Zoho Vault Review That Will Not Waste Your Time (Updated With Screenshots)

zoho vault
Zoho Vault is starting to become a great password manager. But it has to continue working.

Pros

  • Zoho Vault offers a service that users can access from any web browser and on any platform
  • Availability of a free edition
  • Login transfers and sharing permitted between different users
  • Actionable reports on the user’s password strength

Cons

  • Can’t import user passwords from web browsers
  • No facility for tasks such as web form filling
  • Can’t manage two-page logins such as that of Gmail
  • Supports web browser extensions only for Safari, Firefox, and Chrome

Bottom Line

LastPass isn’t the only good password manager in town.

In many ways, Zoho Vault manages to accomplish everything that you would expect from a password manager.

Moreover, just like LastPass, Zoho Vault also offers a free version.

That is impressive.

However, Zoho Vaults lacks web form-filling capabilities.

Zoho Vault also can’t manage and/or handle passwords for many important sites and services such as Gmail and co.

Full Review

The modern world of the internet is bad enough already.

Not only do users have to remember their passwords for all sorts of services that they use but they also have to remember a lot of other stuff.

You have your social media account along with your email account.

And then there are those hundreds of accounts that you have on other sites not related to email or social media.

What’s worse is the fact that when users go to their work they have to contend with another set of essential passwords.

And they need to know all of them if they want to get work done.

Lucky for us modern internet users, we have services such as Zoho Vault.

Zoho Vault provides users with enough features that they can securely take care of all situations which require them to use a password.

Zoho Vault is basically a very comprehensive password management tool.

It allows users to keep personal and business logins in separate locations.

Moreover, Zoho Vault also includes other business-friendly features such as collaboration tools as well as other user management functions.

Now, the market has a lot of decent password managers.

And most of them offer some form of a free edition of their premium service.

But those free versions come with stringent limits.

Some password managers limit their free users to store no more than eight or twenty passwords.

Some take away the ability to sync passwords on multiple devices.

Zoho Vault does none of that.

Its free edition doesn’t come with any limits on the number of passwords that the user can store.

The free edition also does not put any restrictions on the number of devices the user can install Zoho Vault on.

The only restrictions that it imposes are on some multi-user features.

It omits some other advanced features as well.

We will talk more about them in the coming sections.

Zoho Vault has a free edition and a Standard edition.

The Zoho Vault Standard edition (which we will review here) costs users around $1 per month.

Our research shows that Zoho Vault is perfect for the family as well as individual use.

There is also a Professional edition.

zoho_vault_list

The Professional edition costs users around $4 per month per user.

Clients who want to sign up for the Professional edition have to sign up at least five users.

This tells us that Zoho Vault means business when it comes to its Professional edition.

The Professional edition comes with some really advanced features.

Some of these include automatic password modification where Zoho Vault changes passwords for the 50 most popular websites automatically.

The Zoho Vault Professional edition also comes with an emergency mode.

This mode allows the current administrator to obtain access to every other nonpersonal password.

But only for a limited amount of time.

Zoho Vault has another subscription package that goes beyond the Professional edition.

It’s called the Enterprise edition.

It is Zoho Vault’s top tier package.

And that’s why it costs around $7 per month per user.

That is a lot of money on the face of it.

But users also get to use some big-business features.

Features like,

  • Single sign-on
  • Active Directory integration

If we’re talking about all these packages on a yearly basis, then the price of Zoho Vault Standard edition comes to around $12 per year.

As you can probably imagine, that price is reasonable.

We still remember the time when LastPass used the same rate for its Standard package.

But LastPass has doubled that price.

It did so last year.

There is also Sticky Password.

It costs users just a shade under $30.

That is a lot of money.

You also have other alternatives such as Dashlane.

And of course, LogMeOnce Password Management Suite Ultimate.

Both LogMeOnce Password Management Suite and Dashlane cost users around $40 per year.

Zoho is the company behind Zoho Vault.

And Zoho Vault represents just one of the products that Zoho, as a company offers.

If we are talking about numbers then Zoho offers several dozen other applications.

Most of these applications focus on business clients.

Zoho has tools for project management as well as email and bookkeeping.

With that said, we have to mention the fact that almost all of its products are free for individuals who want them for personal use.

And just like it has done with Zoho Vault, the company limits the free editions of each of its other products.

