Zoho Vault is a password manager that was created with businesses in mind. You can see this in its auditing and report generation options, which are helpful for small business owners. Most of its best functions are free, though you may want to pay the inexpensive monthly fee to add emergency access, sharing, and additional security settings for your account. Overall, Zoho Vault has improved considerably since our last review, though it lacks the diverse feature list you can get with some competing password managers. Proton Pass is still our Editors' Choice winner for free password management because it offers high-quality privacy and security tools like continuous dark web monitoring and email masking. NordPass is our Editors' Choice for paid password management because it offers a 30-day free trial and attractive, well-designed apps for all platforms.

How Much Does Zoho Vault Cost?

Zoho Vault offers a generous free plan that includes unlimited credential storage across an unlimited number of devices. The free plan includes access to the security dashboard and integrates with Zoho's business apps, like Desk, Flow, Mail, and Projects.

The ultra-low-priced Standard plan includes everything in the free plan but adds sharing options, passkey management, emergency access, and tools that may be helpful for small businesses or families, such as activity reports, admin controls, IP address-based access, and priority support. You can try the plan before you buy it for 15 days. The Standard plan costs just $12 per year when billed monthly, making Zoho Vault one of the least expensive password managers I've tested. Bitwarden still offers the cheapest premium plan at $10 per year.

The additional pricing tiers are designed for business clients. I'll discuss that pricing structure and included features later in this review.

Getting Started With Zoho Vault

(Credit: Zoho Vault/PCMag)

Zoho Vault has browser extensions for Brave, Chrome, Edge, Firefox, Safari, Opera, Ulaa, and Vivaldi browsers. Apps are available for Android and iOS devices, along with native apps for macOS and Windows computers. The company also offers a command-line interface for Linux, macOS, and Windows desktops.

To start using the password manager, sign up for an account on the Zoho website. While completing the sign-up process, Zoho Vault will tell you where the servers containing your data are located, which is great. I'll talk about this more in the data privacy section of the review, but I really appreciate Zoho's straightforward approach to disclosing customer data collection. That said, I don't like that Zoho Vault allows you to set identical account and master passwords; it's antithetical to the service's primary function.

Authentication and Importing

(Credit: Zoho Vault/PCMag)

While setting up your Zoho Vault account, take a few seconds to enable multi-factor authentication (MFA) for your account. First, click the Settings tab on the left sidebar and navigate to the tab labeled Enforce MFA. Then click the Enforce MFA button on the next screen. Zoho Vault then prompts you to download its free authenticator app, Zoho OneAuth. If you'd rather use your own authentication method, Zoho Vault accepts codes from authenticator apps, SMS-based OTP, and hardware security keys. In addition to protecting your account with MFA, you can unlock your vault using the Zoho OneAuth app, biometrics, a passkey, or a Yubikey.

(Credit: Zoho Vault/PCMag)

After setting up your authentication method, you'll want to import the passwords stored in your browsers or stored in your old password manager. Password importing was easy and seamless during this testing period. I was able to upload my Dashlane and RoboForm credentials without any hiccups.

Data Privacy Policies

Before I review and test a password manager, I send a list of questions to the password management company inquiring about its privacy and security practices. I want consumers to have plenty of information about the companies handling their data. I've included Zoho Vault's responses to our questions below.

Q: Has your company ever had a security breach?

A: No.

Q: What unencrypted information does the password manager store in user vaults?

A: All Zoho Vault data is end-to-end encrypted using AES-256 symmetric keys. This encryption extends beyond just usernames and passwords; it also includes password names, descriptions, stored URLs, tags, and more. As a result, even if encrypted data is accessed, its contents remain completely unreadable.

Q: What is the company's policy regarding selling or sharing customer data with third parties?

A: Your data is always yours - that is our commitment to users. We don't have an ad-based revenue model in our free and paid plans.

Q: How does your company respond to requests for user information from governments and law enforcement?

A: Yes, if required by law, personal data and service data (access logs and encrypted forms of Vault data) may be disclosed or preserved in order to comply with any applicable law, legal process, regulation, or governmental request, including to meet national security requirements.

The answers above reflect Zoho's easy-to-read privacy policy. However, something that caught my eye in the statements above is Zoho Vault's exceptional privacy commitment.

On the company's website, Zoho Vault notes that free online services always come with hidden costs, usually in the form of customer data. I've written about data-hungry mobile apps, and the worst offenders were free apps. Some companies take revenue from ads or third-party services integrated into premium plan apps, too. That's why it's such a relief to read that Zoho Vault's apps do not include "non-essential or intrusive third-party trackers of any type that try to gain access to users' data."

I encourage everyone to browse the company's privacy policy before downloading a new app. Decide how comfortable you are with data collection and how companies use your data, and act accordingly.

