(Not my post)
I’ve been using a ProtonMail free account for the pass 5 months. It was great, although I think I need a premium account as most features are locked.
Suddenly, Friday morning (9/8/24) I wake up to find out their faeture: abuse protection, which happened to suspend my account for “potential” policy violation. That’s about it they tell me when I try logging in. Upon reading docs, it says can be false positive and paid users are less likely.
I know spams/impersonation/fraud etc. can be, but why do I care, I never did such thing.
MY DUMB BRAIN: I stored all my 150 social/transactional account passwords used by me over the internet in Proton Pass. They were random generated, updated on their site and stored in Pass. I thought I was doing something cool. But now basically, I only remember password to my Proton account, and I’m locked out of all my other accounts.
I’ve been trying to reach Proton support on reddit DMs, their subreddit, on their support, I filled their abuse appeal form, not a single response anywhere.
IT’S BEEN 4 WHOLE DAYS and I’m flipping out for not a single response. Apparently, most people had their account false flagged.
EDIT:
Upon researching, I found out that I may have triggered violation of ToS that prevents creating multiple accounts. Although I only created total of 2 accounts, 1 was meant for my brother (account is still up and running) because he is not mature enough and I manage it for him. Although I saw many instances on from ProtonMail or a mod that it’s not an issue unless they are a lot. The number for “a lot” is not disclosed, but I believe you are allowed to have 1 free mail account for each family member. I will explain this scenario once they respond back.
I’m currently using proton pass and 1password for login details. Thinking about switching to Bitwarden once my 1password subscription expires. Always remember that for critical information and items, 2 is 1 and 1 is none. You want backups for everything important.
can be slow when you store 1k+ antries (passwords, etc)
its self-hosted version is so resource unfriendly that needs decent CPU as well as RAM to run smoothly; not to mention their CLI is far from being intuitive.
For login credentials, I always pick KeePassXC, it’s fully offline and very reliable, easy to backup, and I can roll back to older version of KeePassXC if necessary.
I sync my vault between my NAS, Proton Cloud, My Phone and my Laptop.
I used Koofr with Cryptomator. These tools are available on all devices and is fully cross platform. Worked well on iOS (with Strongbox) and on macOS/Linux/Windows via KeePassXC. Pretty sure you can make it work on Android too but I don’t use it so can’t guarantee.
Edit: FYI - WebDAV through Cryptomator Premium (one time small nominal payment).
Works well Syncthing. Also did it with Tresorit before, no issues
IMO, using 2 password manager for redundancy is PITA, and makes no sence. If you really want to use cloud-based PM, it’s better to export (& encrypt) it and store it on your device from time to time.
Also, I didn’t know you such think can’t happen with ProtonPass. Couldn’t you just go offline and open the program before it syncs to server (and blocks your account)? Anyway this is not how password manager should behave, and I suppose it’s because all proton services are connected to same account. It’s not news when Google or Microsoft do this, but I am surprised for Proton. Especially since it wasn’t resolved after 5 days. The reason I prefer samller providers is that you can actually get human support.
Hello. Bitwarden shows passwords even being offline. Does ProtonPass require to be online to retrieve passwords? That sounds so dumb, I decided I need to ask it. Just curious, I am not going to use Proton Pass anyway.
I saw some people use multiple cloud password managers. Why would you increase your attack surface and the amount of trust required by so much, why? Just have a proper local, encrypted offline backup.
The double account would be a very strange reason to block someone fully out. They could just have sent a warning first and come to a solution, straight up locking someone out of everything seems rather harsh. I would be surprised if this is the real reason.
That’s the main reason i’m not using Proton Pass even through i have Proton Unlimited. Not having seperate login credentials, but it being tied to your main proton account (which can be suspended) is just stupid IMHO. I guess you can export your database from time to time, but still.
It isn’t. They have no way to know if the same person owns multiple accounts, unless you have like a 100 accounts pinging them from the same IP address.
Here is the update from OP
With the help of an official from ProtonMail, the support was then quick enough (<40mins) to respond after sharing ticket number with them.
I triggered their abuse protection because according to the support, I have violated their ToS: Bulk account creation “on third-party websites”
Here’s the real deal. After I signed back in to my reinstated account. 3 email confirmation requests can be found in my inbox for signing up to a third-party service: crunchyroll. Which proves their claim that it was bulk signed up. Shortly after these 3 emails, an email from Proton was sent stating that they reserve right for action if I continue bulk sign up.
I guess Crunchyroll reported the abuse of specific emails, since they have done something similar before. Could also be Proton’s anti-spam kicking in on suspicious activity.