Why is Autofill so cool?

Nothing is more annoying than manually typing out online forms. Usually, when you sign up for an online service, you need to type out your username, password, personal information, and sometimes even your credit card details. If the website takes security seriously, it may also ask you to prove your identity with additional authentication methods. This is especially true when it comes to online shopping.

So, say you reach the final steps of purchase and you’re already pretty annoyed. Fortunately, Autofill effectively deals with the nuisance of filling out online forms, making it a smooth and seamless experience.

Powered by machine learning, Autofill constantly evolves and adapts, accurately identifying and filling fields in various forms, including sign-ups, logins, credit card details, and personal information. This ensures Autofill remains highly reliable, aiming to deliver perfect accuracy over time.

Pro tips: How to make the most of Autofill

Log in with a single click

Thanks to the Instant Login feature on desktop, NordPass allows you to skip all the annoying steps required to log in to a chosen website: landing on the page, selecting credentials, and performing on-page actions. Now, a single click is all it takes. All you have to do is follow a prompt to log in with NordPass.

If you choose not to log in using the Autofill feature, you’ll be asked if you want to enable it for future access to the website. Choose yes to ensure an effortless login experience. Alternatively, you can leave it disabled or even turn Instant Login off altogether in the NordPass settings section.

If you have multiple accounts on the website, select the account you want to use first. In such a case — let’s be honest — logging in with Instant login takes two clicks.

Autofill all credit card details and personal information

Some websites require additional information to authenticate the user or confirm transactions. You may know the case from Amazon asking for an ID to verify your address or an online shop requiring a billing address or security questions regarding your company credit card. We salute every solution that enhances your online security, but looking for and writing down all these additional details can be quite annoying.

Luckily, the Custom Field feature — previously available with password items — is now expanded to credit cards, personal information, and secure notes on desktop and Android devices. NordPass will autofill the data from custom fields added to your items. This way, you won’t have to look for your ID or credit card (if you even have it in a physical form, which is not always the case with business cards) whenever you want to buy something. Handy, right?

Bundle your websites or apps

Having separate password entries for apps from the same company, like Facebook and Messenger, even if you use the same credentials for all, can clutter your NordPass vault. It also takes extra time and effort to manage, especially with multi-domain websites like Microsoft that are frequently used at work.

At NordPass, we focus on the simplicity of use. That’s why we let you combine website addresses on your desktop, or app names on your mobile device, into a single password entry. This feature improves domain matching, making it easier to access your accounts across related domains. For example, NordPass can recognize microsoft.com and live.com as related, so you can access both without duplicating passwords. Instead of searching for each site individually, you’ll find the login details for login.live.com under “Microsoft,” and autofill will take care of the rest.

This feature, available on desktop and Android devices, helps simplify credential management. If you have multiple entries for related accounts with the same password item, you can merge them into one and delete the extras. Just be sure to manually remove the unnecessary entries.

Experience undisturbed flow

The best-in-class user experience takes constant improvements. Take a look at how Autofill makes accessing online accounts easier and quicker.

• Subdomain matching

The Subdomain Matching feature — available on desktop and Android devices — will prove invaluable if you use multiple subdomains at work (like department-specific sections of a company website). It’s designed to identify and autofill correct login information for each subdomain, ensuring a seamless access experience by removing the hassle of having to select from multiple login options every single time. You can enable or disable Subdomain Matching in the NordPass settings section according to your needs.

• Customizable autofill

You can adjust the autofill settings at any time by clicking the three dots in the autofill drop-down list. This allows you to choose a different item to autofill, search for the right one, or change how NordPass interacts with specific fields. Plus, you can use this feature to give direct feedback to the NordPass team.

• Disable autofill

To disable autofill on specific pages or fields, just right-click the input field and choose “Don’t autofill on this website” or “Don’t autofill this field.” This way, you can control when autofill is used, keeping your workflow smooth and uninterrupted.

What else to expect?

The Autofill may have already suggested using Email Masking or a Password Generator tool during the login process. Please note, that you can take advantage of both without leaving the page; NordPass will automatically save your new strong passwords as well as email masks.