Most of the time the restrictions come in the form of omission of business-specific features and other central administration features.

Installation And Setup

zoho_vault_menu

If you want to start a new Zoho account, you won’t have to spend more than a few seconds to do so.

In other words, it is snappy.

All the user has to do is enter his/her email address and then provide a new password.

Zoho will use the password for the user’s new account.

Then the user has to open up his/her email account and then click the link that comes with the company’s confirmation email message.

Users may see a prompt but they shouldn’t worry about it.

Why?

Because it doesn’t ask you anything useful.

Most of the time it would ask if the user already has a business account with the company.

If the user clicks the NO option, the subsequent pages clarify that the free edition of the application is for personal use only.

Hence, it will ask you to enter only your name.

Then we come to the final step.

The final step consists of the user creating a passphrase. (Also called master password)

The company will use it specifically for its Vault service.

This passphrase is separate from the password the user had to use with the official Zoho account.

Readers should also note that they will have access to full and all features during their trial period.

Hence, no one has to commit to Zoho or any of its services with a subscription package right away.

Once you have begun the installation process, Zoho will prompt the user about starting to save their secrets.

Before moving ahead, we recommend users to finish off a couple of things first.

It’s not that they are essential or anything.

But these steps are just for the user’s convenience for what is to come next.

The first thing users should think about is whether they are moving away from an existing and different password manager.

If you are one of those users who is moving from another password manager, then know that Zoho Vault does offer an import feature.

In other words, you can import all of your existing passwords from another password manager.

Zoho Vault has the capability to import content from other password managers such as,

  • True Key
  • Roboform
  • KeePass
  • Keeper
  • LastPass
  • And many others

All the user has to do is import the CSV file.

This file usually contains all of the data that is associated with the user’s passwords.

Readers should also keep in mind that Zoho Vault doesn’t have the capability to import password which they have stored in their web browsers.

Hence, users will have to transfer their web browsers themselves.

Users should also make sure that they turn off their browser’s password capture feature after they have transferred all their passwords to Zoho Vault.

Zoho Vault also comes with an offline mode.

zoho_vault_message

This is nothing more than the app saving the user’s data on a local HTML file that is encrypted.

To use the offline mode you just need to log in the usual way.

There is no difference in the login process between offline and online modes.

If a user signs up for a paid account then Zoho Vault gives the user the option to periodically email the user a backup of the user’s encrypted data.

After signing up with Zoho Vault and taking care of the initial settings, users must also install the official Zoho Vault extension.

Zoho Vault offers web browser extensions for all major browsers such as,

  • Firefox
  • Chrome
  • Safari

These extensions work on all major platforms such as,

  • Linux
  • macOS
  • Windows

Zoho Vault, in the beginning, did not have an extension for Safari.

But now our research shows that they do.

They also have an app on the official Windows App Store.

So what does the extension exactly do?

Well, it gives the user the expected.

By that we mean it provides the user with various features such as capture and replay.

So what happens if a user has installed a browser other than Chrome, Firefox, and Safari?

Then there is the possibility of a user using a computer machine that doesn’t have the appropriate permissions to install extensions?

What happens in all such cases?

Well, users can add a specific Login button in order to click it.

This Zoho Vault button lives all its life on the user’s bookmark toolbar.

Users can click the Zoho Vault button in order to autofill any existing login credentials.

Once the user clicks the button it will get to work and then fill the username and password fields for the current website.

This is the same process that users of Intuitive Password follow all the time.

Features

What Is The Replay Feature?

And What is the Password Capture Feature?

Let’s discuss each one turn by turn.

Whenever a user tries to log in to a secure website and has installed Zoho Vault browser extension on a supported web browser, Zoho Vault offers the user to save his/her login credentials.

The company calls this information as the user’s secret.

Zoho Vault will save the secret and then allow the user to give that secret a friendly and appropriate label.

Some labels could go along the lines of Alternate Facebook or something.

Moreover, Zoho Vault also allows users to add in their notes or any other types of tags at the time of saving a secret.

How does this work in a business setting?

zoho_vault_options

Well, the process remains the same.

But the user will have to indicate whether the secret is related to a personal or business password.

Of course, if the user is making use of Zoho Vault only for himself/herself then the distinction between personal or business doesn’t really matter.

During our research for this Zoho Vault review, we found that Zoho Vault can easily handle sites that come with standard login prompts and screens.

