As we conclude the final quarter of 2025, we’re wrapping things up on a high note. This quarter has been about reinforcing trust and usability. But we haven’t just been celebrating milestones; we’ve been making improvements. Below, we’ll walk you through the latest security features—from Network Allowlist to Offline Mode—designed to give you total control as we head into the new year.
Contents:
Award, accessibility, and webinar
This quarter, we were ranked number one on the list of the best encryption software. Paulo Gardini Miguel of the CTO Club notes that NordPass is the best option for secure access and compliance management as it supports compliance with cybersecurity regulations like ISO 27001 and SOC 2. Additionally, it was mentioned that NordPass offers an Admin Panel Security Dashboard that allows company security administrators to monitor password health, potential breaches, and more.
Here at NordPass, we strive to make our tool and website easy for everyone to use and navigate. That’s why our web team worked on improving the accessibility of the NordPass website according to WCAG standards this year. We applied the necessary fixes, including those recommended by the audit agency and those identified by our own review of the official WCAG guidelines. We can now proudly say that the NordPass website offers a more accessible experience for all users.
As with website accessibility, our NordPass teams strive to make our features easily understandable and usable. That’s why we hosted a webinar focusing on selected features, such as the Data Breach Scanner, Sharing Hub, Session Management, and Network Allowlist, to showcase their applications and explain how they can strengthen companies’ cybersecurity. You can watch it here.
Product updates
Next on the list are the product improvements we made this quarter. And there were several, so let’s take a look.
Network Allowlist highlights
From this quarter on, we are offering a new feature called Network Allowlist. It allows Owners and Admins to control which trusted networks and countries employees can access the NordPass vault and Admin Panel from.
No matter how your company operates—whether remotely, with a hybrid model, or with multiple offices—you can now ensure that employees access sensitive data only from trusted networks and geographic locations. Add individual IPv4 or IPv6 addresses or subnets with CIDR notation to create multiple allowlist rules tailored to different teams, locations, or networks. To keep your setup organized, simply name each access rule for easier management. This feature automatically blocks login attempts from non-approved networks or countries, ensuring that users can only log in once they connect to a trusted network.
Lastly, please note that the Network Allowlist feature is only available with the Enterprise plan.
Offline Mode for desktop devices
From now on, organizations can turn on Offline Mode for their members. They can choose to access the NordPass vault for either 1, 7, or 30 days. Once the time limit expires, members will be notified, and their offline access will be blocked. Also, note that members are limited to viewing only in Offline Mode. This means that actions such as creating, updating, and deleting items are unavailable. However, organization Owners and Admins will be able to see all offline activities made in the Activity Log, including the timestamp of when the action was performed and when it was sent to the Activity Log once the user gets back online.
Data Breach Scanner improvements
We’re excited to share an important update to the Data Breach Scanner that will help keep you even safer online. We’ve added a new type of data source called malware logs. This means that we now look for signs that your personal information may have been stolen directly from an infected device, such as a laptop, phone, or computer, and not just from hacked websites. If a match is found, you may see details such as the system name and device username taken from the log. This update will alert you if your credentials appear in malware logs, meaning your data was likely harvested from a device and uploaded online. Knowing that your data has been exposed allows you to secure your accounts immediately, preventing unauthorized access.
Additionally, we introduced an “Affected Items” section to the Breach Report that shows which of your credentials stored in the NordPass vault match the leaked data. This section highlights which items may be impacted and recommends that users review or update them. And last but not least, we are now processing more data to see possible breaches.
Authenticator now supports multiple devices
We’ve upgraded the NordPass Authenticator to support seamless, multi-device sync, allowing you to generate TOTP codes across your Android or iOS phones, as well as supported Windows or macOS browsers, simultaneously. To make this flexibility even more secure, we’ve replaced the Master Password requirement with an email verification step during setup. This new process makes onboarding easier and solves a common problem: reinstalling the app or extension will no longer lock you out or require an admin reset. You can simply reactivate the feature on your fresh install and get back to work, giving members peace of mind and significantly reducing support tickets for IT administrators.
Password Policy update: no password expirations
You can now set specific old or legacy passwords to never expire. This eliminates the need for forced password rotations for accounts, which was recommended by NIST in their newest password security guidelines.
Billing updates in Admin Panel
Organization Admins can now upgrade to any higher-tier plan directly from the Admin Panel. Whether you are moving from Teams to Business or scaling up to Enterprise, you have the freedom to do so on your own terms. We’ve also made it easier to manage your payment details—you can now update your billing address in the NordPass Admin Panel. Please note that this change will apply to upcoming invoices and ensure that future billing emails are sent to the correct address.
Research and reports
Naturally, NordPass wouldn't be complete without an in-depth look at password habits. This quarter, we released two studies: one that breaks entirely new ground, and the latest edition of our all-time classic.
Research on public sector passwords
For the first time this year, NordPass looked at the passwords used by public sector employees. Using the threat exposure management platform NordStellar, we monitored the passwords of public sector institutions based on their email domains. This covered over 5,500 institutions in countries such as the United States, the United Kingdom, Canada, France, Italy, and Germany. The organizations included federal parliaments, presidencies, local and regional governments, municipalities, and other public institutions. Find all the data and insights here.
Top 200 Most Common Passwords: generations change, password habits remain
This year, our signature Top 200 research arrives with a new twist. In collaboration with NordStellar, we analyzed password habits across the board—from the Silent Generation to Gen Z—only to discover that security choices are surprisingly similar regardless of age. We also dissected the data from 44 countries to reveal specific regional trends and vulnerabilities. Explore the full findings here.
Bottom line
And just like that, we wrap up Q4 and close the chapter on 2025. It’s been a year of significant momentum, and we are proud of the strides we've made to improve NordPass, foster healthy password habits, and strengthen overall cybersecurity. Stay safe online, and here’s to a secure year ahead!