On Desktop, we’ve introduced prompts to inform you in case you enter an unprotected website or log in with weak or reused passwords. The prompts can also warn you about breached websites to help you secure your accounts and resolve the breach on NordPass. However, if you don’t want to get these, you can now turn them off permanently in the “Notifications” settings section.

What is video conferencing software?

In basic terms, video conferencing software allows multiple users to hold live video and audio meetings online, making it feel like they’re having a face-to-face conversation even though they’re not in the same room. It usually includes handy features like screen sharing, chat, and file sharing to ensure efficient and secure video teleconferencing. It’s commonly used for work-related virtual meetings and online classes.

Cybersecurity risks in video conferencing

At the beginning of April, Zoom, one of the most popular video conferencing services, had a ton of security-related problems. Most of them revolved around poor encryption and data protection.

Zoom always stated that it offers end-to-end encryption. However, it turned out to be far from the truth. It only encrypts data in transit, and to make matters worse, the developers have encryption keys that allow Zoom to decrypt its users’ data.

Another problem Zoom had to deal with was so prominent it even has its own name — zoombombing. It’s a type of photobombing where hackers and regular internet trolls would get into people’s video conferences and post malicious links, pornographic images, or use obscene language.

Weak encryption combined with bugs in some of Zoom’s apps also led to 500,000 of its users’ credentials ending up for sale on the dark web. It doesn’t help that Zoom is known to collect and sell users’ data to third parties — without informing them about it.

Even though Zoom was quick to react and patch most of these vulnerabilities, new exploits are likely to arise all the time — both in Zoom and other video chat services. Therefore, you should always keep tabs on the latest cybersecurity news. Otherwise, you risk your private conversations, passwords, and business secrets ending up online.

What you can do to protect yourself

1. Make sure to install the newest version of the app the moment it’s available. Updates include security patches that are vital if you want to stay safe online.

2. Never share the meeting link or ID publicly — send it to the people participating in the call only. If your app allows it, set a password for your meeting. Need help with creating a strong password? Try our password generator.

3. Utilize other features your video conference app offers. Some have a virtual waiting room where you can approve every person. Others allow you to disable participant’s cameras and microphones and even kick them out. Learn about all the features of your secure video conferencing software and how to use them to stay safe.

4. Never accept video conference invites from people you don’t know. It might be a scam or a catfishing attempt, so it’s best to stay away from people you don’t know.

5. Always be mindful of what you say and show during a video call. Remember, everything can be recorded, and you never know where it will end up. So, don’t share any information that’s too personal or sensitive. Look for safer methods to discuss business secrets.

6. Even though many video conferencing apps offer encrypted video calls, you should still take additional safety measures and do some research. Make sure they don’t have any known vulnerabilities, the encryption protocols they use are bulletproof, and your own device is not infected with malware. If someone has control over your computer or phone, they will be able to listen in on your calls even with end-to-end encryption. Scan your devices regularly to make sure they are safe to use.

7. Be careful with apps you never heard of. Only download them from official app stores, and always check whether the developer is trustworthy before installing it. Hackers are known to create fake versions of popular secure video conferencing software that infect your phone with malware.

8. Usage of various video conferencing platforms is skyrocketing, and cybercriminals have their eyes set on them. Therefore, never reuse passwords, change them regularly, and come up with strong, complex passwords for your most sensitive accounts. If you need help remembering them — use a password manager to store them all safely.

9. Use Health Insurance Portability and Accountability Act (HIPAA) compliant video conferencing software to ensure the safe handling of sensitive health information. Considering that sometimes employees need to share their health data with people in other departments (e.g. HR), you should create a safe virtual environment where they can do that without worrying about security.

10. Make GDPR compliance a top priority to confidently use video conferencing tools while keeping data protection standards high. This approach will help you avoid fines and legal issues for failing to comply with GDPR regulations. Plus, remember that adopting GDPR-secure video conferencing practices is a way to not only protect your participants’ privacy but also enhance trust and credibility.