On the other hand, it doesn’t do that well with two-page logins and other oddball login pages.

For example, our research shows that if you try to log into Gmail, Zoho Vault will not do anything.

Why?
Because Gmail makes use of an interface where password and username entry boxes exist on different and separate web pages.

We all found the same problem in the case of Eventbrite.

The company representatives will tell you that this is indeed a limitation with Zoho Vault.

Now, we’re not saying that this breaks the deal but the limitation of not being able to handle Gmail passwords and usernames is a monstrous limitation.

Too big in fact.

Of course, when the user returns to the same site, Zoho Vault does manage to put a Z icon directly in the fields related to password and username.

It also fills in the previously saved credentials.

To use Zoho Vault all that the user has to do is to click on the Z icon and select an appropriate and may be different, set of login credentials.

That only applies if the user has saved more than a single password for the same site with Zoho Vault.

Users who want to speed up the process a little bit can do so by selecting their saved login information directly from the web browser extension’s main menu.

After doing so, the web browser extension will take the user to the official website where it will automatically login the user again.

Okay, so that is the theory behind it.

What about real-world performance?

Well, our research tells us that the browser extension works reasonably well generally speaking.

But it does have its faults.

Users should expect the banner to not show up or disappear away somewhere before they have a chance to save their credentials by using the extension.

As mentioned before, sometimes it just wouldn’t show up.

But we have had this problem with LastPass as well, though very rarely.

Moreover, Zoho Vault popup don’t combine well with notifications from other sites like Facebook.

Our research shows that these competing popup generating companies can cause Google Chrome to completely hang and come to a halt.

So what about users who aren’t using a mainstream web browser?

Well, as mentioned before, Zoho doesn’t have a web browser extension for any other web browsers other than Chrome, Firefox, and Safari.

If you are one of those users who is still using Internet Explorer, then your process of saving data with Zoho Vault would be different.

In other words, you will have to log in to the official Zoho Vault website via online methods.

So first you log in to your Zoho Vault.

Then you click on the link to your desired login.

And then you go ahead and press the button that says Click-to-login.

This button, just as before, is usually present in your bookmarks toolbar.

Remember, it is the Zoho Vault extension that doesn’t have support for all web browsers.

If we are talking about Zoho Vault service, then users can log in to their accounts from any browser and of course any platform.

Keep in mind that if you don’t happen to have installed the web browser’s extension and/or login button, then you will have no other choice than to enter your credentials by the legacy method.

That legacy method is copying and pasting your login information.

Zoho Vault does have dedicated apps for the Android and the iOS platform.

Both of these apps come with an internal browser.

zoho_vault_strength

This internal browser is able to launch itself by default.

But the user first has to tap one of his/her saved login credentials.

As far as the Android platform goes, Zoho Vault can actually fill in user credentials that they may require while surfing the web in other web browsers as well.

It can do the same when the users are playing with other apps.

For users who have installed Zoho Vault on their iOS devices, they only have the option of launching the app’s internal browser.

If they don’t want to do that then they will have to copy and paste their desired credentials whenever they need them.

Security

Zoho Vault is pretty similar to Sticky Password Premium because it too requires the user to choose one password for his/her account and another separate passphrase of sorts to actually unlock and open their password treasure trove.

Users who log in to their Zoho Vault for the first time on a particular device will need to use the password along with the passphrase.

After the first successful try though, Zoho Vault will, by default, consider that particular browser or device as trustworthy.

That means Zoho won’t ask the user to verify the Zoho Vault account a second time for the next 180 days.

Users have the option of managing trust levels via the app’s online interface.

They can also use the online interface to remove a device if they have lost it somehow.

Users who want two-factor authentication do have the option of configuring Zoho Vault for it.

When a user, who is also an administrator, turns on the two-factor authentication feature then he/she would have to enter a phone number at each login.

Then the user (or each one of them if there are multiple users) would have to select to receive all authentication information through a phone call or SMS.

The user can also choose to receive that information via Google Authenticator.

After the user has set the feature up correctly, then the first login on any new device or web browser would require the user to input both a verification code and a password.

But there is a problem with such kind of two-factor authentication features.

The first problem is that the process can’t really work if the user doesn’t have any cell phone reception.

In the case that the user doesn’t have any juice left in the battery, then too this method would break down.

What if the user loses his/her phone?

Well, then say goodbye to two-factor authentication.