Security Features

(Credit: Zoho Vault/PCMag)

Zoho Vault offers some enterprise-level security features for paying customers. Free personal accounts are limited to password hygiene tools. To set up the security features listed below, navigate to your Zoho Vault account page on the web and click on the Security tab.

Geolocation and IP Address Filtering

The Geolocation and IP Address filter lists let customers block login attempts originating from IP addresses or locations not specified on their allowlist. The Device Logins section shows the location and device information of the Zoho Vault activity associated with your account.

Password Assessment

After you've captured, entered, or imported a few passwords, you can go back to your dashboard on the web and check out your Password Assessment Score. The score tells you whether your passwords are weak, reused, recycled, or old, or if they contain your username or dictionary words. 

It's a pretty short list of online safety features when compared with the competition. Here are just a few examples: Proton Pass offers password hygiene and email masking for free customers, along with data breach monitoring for paying subscribers. Bitwarden offers data breach scanning and password health monitoring at all service levels. RoboForm's browser extension sends data breach warnings and phishing alerts to customers. Dashlane, while expensive, includes data breach monitoring, phishing alerts, and even VPN access.

Hands On With Zoho Vault

After importing your passwords via the web vault, install one of the Zoho Vault apps or a browser extension. I tested the service using the Android and iOS apps and the Chrome browser extension.

(Credit: Zoho Vault/PCMag)

First, let's take a quick tour of the vault interface, with a strong focus on the Settings menu options. You can change the way your passwords display in the vault by tapping on the dotted icon in the top right corner. I prefer the default display, but the compact and icon display looked good, too. On the left side of the vault dashboard window, there are several menu choices. Click on the button labeled Settings to see a number of customizations you can turn on and off for your vault.

Password Policy

The Password Policy section is something familiar to anyone who uses a business-focused password manager. It's where you can choose to allow the password manager to create weak, semi-strong, or strong passwords by default. Zoho Vault defaults to the predefined Strong policy, which requires passwords to be 8 to 14 characters in length, using all character types, but this doesn't seem very strong to me. You can add your own password policy rules by visiting your web vault, clicking on the Settings tab, opening the Password Policy menu, and clicking the plus sign.

Similar Products

Our Current Picks for The Best Free Password Managers for 2026

Proton Pass

4.5 Outstanding

Best Deal60% Off for 1 Year Plan

Buy It Now

Proton

60% Off for 1 Year Plan

Read Our Review

LogMeOnce

3.5 Good

Best DealVisit Site

Buy It Now

LogmeOnce

Visit Site

Read Our Review

Zoho Vault

3.5 Good

Best DealVisit Site

Buy It Now

Zoho Vault

Visit Site

Read Our Review

Bitwarden

4.0 Excellent

Read Our Review

Create your own, very strong, very secure password policy. I recommend using a password with at least 20 characters containing mixed-case letters, numbers, and at least one special character. Feel free to use the settings in the screenshot below as a model for your policy.

(Credit: Zoho Vault/PCMag)

When you're done, check the box in the corner of the window to make your policy the default. In a multiuser situation, Zoho lets administrators enforce password policies that other users can't change.

Credential Capture and Replay

Now, it's time to start using the password manager in earnest. Whenever you log into a website with a credential that you haven't saved in your vault, Zoho offers to store it for you. You can give the saved password a label and add notes or tags at this time.

The feature worked, but it was a little clunky. After I created a new password using the browser extension's password generator, I clicked the Save button, but the generator window did not clear. Thinking I misclicked, I clicked the Save button again to close the window, but again, it did not close. When I finally manually cleared the window, I was surprised to find that I'd created three new credentials for this account, all with different passwords.

(Credit: Zoho Vault/PCMag)

When visiting a site with a login form, click the tiny Zoho icon in the entry box's right corner, and Zoho Vault fills in your saved login credentials. The feature worked as expected when using the browser extension.

Password Generator

(Credit: Zoho Vault/PCMag)

If you're familiar with password managers, you will find Zoho Vault's password generator familiar. Clicking it to create new credentials fills in a new, random password matching your specified password length, strength, and other requirements. You can also generate a passphrase instead of a password.

Oddly, the password generator within the Chrome browser extension defaults to 30 characters, and the iOS app defaults to 8 characters.

It's good to create policies that generate long and strong passwords, but the purpose of the Password Policy section in the account settings menu is to make your passwords uniform across devices, right? The platform-specific defaults don't follow any of the password policies I created or ones created by Zoho Vault, which is confusing.

Storage and Form-Filling

(Credit: Zoho Vault/PCMag)

To add specific kinds of data, like, say, a payment card or health insurance information, navigate to the section labeled "Passwords" in your web vault. Click on the Add button, then choose the data type under the Add Password section. You can also upload documents by choosing the option labeled Attachments for each data type, or upload documents via the File Store option.