11. Use only strong passwords, that is combinations of letters, numbers, and symbols that are complex and unique enough to prevent cybercriminals or malicious machines from identifying them. Also, you should implement two-factor authentication to increase the level of cybersecurity at your company. With two-factor authentication, employees must provide more than just their password to log in to your company applications or access company data. This means, for example, that they will be sent a verification code via email or SMS, or asked to use their biometrics to confirm their identity

CISA guide for securing video conferencing

The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the US Department of Homeland Security, has released a guide on how to carry out video conferences in a secure way. In essence, CISA has come up with four tips that, when followed, can help you safely connect with others over a video chat. They are:

Make your network secure — Set up your router to use WPA2 or WPA3 wireless encryption standard, and create strong passwords for both the router and your Wi-Fi network.

Control access to your video conferencing software — Create strict policies, processes, and procedures so that only the right people can use your video conferencing software.

Create a secure environment for file and screen sharing — establish secure rules regarding the types of files that can be shared during a video conference. Also, if you want to make a recording of the meeting, let all participants know about that.

Use only the latest versions of your applications — enable automatic updates and follow a patch management policy to make sure your applications are up-to-date and as secure as they can be.

Most Secure Video Conferencing Software

Here are what we consider to be the best video conference tools available on the market today. They are:

ZoHo Meeting – a video conferencing platform that not only provides all the communication features needed to connect with other team members, but it also encrypts all audio, video, and screen sharing to make sure all information – both personal and business – is safe and sound. Using ZoHo Meeting, you can easily record your meeting and share it with the people you trust. Plus, as a host, you can “lock” the meetings so that they are fully private. This means you are in full control of who can join the meeting and be able to add/remove participants at any time.

Microsoft Teams – probably one of the most popular video conferencing tools available on the market, Microsoft Teams is a secure video conferencing service that comes with a wide range of features that can help you set up and carry out video conferences with ease. Not only does it allow you to connect with up to 10.000 people at once for a live event, but it also enables you to go from a group chat to a video conference with the press of just one button. This is convenience at its highest.

Pexip — a video conferencing tool that makes security one of its highest priorities. With Pexip, you can set up PIN-protected virtual meeting rooms that allow you to keep communication private. As a host, you can see all participants taking part in the meeting and thus be sure that no eavesdropping is attempted. If you are looking for a secure video conferencing platform, you should give Pexip a go.

Google Meet – a video conferencing service developed by Google that allows users to host and join virtual meetings. It offers features like screen sharing, real-time captions, and integration with Google Workspace tools, making it ideal for both personal and professional use. Users can engage in encrypted video conferencing through a web browser or mobile app without being required to install any additional software.

Zoom – another highly popular video conferencing platform that lets users set up virtual meetings, webinars, and online events. Offering features like screen sharing, breakout rooms, and virtual backgrounds, it provides functionality for both personal and professional needs. By allowing users to join meetings via a web browser, desktop application, or mobile app, Zoom makes video conferencing an enjoyable experience anywhere, anytime.

The battle of encryption standards

Encryption is the cornerstone of online data security. It ensures that confidential information is accessible only to its owner or authorized recipients, making it nearly impossible for cybercriminals to open or use the files, even if they somehow get ahold of them.

But there’s not just one way to encrypt data. Multiple encryption algorithms exist to help protect sensitive information, and naturally, debates arise over which one is the best.

In this article, we’ll dive into two leading encryption algorithms, XChaCha20 and AES-256. We’ll explore how they work and how they differ, trying to determine which one might be better. Let’s start by defining both.

What is AES encryption?

AES is a type of encryption that uses the same key for both encrypting and decrypting data, which is why it’s called symmetric encryption. It works by chopping data into small blocks and then using that single secret key to scramble and unscramble the information. Known for being both secure and efficient, AES is used by the US government and many other organizations.

How does AES encryption work?

To explain how AES works, we’ll dive into a bit of technical detail, but stick with us if you’re curious about the process. So, as already mentioned, AES breaks your data into blocks (each 128 bits or 16 bytes in size) and encrypts each block separately.

While the block size stays the same, you can choose between 128-, 192-, or 256-bit keys for encryption—more bits mean more possible key combinations and stronger security.

Encryption with AES involves several rounds of processing for each data block. For instance, AES with a 256-bit key goes through 14 rounds. Once encrypted, the data can be sent safely over the web, and only someone with the right key can decrypt it; otherwise, the data is unreadable.