Or maybe not.

Zoho Vault wants to take care of your worries such as the ones we have described above.

And because of that aim, it generates a multiple number of backup codes which the user can make use of for login.

It generates those codes during the setup process.

These codes are single-time use only.

They allow users to bypass their smartphone-based two-factor security authentication if an emergency arises.

And because they could allow access to some very sensitive information, the company recommends all users that they should keep these someplace that is safe.

And secure.

Of course, users have the option of using them at their convenience.

Even if they lose all their codes, they can still generate more one-use codes via their Zoho online console feature.

Secrets And Chambers

zoho_vault_web_browser

Zoho Vault is not only for storing passwords.

It supports many other kinds of stored data the users want to keep a secret.

That data could include information related to,

  • Healthcare
  • Windows login
  • Bank Account

With that said, Zoho Vault doesn’t have the capability to use information regarding the above-mentioned categories in order to fill online web forms.

If you are actually the administrator of your system then Zoho Vault allows you to create custom types in that capacity.

Of course, that isn’t going to be of much use to a home user.

We think that this feature is most useful in a given business setting.

Zoho Vault also allows users to have as many data fields for their secret type as they need.

Moreover, users can also flag the data fields which they want as mandatory.

We have already noted before that users can also input tags that they want associated with each of their secrets as they are capturing them.

They can also add those tags later via the Zoho Vault editor.

But why do you need tags?

Well, you need tags because they can help you narrow down your search term if you have stored a great number of secrets via Zoho Vault.

Zoho Vault also enables users to define as many Chambers as they want.

What do Chambers do anyway?

Well, think of them as folders.

Or at least know that they function like folders which you see in order products.

But there is one difference.

Any secret of yours can belong to several number of chambers.

The latest edition of Zoho Vault allows users to create nested chambers.

Other good password managers such as LastPass do offer features such as nested folders.

LastPass can even turn some of your nested chambers into nested menus when you go ahead and click the LastPass browser extension.

Of course, that is LastPass.

You don’t have such facility with Zoho Vault.

Let’s Talk About The Password Generator

Perhaps the most important feature of them all.

Our research shows that many users miss Zoho Vault’s password generator the first time around.

Why?

Because Zoho represents it via a simple key symbol or icon.

It is present right next to the password field in the Zoho vault editor.

When the user clicks on the key symbol, Zoho Vault simultaneously replaces the current password in a given field with a random and new password.

Users will have to provide Zoho Vault with a password policy for it to follow.

Then Zoho Vault can generate even more random and more difficult passwords for the user.

By default, Zoho Vault will use the pre-defined Strong policy.

This basically ensures that it generates a password that is between 8 to 14 characters in its length.

Moreover, by default, Zoho Vault will use all types of characters in the randomly generated password.

Users can make use of other settings which include quite a few uncommon options.

What we mean is that users can force Zoho Vault to use a letter at the start of every generated password.

Moreover, users can also configure Zoho to not permit listing characters while it is generating passwords.

Zoho Vault gives users their own password policies as well.

We recommend that users should go with the predefined Super-Strong policy.

This basically raises the minimum required password length to a maximum of 16 and a minimum of 12.

Other good password managers such as RoboForm 8 Everywhere and LastPass along with a few others allow users to configure the settings for the password generator right where they are using the password generator.

Moreover, these password managers also show the ratings that they come up with regarding the strength of the newly minted random password.

Some prefer LastPass’s approach instead of the Zoho system where Zoho separates the official password policy away from the random password generator.

Do take note that in a multiuser environment, Zoho Vault allows administrators to enforce their password policies upon other mere users.

And simple users can’t change those policies.

As indicated earlier as well, Zoho Vault has changed a lot since its early days.

Now Zoho Vault offers a full report on password assessment.

This is a similar feature to LastPass 4.0 Premium.

Other password managers such as Dashlane also offer this feature.

Zoho now lists all of the user’s passwords.

And then it ranks them.

From the weakest ones to the strongest ones.

Zoho also makes suggestions in its report on more specific problems.

Problems such as user passwords that contain dictionary words.

Or even those passwords which the user hasn’t really changed in quite a while.

And as one would expect, Zoho Vault password report also flags passwords which it recognizes as duplicate passwords.

Not only that but Zoho Vault also manages to flag passwords which it calls recycled.

These are passwords which Zoho determines the user has used somewhere before.

