Ulasan Mendetail Pakar
Zoho Vault seemingly has it all: affordable pricing plans, a really feature-rich free plan, a long list on Two-Factor Authentication options and some cool user management features.
It’s a part of the Zoho business management tools suite, with a lot of other tools on offer alongside the Zoho Vault password manager. However, users just looking for something to easily store their password might find Zoho Vault to be a little tricky (and even time consuming) to use – the dashboard can be a bit confusing to navigate, and you might even find yourself in the wrong dashboard entirely (like I did). Password managers such as Dashlane and LastPass are much easier to get started with, with others, such as Chrome, automatically are included as standard in your browser.
I’ve tested almost 70 password managers in-depth, and of these, Zoho Vault left me satisfied but confused. Here’s why.
As a business suite, Zoho Vault’s password manager features are mostly focused on small business needs. That’s great for teams, but for individuals? Not so much.
But first thing’s first: Zoho Vault has several interesting features, such as their user management, and password assessment report.
Otherwise, everything is pretty standard: Zoho Vault has extensions from Chrome, Firefox and Safari: installing them takes an easy one click from the Auto Logon page.
One highly important thing to know: you need to be aware that each and every one of your passwords (or, as Zoho Vault calls them – ‘secrets’) can only be imported from another password manager by exporting them as CSV, then uploading them (and not, as with, say, Chrome, who capture your passwords as you navigate). That annoyed me a bit, and it could annoy you.
While I like that there are separate options for enterprise and personal use, I am a little concerned about how secure this function is. Unlike with other password managers – Chrome password manager, for example – that autofill your password and ask for confirmation once you’ve navigated to the site itself, having a one-click login (stored in your browser) could allow anyone using your device to login, or worse – leave your browser open to any lurking malware.
Password Assessment Report
In just one click, Zoho Vault will tell you exactly how secure your stored passwords are, and give you some tips about building a secure password:
That’s useful for both individual users and teams looking to rate the strongest passwords possible.
User management is included as standard for all of Zoho Vault’s plans – free and paid – although the paid plans have more user actions (notifications on user actions, setting limited-time acess), making their paid plans (more on that below) a perfect password manager choice for teams and even families.
Why only teams and families? Because for an individual user, there’s no need for multiple levels of user controls. For families and teams, however, a Super Admin has a huge level of control over other users:
That’s great for keeping information secure and separate from other users, even if a user adds something to the Vault, a Super Admin can change who’s allowed access to it.
Super Admins can also setup password policies for all other users’ password generation – for example, making users have at least two special characters, an uppercase letter and a number.
Audit: Check In on User Activity
Perhaps more useful for teams, the Zoho Vault password manager comes with the ‘Audit’ feature, which allows admins to check up on all users’ activity: their secrets (logins), user actions and ‘Misc’ (all user actions). This won’t be the most popular feature with teams and family members, giving off a ‘Big Brother’ vibe – especially when you think that passwords are called ‘secrets’ – it’s a bit paranoia-inducing.
Business users will find it useful that there’s a toggle function for enterprise and personal actions (Zoho Vault classifies a login as ‘Enterprise’ and ‘Personal’ based on how a user classifies that login when adding it as a ‘secret’), and the ability to exempt specific users and even export the findings.
Auto-Backup: Keep Your Passwords Backed Up and Up to Date
The auto-backup feature comes as standard in both paid and free plans, and is as simple to set up as navigating to the ‘Data Backup’ option under the Admin panel, toggling ‘Enable Backup’, and choosing a day or weekly backup. There’s also the option to exclude certain users from these auto-backups (maybe due to their security-related objections?). While the free plan allows you to backup your data…it’s the paid plan that allows you to backup and integrate your data to GSuite (Gmail), or Office365.
All in all, Zoho Vault’s features are suitable if you’re looking to store your passwords in one place, securely, and also receive feedback on just how secure those passwords really are.
But – and it’s a big ‘but’ – it does seem that these features are geared more towards multiple users, such as teams and families. But for a free version, individual users can simply ignore the features they don’t think they’ll need.
Plans and Pricing
Users are – by default – signed up to the Free version of Zoho Vault, with all of the features I mentioned in the above section.
The Free plan is the best option here for individual users covering everything they would need – auto-fill, password saving and the password strength report. The Standard plan ends up being more suitable for team users (and families) – in fact all of the paid plans are much more suitable for business and multiple users. What’s strange about this is that several of the Free plan’s features – such as user management – definitely sent me mixed messages.
The Standard plan is super affordable and more importantly, integrates with GSuite (Gmail) and Office 365 (which is likely more valuable for a small business). I can see why it would be attractive to both individual users and teams, and if you’re really into integration for automation, the Standard plan would be best for you.
I think Zoho Vault is a fantastic option for teams, and especially for organizations looking to actively control their users’ access. The Free plan is great for an individual user to try out, but for businesses, it’s just not advanced enough. Maybe this is intentional – that business users would try out the Free plan, like it, and upgrade – but in my opinion, business users are better off avoiding the Free plan completely and going straight to the paid plan.
For both the Professional and Enterprise plans, there’s a minimum of 5 users. While both may seem to offer similar features, at twice the price of the Professional tier, the Enterprise plan has some pretty exciting features, including notifications on password events, password request and access control, and even single sign-on for cloud apps.
Zoho Vault seems to understand that the best way to get users interested is to give them a 15-day free trial of the Enterprise plan, for up to 5 users. After this, if no subscription is purchased, the free trial will downgrade to the Free plan. Whether 15 days is enough time to really experience all of the features of the Enterprise plan is really up to your team – I think it should be enough time for most businesses (as long as this free trial doesn’t fall over a holiday period), but it might be too short of a time period for larger businesses with more users.