What is XChaCha20 encryption?

Like AES, XChaCha20 is symmetric encryption, which means it uses a single key to scramble and unscramble data. However, XChaCha20 is also a 256-bit stream encryption type, with “stream” referring to the fact that, instead of dividing data into blocks, XChaCha20 encrypts each bit of data one at a time. Some argue that this makes XChaCha20 a better choice than AES, which is why XChaCha20 is often used in modern encryption systems.

How does XChaCha20 work?

XChaCha20 uses a 256-bit key and a 192-bit nonce to generate a keystream—a sequence of random numbers. It encrypts data by combining this keystream with the plaintext using XOR, which compares corresponding bits: if they are the same, the result is 0; if they are different, the result is 1.

This process scrambles the data in a way that can be reversed for decryption. The larger nonce size in XChaCha20 helps prevent security issues related to nonce reuse, enhancing its overall security.

Key differences between XChaCha20 and AES

We know that technical details can be a lot to take in. So, to make things easier, we’ve created a simple bulleted list that breaks down the differences between the two encryption algorithms. Here’s a straightforward comparison:

AES encryption

• Older: AES has been around since 2001.

• Block-based: Works with fixed-size blocks of data (128 or 16 bits).

• More complex: Involves multiple rounds of encryption with key sizes of 128, 192, or 256 bits.

• Hardware-dependent: Often requires hardware support for optimal performance.

• Prone to human error: Key management and nonce handling can be tricky, leading to potential errors.

XChaCha20

• More modern: XChaCha20 was introduced in 2014.

• Stream-based: Encrypts data bit by bit using a stream cipher.

• Simpler: Faster to implement with a 256-bit key and a 192-bit nonce.

• Less hardware-dependent: Doesn’t always require hardware support for efficient performance.

• Less prone to human error: Larger nonce size helps reduce issues with nonce reuse and simplifies key management.

The main difference between AES-256 and XChaCha20 encryption is that AES-256 is a block cipher, meaning it encrypts data in fixed-size chunks, while XChaCha20 is a stream cipher that handles data one bit at a time. AES-256 has a long-standing reputation as the “advanced encryption standard,” while XChaCha20 is relatively new but gaining popularity.

AES-256 encryption is more complex than XChaCha20, which comes with a few drawbacks:

1. The more complex the algorithm, the higher the chance of mistakes that could put your data at risk.

2. AES-256 often needs special hardware to run efficiently, whereas XChaCha20 works well on regular software. For example, newer Intel, AMD, and ARM processors support AES, but older or entry-level devices like Android Go phones, smart TVs, and smartwatches may not have built-in support.

3. Without that special hardware, AES-256 can be significantly slower compared to XChaCha20.

Use cases and industry adoption

As we discussed earlier, AES has become a popular encryption standard across many industries. You’ll find it widely used in finance, healthcare, and government services. However, XChaCha20 is starting to make waves, especially in areas where high security and performance are critical, like mobile devices and IoT applications.

One of the key reasons for its growing popularity is that XChaCha20 is less susceptible to certain side-channel attacks compared to AES, making it a top pick for situations that demand extra security.

XChaCha20 vs. AES – which is better?

Although both AES and XChaCha offer high security and are useful in various scenarios, the speed and simplicity of XChaCha20, along with its ability to run smoothly without specialized hardware, are making it a popular choice for many companies—even Google.

On top of that, key management is much easier with XChaCha20. The longer nonce it uses reduces the risk of collisions and simplifies the process overall, making implementations more straightforward and less prone to errors.

Here at NordPass, we know how crucial it is to stay ahead of the curve and provide our customers with the best, most up-to-date tech solutions. That’s why we’ve chosen XChaCha20 encryption for our password manager. With its speed, simplicity, and ease of use, it’s likely that more companies will follow suit in the future.

Bottom line

Both AES-256 and XChaCha20 are great at encrypting and, therefore, securing sensitive data. But XChaCha20 really shines when it comes to simplicity and speed, making it a better choice for situations where you need both top performance and easy setup.