Proton Pass: new password manager announced
Proton, the Switzerland-based company known for its Proton line of products, including Proton Mail, Proton VPN and Proton Drive, announced the launch of Proton Pass today.
Proton Pass is a password manager that complements the company's growing portfolio of products and services. It is launched as a beta version and access is limited to Proton Lifetime and Visionary customers only at the time. Eligible customers will receive an email with the invite to test the new product. The company plans to launch the final product later in 2023.
Proton notes that a password manager has been the most requested feature from the Proton community since it launched its first product, Proton Mail. The company highlights that security and privacy have always been the cornerstones of its products, and that this is also the case when it started to design Proton Pass.
The ability to develop the password manager came after Proton's acquisition of SimpleLogin, an email alias service. The acquisition allowed Proton to create a development team to develop the new password manager without taking away resources from its other products.
Proton Pass is described as an end-to-end encrypted password manager that is based "on the same well-tested encryption that secures the rest of the Proton ecosystem". Since it is end-to-end encrypted, Proton Pass does encrypt all data, and not just some data.
Recent data breaches, the LastPass hack being the most prominent one, demonstrated the dangers of not encrypting all data fields.
End-to-end encryption ensures that "all cryptographic operations, including key generation and data encryption, are performed locally" on the user's device. In other words: Proton or anyone who is able to gain access to Proton servers or infrastructure, can't access the data.
The first version of Proton Pass supports the storing of the following types of data:
- Credentials, including username and password, and second-factor authentication codes.
- Notes, a free-form text field that accepts any plain text.
- Aliases, since Proton Pass supports the creation of email aliases using SimpleLogin.
Proton published technical information on the security model that Proton Pass uses. Customers may create multiple vaults, and each vault may contain multiple items.
The password manager supports sharing from the get-to, using the same "battle-tested secure sharing encryption models" that Proton uses in its Drive and Calendar products.
The Proton Pass beta is available for the desktop, with browser extensions available for Brave and Chrome, and for the mobile operating systems Android and iOS. A Firefox extension is also available, but Mozilla has not approved it yet.
Additional information is not provided at this point, including whether imports are available, pricing, or which features the password manager supports out of the box.
Closing Words
A password manager is a natural extension of the services and products that Proton offers. Its success depends on a number of factors, including its feature set but also price.
Now You: what password manager features do you require?
“Recent data breaches, the LastPass hack being the most prominent one, demonstrated the dangers of not encrypting all data fields.”
Or maybe it demonstrated that using password managers is less secure than not using password managers, so the opposite of what you’re trying to convey here with Proton Pass ?
Interesting. However, my guess is there won’t be a Linux client – almost certainly not one that runs on openSUSE.
So, not giving up my locally-controlled password manager, KeePassXC, for this.
I like Protonmail, but I’ll keep my pws on KeePass on my own hardware, thanks.
I just want one click filling of passwords, OTP, name, adress, phonenumber and so on, credit card credentials on web pages. And syncronised to other devices. I dont share passwords. And BW gives just that for a reasonable sum of money.
The number 1 feature I require from a password manager is the “inability” to access, or be accessed from, any kind of external source.
Doesn’t Proton have a weird relationship with Tesonet?
Don’t like this Single point of Failure that Proton become, if they are breached you lose everything at once (VPN/MAIL/CONTACT/FILE and now PASSWORD).
If proton is breached the black hats will get practically nothing except access to millions of blobs of fully encrypted data which they’ll likely never be able to crack, since the decryption keys are all on the user’s computer.
However, if the user is spear fished and hands over all their login credentials and two factor key, then yes, they would be truly screwed. The black hat would then get all their encrypted emails, all their encrypted cloud storage, and with this would get all their passwords and 2FA’s for every other site. So that’s the reason it’s probably not a good idea to combine email provider and password manager credentials all in one.