For users who decided to buy and then later want to downgrade or cancel their subscription, the cancellation will be instant and users will be billed only for the current month of their plan. Personally, it was easy for me to upgrade and downgrade – I navigated to the ‘Upgrade’ button in the menu:
clicked the ‘Upgrade’ or ‘Downgrade’ button, and that was all. – I was upgraded/downgraded.
As far as their money-back guarantee goes, Zoho Vault’s support had this to say:
All in all, for multiple users – teams or small businesses – I’d highly recommend the Standard plan. It has everything you’d need to manage a team, including user restrictions and password sharing.
Ease of Use and Setup
Zoho Vault is a little bit tricky to get the hang of at first. To put it politely, it looks awful when you compare it other passwords, like Dashlane’s super-smooth UI, or LastPass’ easily installed browser extension.
With Zoho Vault, after sign up, you’re redirected to this dashboard:
…which didn’t seem to be anything password manager-specific, not to mention that I couldn’t find anywhere to access the features mentioned above.
Because Zoho Vault is a part of the larger Zoho business suite, it turned out that I had to physically login from the huge range of options in the top left-hand corner menu:
…which took me to something that looked much more like a password manager:
As you can see in the screenshot above, while the browser extensions and mobile apps are clearly labeled, Zoho Vault includes a really strange YouTube video, telling you why you should sing up to Zoho Vault…which you just did, or you wouldn’t be seeing this screen.
What I’m trying to say is, that for users looking just for a place to safely store their passwords, Zoho Vault’s design choices are a little bit complicated.
Yes, individual users might find the password sharing comes in handy, but would you ever need to track other users using your passwords? I think it’s more suitable for users managing a team. The same goes for the ‘Groups’ options, which Zoho Vault describes as – ‘private spaces where users can share updates, documents and messages with other group members’.
For individual users, these are all interesting added extras, but are unlikely to add anything necessary for someone just looking to store their passwords! For small businesses, however, these two features could be very useful – especially the secure group chat.
Overall, I found using the Zoho Vault password manager dashboard pretty confusing, and a little bit irritating. While it was easy to add ‘Secrets’ (one by one, which was pretty infuriating, or by exporting your list from another password manager via CSV), every time I navigated away or was inactive for 5 minutes or so, I was logged out of the Vault and had to log back in. This might not be a big deal breaker for some, but it was for me.
Zoho Vault has browser extensions for Chrome, Firefox and Safari – good job on the variety there, and across each brower, the extension gives you access to view your Secrets and your vault, and add new passwords too – which is a bit strange, considering that you can also do all of that from the Vault itself, so why would you even need the Vault, if you have the extension?
I found out why – because, in the Vault, you can customize the type of Secret, which in the browser extension, you can’t. If that’s a big deal for you, then use the Vault. If it’s not, use the browser extension.
Whatever you do though, don’t waste your time with the mobile app. It’s an absolute mess.
The password generator works as it does on the web app, but adding secrets has to be done manually – I navigated to all kinds of websites – Facebook, my bank – and also tried out some other apps. The vault didn’t automatically capture any of the passwords at any of these sites or apps. That’s incredibly disappointing.
When it comes to the Two-Factor Authentication available to enter your account after logging out, I think Zoho Vault is pretty thorough. There are quite a few diverse options – from SMS and push notifications, to the Touch ID option (where you have to download an app onto your mobile device, and set up the touch ID, which comes in the form of a push notification). I opted for the Touch ID, and set up my fingerprint – which took about 5 minutes, but was very easy to login with once I’d set it up.
Zoho Vault utilizes host-proof hosting for all data entered. What this means is, that Zoho – the host – is completely independent of your data, and can’t access your master password or any other data you’ve entered. It uses AES-256 bit encryption, over an SSL connection.
I wanted to know more about this, and specifically, what would happen if I lost my master passcode – so I called Zoho Vault. The service agent told me that if that happened, there was no way to access my data again, and I would be sent an encrypted HTML file as a backup after the passphrase has been reset. If I would find my old passphrase again, I’d be able to reenter it to the encrypted file and recover all my data. This was good enough for me – and actually more reassuring that all my data would also be lost, meaning no one else could access it – not me, not Zoho, and not anyone else.
I think this would also be secure enough for most individual users with no sensitive data. Businesses, on the other hand, might feel more comfortable with an extra layer of security – because all it would take is one person logging onto another’s device and gaining entry to all of their sensitive data for a disaster to happen.
One major drawback of Zoho Vault is that, if you need assistance in a hurry – there’s no live chat option. Still, they do have a few other ways of getting in touch with support. Their form, outright asks how critical your request is (though I find it hard to believe that anyone would choose the ‘Nothing urgent, can wait’ option), and is sent straight to their support team) who they also give a direct email address for).
When I emailed via the online form and direction to the email address, I received a reply in 15 minutes straight. That’s pretty impressive – it’s not live chat, but it was fast, and I appreciated it.
As I mentioned above, I had a specific question and called Zoho Vault. The phone was answered in two rings – literally – which I wasn’t expecting! I was off the phone in 1 minute flat, happy with the answer I received.
Zoho Vault has local, English-language only phone lines for four countries: Australia, USA, UK and India, which the support agent told me, operated 24/5 – that is, 24 hours on Mondays-Fridays, and closed on Saturdays and Sundays. During the weekend, all non-urgent support will be suspended until the following Monday, other than urgent requests, which will be handled via email support.
Otherwise, Zoho Vault’s FAQ section is pretty thorough. I found most of what I was looking for there – although some of the classifications got a bit confusing. I found myself moving between the Help Documentation (step by step guides to adding Secrets, importing and user actions) and the FAQs, which were actual questions customers usually ask. I found it incredibly useful, and actually found the answer I needed in the FAQs.