to your safe vault.
In this vault, users can see same features as in the desktop app with only difference in some settings that are only present on the desktop version.
For mobile app, the UI has same tabs that we mentioned in desktop interface above. You can see search and favorites tabs too in navigation bar on left.
Some security measures like fingerprint locks, auto-lock vault, clear clipboard, and change master password are present in settings tab.
The users can manually set autofill for certain browser entries in mobile app. However, what we found weird was that they asked for the call and SMS permissions for their app, which seemed suspicious.
Overall, mobile and desktop interfaces are well developed and can do their job decently, unless you have some grand expectations from their services.
Now talking about web interface, we may not expect features more than desktop and mobile interface. Most passwords managers who provide desktop UI have limited settings in web UI.
The users will need to use their Kaspersky web account to access the vault on their browsers. The entire UI of browser interface is also same. Same tabs, same settings are given in it.
However, there is a particular option like linking card details, order history, data consent, and data provision as extra options.
There are many password managers like LastPass who have given a full browser-based interface to utilize passwords on the go.
Other than this, there is a browser extension given to capture and auto-fill the fields using the vault information. The extension is minimalistic, as it should be, and only has basic tabs and the respective entries in short form.
Concluding to the UI section, we would say that we did not experience any issues while reviewing various features of the password manager. The entire navigation was beginner friendly. However, most of these features lacked proper implementation that caused most of the annoyance.
When it comes to the safety of our documents, we do not even trust our own family members, and here we are exchanging lots of private credentials with an unknown company, most probably that only exists on virtual devices.
Password credentials are very sensitive data, and so the companies providing the vault service for them must have a secure algorithm to safeguard it. Generally speaking, the security measures utilized by most of the password managers are standard military grade.
If you visit the Kaspersky password manager website, there is no direct mention of security features that they have taken to encrypt user data in their vault. However, some digging gave us a few answers like they have incorporated standard AES-256bit encryption in their vault.
The data stored in vault is encrypted before it is transferred to the servers. The in-transit data has an SSL/TSL layer protection to stop the MITM and other attacks midway data transfer.
However, there is no mention of using the hashes to delay brute force attacks, which may compromise weak passwords. This indicates that even from a security point of view, Kaspersky Password Manager has a long way to catch up with other related products.
There is no mention of any detailed guide and steps of encryption process and data transfer anywhere on main page of this tool. This is now confirming that the product is developed just for namesake and no real efforts are made into it.
There is no two-factor authentications, no security logs section, and misses many other crucial security features. Thus, it is turning out to be some disappointment from a big company like this.
In modern days, where we do not even give a mobile password to our domestic members and value our privacy so much, any product that is storing any form of personal data is quickly under radar of suspicion.
To check the privacy policies of such organization is a must to ensure that sensitive data like the password and their credentials are not outed to third-party services or some inter marketing.
The privacy policies of Kaspersky are very modest. The policies are different for different product by them, but in general, it includes common topics like third-party involvement, law enforcement, general marketing data exchanges, etc.
These policies are fluid and easy to grasp. They have clearly mentioned that master password is only known to user and once lost, there is no way for users to retrieve their account. The entire data transfer is via an encryption channel.
They claim to follow the Zero-knowledge policy, which means that no one except you( with master passcode only) can access your account information.
The users have the right to view, modify, access, object or delete any user data if needed. They have mentioned that law enforcement will not be able to track the changes unless they have the master passcode.
There were some rumors initially that Russian government had used the service to spy on many people, and given that Russia is under heavy surveillance, it is tough to bypass them.
Going through entire section, we can say that these policies are minimalistic and so there won't be any issue unless their government wants to spy on you. We want Kaspersky to develop more security and privacy concerns to safeguard such user data.
As you’ve gone through above writeup, you may have become aware of perks and disadvantages of having this password manager. For every feature that we went through, they all were half-baked in our experience.
From simple password storing to autofill features, performance by Kaspersky Password Manager was very mediocre. This was more disappointing given the reputation they have built.
The worst torture was for free users. We had used both the pro and free plan. The restriction of 15 entries is a bit cruel given that all the top products like LastPass, Dashlane, Sticky Password, etc. give users full month trial pass and also give basic password storage even after trial plan expires.
The customer support pages were returning us 404 pages and were not accessible sometimes. However, the support was quite responsive via the live chat and ticket submission. The pricing may be super cheap, but I would instead use any other password manager with an additional $5 to pay and get proper features.
Finally, we would recommend this service only if Kaspersky is serious about this product and improves it. Otherwise, users can go with other amazing password managers like LastPass, Dashlane, Sticky Password, etc. for a dedicated service.