Our research shows that most people would likely begin with dismal report results.

Why?

Because most of us use the same kind of password for many of our services and websites.

Moreover, if you are in the habit of using sample logins and passwords (fake data) then you will get even worse grades.

Our research also shows that Zoho Vault’s report feature, oddly enough, did not find the password “password” as something it should flag.

It did not consider the word “password” as a dictionary word.

That is indeed strange.

Transferring And Sharing Zoho Vault Secrets

Zoho’s competitors in the password manager arena like Dashlane and LastPass along with several others let users share their login credentials with as many users as they want.

But of course, those users must also use the same password manager program.

However, the mechanism of sharing varies among different services.

Some password managers let the receivers of a given password use the password and login without giving them a clear view of the sent password.

Other password managers have the default behavior of sharing each shared item both ways.

Zoho has a clear business emphasis.

And that emphasis means that it only allows sharing with users who are also using Zoho Vault.

If you happen to use Zoho Vault in a home setting then that would definitely translate to you sharing the password data within your family.

We have already mentioned the fact that the free edition does not come with features such as sharing.

Zoho Vault has introduced a new option that allows users to share data with some other user who doesn’t like Zoho or doesn’t use it.

The Zoho Vault user has to provide Zoho the email address along with a personal message.

Then Zoho gets to work.

It displays a key that is one-off and encrypted.

Zoho will require the Zoho user to send the key under a different and separate cover.

The duration of sharing is 24 hours.

After that, it expires.

However, if the recipient of the key has made use of the key and has logged in then the sharing session will expire inside 30 minutes.

That is the reason why Zoho Vault has suggested that once users are finished with their sharing needs and have no need for it, they should go ahead and change the existing password.

Other password managers such as RoboForm, Password Boss Premium and some more provider users with a feature that performs functions such as password inheritance.

In other words, this feature ensures that the user’s heirs can easily access the user’s account.

Of course, this feature usually comes with some type of waiting period.

zoho_vault_browser

For example, if a user has an heir and the heir requests access to some data then the company would send the user an email.

Assuming the user isn’t dead or incapacitated, then the user will have a limited amount of time to accept or cancel the sent request.

Our research shows that in the case of Zoho Vault, it isn’t about the user.

It is actually about the business.

In other words, it allows a hypothetical employee who may be leaving a company to select all or some of his saved secrets.

Then that employee, soon to be a former employee, can select the option Transfer Ownership.

And then the employee can transfer all of that data to another user at the company.

Of course, there is always the chance that an employee didn’t exactly part away from a company in an amicable manner.

In that case, the administrator can select to Acquire Secrets.

This will allow the administrator to forcibly enable nonpersonal secrets transfer to his/her account.

Conclusion

Zoho Vault is actually a good password manager.

But only if users stick to mainstream browsers like Safari, Firefox, and Google Chrome.

It provides users with fully automatic and efficient password management tools.

And this is what most users expect of a password manager.

Zoho Vault does a decent job of auto-filling passwords on even unsupported browsers.

Moreover, users have the facility to log in to their saved secret/password data from a web browser of their choice.

And that too from any given platform.

Zoho Vault has a free edition and several paid editions.

The paid versions bring in other features such as user management along with long sharing.

Plus some more features.

Additionally, Zoho Vault also has some rather unusual features.

You’re going to have to read the full review to know more about them.

Of course, none of that means Zoho Vault doesn’t have any faults.

It does have its limitations.

For example, Zoho is very ineffective versus two-page logins which you regularly come across on sites and online services such as,

  • Gmail
  • Yahoo
  • And many others.

Users who are on Internet Explorer shouldn’t expect Zoho Vault to fill their online web forms or do anything else because it doesn’t really support Microsoft’s old Internet Explorer.

The Standard edition doesn’t have automatic password changing feature.

Even worse is the fact that the automatic password changing feature supports only 50 popular websites.

All in all, Zoho Vault is a reasonably good password manager.

But other top picks such as,

are better.

Why?

Because they offer,

  • Automated password updates
  • Password inheritance
  • Secure password sharing

along with lots of other bonus features.

Then there is the Sticky Password Premium.

It has some of the most unusual features that we have seen in a password manager.

It offers super-secure syncing functions that it accomplishes via local Wifi.

Sticky Password Premium also handles tasks such as efficient management of passwords with great professionalism.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment