Proton has launched Proton Pass Monitor

To keep you safe, we’re introducing Pass Monitor for our password manager, a new suite of security features to help you secure your data. Pass Monitor alerts you of account weaknesses and data breaches so you can better defend your online accounts against attacks. We believe security should be easy, so Pass Monitor watches out for you automatically and guides you through solutions in the event your data leaks from a third-party service.

Pass Monitor includes four layers of security:

  • Dark Web Monitoring: We scan illicit data marketplaces on the dark web to check if your Proton addresses, email aliases, and up to 10 custom email addresses have been leaked. If we find anything, we alert you immediately so you can take quick action to secure your accounts.
  • Password Health: This is like a checkup for your account security. We’ll let you know if you have any weak or reused passwords that need to be updated.
  • Inactive two-factor authentication: 2FA is a second layer of security in addition to a password that greatly reduces the risk of hackers breaking into your accounts. Pass will identify accounts where you can enable 2FA.
  • Proton Sentinel: Released last year, our Proton Sentinel program uses AI and human analysts to detect and block account takeover attacks. We’re rolling this feature into Pass Monitor.

Password Health and 2FA checks are included in Proton Pass Free plans. You can get Dark Web Monitoring, Proton Sentinel, and other advanced security features with our Pass Plus plan. Pass Monitor will be available to everyone on all devices over the next few days.

Strong passwords are critical for account security, but email security is often overlooked, even though most cyberattacks (like phishing) start with email. Proton Pass enhances security by offering alerts on potential threats and the ability to create unique email addresses for each account through hide-my-email aliases, significantly reducing the risk of cross-service attacks and data breaches.

Now we’re giving you even more proactive security coverage. Last month we launched Dark Web Monitoring in Proton Mail, which looks for leaks of the credentials associated with any Proton email addresses you have. But in fact, Pass Monitor goes even further by monitoring not just for Proton Mail addresses but also any hide-my-email aliases you’ve created and up to 10 (non-Proton) custom email addresses you’ve authorized. We use our own datasets of dark web hubs as well as those compiled by Have I Been Pwned and Constella Intelligence, leaders in digital threat management. We only share custom email addresses (with your approval) with third parties for Dark Web Monitoring.

Breach alerts provide details about what data was leaked, what service leaked it, when the data was found, and what steps you can take in response.

The combination of Pass Monitor with hide-my-email aliases is especially powerful because if any of your aliases leak, you can simply disable it and generate a new one while your real email address remains private.

Password Health watches out for all three weaknesses and gives you an overview of the health of your passwords at a glance. Not only do we tell you if you have any weak or reused passwords, but you’ll also see where it’s reused and offer suggestions to create a more robust password.

Pass Monitor includes Inactive 2FA, which checks whether you have 2FA enabled for all the accounts that offer it. Subscribers with paid plans can activate 2FA directly in Proton Pass’s built-in authenticator, which lets you autofill one-time passcodes. Activating 2FA is critical because it prevents hackers from accessing your accounts without the additional one-time security code, even if your password leaks.

All Password Health checks are carried out on your device, so your data remains end-to-end encrypted.

1 Like

They share personalized email addresses with third parties (with our consent) to monitor the dark web…?
Who exactly are these third parties?

Otherwise very good idea from Proton, even if I would have the same thing with SimpleLogin and that the addresses generated from it also appear on PP.

2 Likes

Regardless of the third parties, it’s not like the emails given to them aren’t known to be from proton itself - so, I don’t think this is a bad option.

Hopefully we do get transparency from these third parties though.

1 Like