Proton Pass now supports Passkeys

Looking like good news!


Wow. They really did cross-platform passkey support faster than Bitwarden.

I am a bit disappointed by Bitwarden, that they are so slow with their mobile apps.


Hmm… this might be the time to start to investigate if it is desirable to move to Proton Pass?


To be fair, Bitwarden does address this and their plans to improve the situation in the future in this post about how they’re moving from the Microsoft Xamarin framework to fully native apps on both Android and iOS. TL;DR, using this third-party framework was slowing down their mobile app development by forcing them to wait for Microsoft to implement things and making native apps will allow them to develop much faster.


Bitwarden don’t support passkeys to access the app on macOS. To my knowledge, they don’t even plan to implement it.

In my experience, Proton Pass has proven to work more effectively than Bitwarden, especially on Android and iOS. The lack of passkeys support was the only thing holding me back from transitioning to Proton Pass.


Good news. But there is same password for all Proton suite problem.

Purely theoretically this can cause problems. They have no access to your password, but have access to hash (Bcrypt). Also this password used to unlock keys that used to encrypt your data, including passwords. So if there will be extremely powerful computer (or probably botnet) it can crack password knowing only hash. By bruteforce. Locally. So no protection will help.

Please note that I am not talking about account protection (2FA will solve this), I am talking exactly about data encryption.

You can setup 2 password mode and it will solve this situation. But I would say that 2 different passwords will be better.

Super smooth sailing on my end on iOS, just waiting for new Firefox version to drop. Even sharing passkeys with family members has been easy.

1 Like

My problem with Proton Pass is the fact that it’s not separate from your proton account and you can’t disable Authenticator as 2FA even if you add a security key which is a big minus for me.

What I like about Bitwarden or 1Password is the ability to use only security key for 2FA and the fact they’re not tied to an ecosystem.


I just add the pin, it logs you out after 3 failed attempts. I saw someone post that they just added the TOTP and deleted it.

Browser extension for desktop just updated, passkey support now available.

Question on the topic of the TOTP requirement:

Would destroying the seed phrase mitigate most of the risk? The reason I say this is because I understand that both TOTP and security are only for login and don’t have any impact on the level of encryption. If your seed phrase is not saved, an adversaries ability to login will be severely hampered if they don’t have your passkey.