(Credit: Zoho Vault/PCMag)

Filling in forms with information I stored in Zoho Vault was hit or miss. The browser extension consistently filled in my address and zip code, but just as consistently, it failed to fill in my names and email addresses. Filling in forms is not a problem for RoboForm (as expected, given the name), and I like that some password managers, like 1Password, allow you to create multiple identities and choose which one to use when you fill in online forms.

Password Sharing

Zoho Vault does not allow sharing for free accounts. Paid subscribers or Team account members who have been granted sharing permissions by the account administrator can send sharing password requests to other team members. Customers can specify the privileges afforded to the recipient, from one-click-only access to complete control of the credential.

I prefer password managers that make it easy for customers to share passwords with friends or family members who don't use the same password manager. For example, Editors' Choice winner Proton Pass allows premium subscribers to create credential links to share with non-Proton Pass subscribers. It's also worth noting that Keeper offers an exceptionally well-designed password sharing system that gives customers a lot of flexibility when it comes to granting credential access.

Emergency Access

(Credit: Zoho Vault/PCMag)

Most password managers offer digital inheritance options to make sure your loved ones can access your accounts in the event of your demise. Zoho Vault has something similar. You can immediately transfer ownership of any password you own to a designated person. If you want to revoke access, click the trash can next to the person's Zoho Vault account name. For business accounts, the administrator can forcibly acquire all the business-related passwords a user owns in case of a firing or other not-so-pleasant parting.

Auditing

(Credit: Zoho Vault/PCMag)

This is a business-first feature that may not be terribly helpful for personal account customers since it just tracks your activity in the app. You can use this function for your family, but be prepared to see what all of your family members are doing at all times within the app, which is a bit invasive.

If you don't recognize an IP address logged into the account or if you don't recall performing certain activities, it's time to change your passwords and alert Zoho Vault. This feature would be more helpful if you could block certain IP addresses or locations from accessing your account, as you can in the business versions of Zoho Vault.

Mobile Apps

Zoho offers apps for Android and iOS. For this review, I tested the Zoho Vault app using both apps.

(Credit: Zoho Vault/PCMag)

Last time I reviewed Zoho Vault's mobile apps, I noted that the credential creation process on iOS was pretty arduous. I'm happy to report significant improvements in the iOS apps' functionality this time around. I had no trouble creating new logins and filling in my existing credentials. Just remember to turn on Zoho Vault's autofill settings within the iOS Settings menu.

Unfortunately, I wasn't able to fill passwords using the Zoho Vault app for Android without handing over some pretty invasive permissions to the app. I tried to autofill my credentials after turning on the regular autofill settings, and when that didn't work, I had to go into the accessibility settings on my phone and give Zoho Vault complete control over my device. This is an excessive level of control for a password manager, and it's not necessary when using other password management apps I've tested, such as NordPass or Proton Pass.

The Personal-level mobile apps offer little functionality beyond password filling, which is surprising because most other password manager mobile apps include MFA code generation and storage, too. The Android app blocks screenshots by default, which is good.

Business Options

Zoho is known for its enterprise products, so it's no surprise that Zoho Vault offers many business-focused features. For example, Zoho Vault's paid personal plan includes collaboration tools like activity reports, user provisioning, and integrations with Google Workspace and Microsoft 365.

(Credit: Zoho Vault/PCMag)

The Professional plan is $5 per month for each employee (5 employee minimum). Subscribers can create and manage user groups and access activity and breached password reports.

The Enterprise plan is $8 per month per user and adds single sign-on capabilities, integration with Okta and OneLogin, and help desk integration. This tier also includes special, fine-tuned controls that allow admins to grant and restrict employee access to various features throughout the app. Single sign-on configurations for cloud apps and a user audit system (so administrators can see all password-related activity as it happens) are other important features for large organizations. 

In business-critical situations, having just one person holding the keys to the castle is a recipe for disaster. One convenient feature for Professional and Enterprise users is the Break Glass account for emergency access to passwords. You set up an emergency contact who has access to all the enterprise passwords, eliminating the dependency on a single password owner or administrator. 

Customer Support

Zoho Vault's free personal account customers can troubleshoot any technical difficulties by visiting the help page, emailing the support team, or requesting assistance via this form.

Paid personal and business account holders get priority assistance via the contact methods listed above, and they can also call to get priority assistance via the phone numbers in the screenshot below.

(Credit: Zoho Vault/PCMag)

Is Deleting Your Zoho Vault Account Easy?

Deleting your Zoho Vault Professional account is quite a process. I had to go through several screens to confirm that I wanted to delete my account, and I had to enter my MFA codes three times. That said, it's important to let businesses know the consequences of deleting password access for the company.

(Credit: Zoho Vault/PCMag)