After rolling out its password manager to a limited number of users in April, Proton has finally released the service to the general public. The tool, called Proton Pass, uses end-to-end encryption to keep your usernames and passwords away from third parties, including Proton itself. It also lets you create and store randomly generated email aliases that you can use in place of your real address.
I don’t care which password manager you use, as long as you use one (and it’s secure). It’s such a game changer.
so this means use a password manager that isn’t lastpass.
Yeah, not lastpass. Migrated from them to 1password.
It looks pretty good. I’m well ensconced in bitwarden, but I’d totally check this out too.
Security wise, there´s probably no reason to consider leaving Bitwarden. Feature wise, bitwarden already has almost all bases covered when it comes to being a password manager. UI is where it would probably be easiest to get ahead. Pricing on the other hand seems a bit expensive on Protons side. The have the “limited offer” now for 1€ a month, which is already 2€ more per year than Bitwarden, but they write that the regular price would be 4,99 a month, which would be beyond rough compared to BW.
I’d assume there’s a price tier that includes their other premium services though I think? So you’d also get multiple email addresses with them, 500gb cloud storage, and their VPN’s premium features. Not everyone will want all that but if you do it seems like a good deal as a bundle.
I’ve been using their vpn for maybe 2 years now - i get great service. But switching pw manager from bitwarden seems like a lot effort on my part at this point :-)
For extra 2€ a year you get to keep your passwords overseas……might be something worth considering.
What does “keep your passwords overseas” mean?
Proton’s servers are in Switzerland, and they comply with all EU privacy and security laws. Majority of other password locker solution are US companies, so their equipment and data is subject to US federal and state laws, NSA/DHS surveillance, etc.
Ah I see. Well, I live in Germany, so that’s why I was confused about the overseas party.
Ah yes, pardon my North American assumptions… 🙃 Although theoretically we could turn this the other way around - you as German would still be subject to US laws for any data that is stored on US servers - including Bitwarden cloud saves.
I would. But I also trust in both bitwardens word as well as what I read (I actually did back when I decided to use bitwarden) in the external audit concerning the encryption of my vault. So, as things are at the moment, the feds can raid bitwarden, or azure for that matter, all they want, they will still not get my passwords.
BitWarden user as well. LOVE it. I really can’t imagine life without it.
Yeah, I use both Proton and Bitwarden, and unless they allow self hosting for Pass I simply won’t be using it.
If you have IOS, then their password manager has all the features proton has, fake emails, 2 factor encryption, for free, these are paid features on proton.
On the other hand proton is open source. and can use it on non apple devices, android, linux, windows.
Proton open source is mainly a marketing facade.
All the code is in a giant repo all mixed (drive, email, and so on) with no documentation whatsoever. Technically it’s open source, but you can’t take it and self host the service like you can do with a real open source product
Edit: I just watched and it’s even worse than I imagined. No server components are open sourced and the client parts are hard coded to access the official servers. It’s like if I say “this car is open source. Except the engine, all the parts are proprietary design to work only with the secret engine, and anyway there aren’t any instructions, good luck with your diy”
The point of open source isn’t necessarily that you can self host it for free. If you want to only use services you can host yourself that’s fine, but that doesn’t make proton’s model wrong or bad.
As for the server, you have no way to verify they’re running what is in the repo, so you have to trust them anyway. Open sourcing the server-side components doesn’t accomplish anything other than making their spam filtering easier to bypass.
In models like this (and bitwarden), all the magic happens on the client (which IS open source), so the server can be dumb and more or less untrusted. If you use the Open source bridge application you don’t even have to trust the JavaScript coming from the server. I can compile the bridge and mobile clients myself and have reasonable confidence that things haven’t been tampered with without having to trust the server despite it being proprietary.
I guess to me, being open source is more about the ability that it can be audited. I don’t care whatsoever about hosting my own proton mail / drive / vpn (which I use constantly all the time) but I do care if it’s audited and secure.
That said, I know they claim to be open source and audited, but I’ve never double checked those claims. Probably should.
To name more alternatives, Bitwarden is 10 € per year and you get to support an open source project.
Unfortunately I need my password manager available on all the platforms I use. I love Apple’s, and I totally trust them with my data, but I can’t install it on any browser or my Windows or Linux machines so it’s a nonstarter for me.
Honestly, it’s just better to use bitwarden, as they have more reputation, or keepass and syncthing if you want to keep your passwords off the internet completely
Better use Bitwarden + self-hosted server like vaultwarden.
What are the advantages? :)
To keep passwords safe due to not using anyone’s cloud infrastructure? :)
Yes, of course, there are many more things to take into account when choosing password manager, especially self-hosted. But IMO these things should be self-hosted in first place. Remember all these LastPass breaches?
I don’t see any reason to migrate away from 1Password, which works great for me. I have a family plan and everyone in the house has their own personal vault.
For me it was the subscription that pushed me away. Now on BitWarden, very happy.
I use Protonmail and I really love it. Has anyone had experience with their password manager?
Anyone able to find the source?
I really want to try this out, but there isn’t MacOS Safari support. :(
My Bitwarden Subcription was about to renew, so I subscribed to Proton Pass and its pretty cool
Proton’s new password manager not only applies E2EE to your passwords but also the usernames, web addresses, and all the other fields associated with your login information. In a blog post explaining the service’s security model, Proton notes that “all cryptographic operations, including key generation and data encryption,” happen locally on your device, which Protons says it can’t decrypt, even if a third party requests it.
No support for passkey yet, but coming.
I love the built in 2factor
I started using it on Firefox now, seems pretty good so far. Maybe I’ll stay, or go back to Bitwarden. Who knows.