Proton Pass (Password manager)

Today, we’re happy to announce another significant milestone in the growth of the Proton ecosystem with the launch of the Proton Pass beta for Lifetime and Visionary users. Invites will roll out over the next week, and you’ll receive an email from us at your Proton Mail email address when you’re eligible.
[…]
A password manager has been one of the most common requests from the Proton community ever since we first launched Proton Mail. However, while Proton Pass uses end-to-end encryption to protect your login credentials, it will be much more than a standard-issue password manager. This will become clear over the next weeks and months as we prepare Proton Pass for a public launch later this year.
[…]
We’re launching Proton Pass now for two primary reasons. First, joining with SimpleLogin increased our ability to develop a new password manager without impacting efforts on other Proton services. Second, passwords are such sensitive information that an insecure password manager is a risk to the Proton community. Proton Pass is not just another password manager. It’s perhaps the first one built by a dedicated encryption and privacy company, leading to tangible differences in security. For example, while many other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more).

Still limited to a few testers, not fully edited or released yet, obviously. They do point out that they haven’t had the green flag for the Firefox extension of it, recommending Brave Browser until then.

I tried searching for it in the Chrome Web Store (for Brave), and I can’t seem to find it.
Is it just me?

I managed to find it in Google Play Store though.

I mean I get it, limiting people/company/software/apps trust to less entities and maybe limiting the attack surface as well, but at what point does ito becomes all egg in one basket kind of situation?

1 Like

In my opinion, using any password manager is putting all your eggs in one basket. If someone gains access, all your accounts are compromised no matter which one you go with. So you might as well make it slightly more convenient by keeping everything in one place. Just my thoughts though.

10 Likes

When Proton Pass comes out I don’t see a reason to list Bitwarden anymore and here are a few reasons why just out of the top of my head:

  • This.

  • FIDO2 WebAuthn being paywalled.

2 Likes

If you don’t put your 2FA codes in it i don’t really agree but I get your opinion. Still passwords managers are the only way to make people use good password security so I don’t see a way without them.

Proton Pass is still in beta for now and we should wait a bit to see how things will evolve. Other password managers as of now are more feature rich. But i am confident this will become a good option and I probably will use it eventually

2 Likes

I had the same and asked the team. All Visionary users will get download links in the coming weeks.

Would still be worth being listed, as a self-host option. When self-hosting, most critics of their terms of services aren’t taken in consideration, and paid locked features are free.

Self-hosting a password manager isn’t something that I would recommend for an individual. But that’s just me.

I think the important thing to look forward to when looking at password managers is passkey support. Both Bitwarden and 1Password (the cloud options listed on Privacy Guides) have committed to supporting them.

I find it difficult to believe that Proton Pass won’t do the same, but I think we should at least wait until it’s stable/more feature rich. Password managers are critical pieces of software, so they require careful consideration before they’re adopted/recommended.

I disagree with de-listing Bitwarden, by the way, as they’ve shown that they’re willing to improve and have over time, but regardless, even if we were to have that conversation, it should be in its own thread, not here.

8 Likes

I stay with my local KeePassXC. I trust my computer more than any cloud

3 Likes

KeePassXC called out Proton for the narketing claims:
https://twitter.com/KeePassXC/status/1649417549510062081

9 Likes

KeePassXC has no chill :rofl:.

Their rants are not without merit though. In the grand scheme of things, it is fine.

2 Likes

I can definitely see where KeePassXC are coming from, but I initially read the Proton announcement and didn’t think it was a big deal since it obviously seems targeted towards commercial/mainstream password manager users (like LastPass) and not people who use KeePassXC or similar.

1 Like

Until more people get access to it and there is a more verified audit, I will stick with Bitwarden. Most probably I will migrate to Proton Pass, but also it is very important for me to have the same functionality as Bitwarden. I love to use the Bitwarden storage as a safe backup for really important documents that I can than Bitwarden shares automatically with my family in case of death(It is set to send them 60 days after the last login), which looks like it is not possible with Proton Pass.

3 Likes

I need it to be better than bitwarden, and maybe more closer to the features of KeePassXC but I am already a paying customer of Proton.

1 Like

Removing BitWarden, the most highly regarded password manager out there, because you don’t want to pay 10$/y for FIDO2 is absolutely nuts.

16 Likes

Yeah without articulating reasons why Proton Pass is functionally better, or shortcomings of Bitwarden, its crazy to suggest removing Bitwarden simply because Proton announced / is beta testing a new and unfinished password manager of their own. Especially onsidering Bitwarden is one of the two most well regarded password managers (the other being 1password), and considering that the main complaint seems to be there is a small and extremely fair yearly cost.

4 Likes

(Preface: Am paying Bitwarden user and am not advocating for de-listing of Bitwarden)

I don’t really understand why Bitwarden keeps FIDO2 WebAuthn behind a paywall though.

I assume maintaining FIDO2 WebAuthn support probably takes up some of Bitwarden’s resources.
But if they’re really serious about providing an open-source solution to password management with high level of security, then FIDO2 WebAuthn support really shouldn’t be the piece that they dangle in front of free users to entice them to pay.

Afaik, Bitwarden doesn’t do regional pricing, so $1 per month could still be a (minor) financial burden for some people around the world, compared to what $1 per month means to, say, someone in Europe or North America.
Security keys are even more expensive, but there are different ways of obtaining them for free or with heavy discount. And security keys have much more applications beyond just one service and doesn’t involve any recurring fees.

For a password manager, using FIDO2 WebAuthn as 2FA is probably the gold standard, for now anyways.
I wouldn’t trust or take seriously any password manager that doesn’t support FIDO2 WebAuthn (i.e. Dashlane afaik).
If there ever was a high-priority application for security keys, it’d be for password managers.

In this front, Proton Pass would definitely have an edge over Bitwarden.

Like others said, it is definitely premature to consider listing Proton Pass on PG, especially since how buggy and feature-poor some of Proton’s service have been at launch.
But Proton Pass should definitely be an option to keep at a corner of the PG team’s mind, imo.

EDIT: Forgot to point out that another PG-listed password manager Psono offers FIDO2 WebAuthn as 2FA even at the free tier.

1 Like

I don’t really understand why Bitwarden keeps FIDO2 WebAuthn behind a paywall though.

They’re allowed to make money dude. Wanting BitWarden to essentially be a non-profit company is absolutely nuts. They need to pay their staff somehow. This is even more ridiculous with their offers of self-hosted. It’s just 10$/y. You all need to get over it. That’s ridiculous.

They literally have the best reputation in the industry.

1Password doesn’t do regional pricing either and everyone licks their butthole. I say this as a 1Password user. Regional pricing is actually fairly rare in companies. Even without regional pricing 10$/y is dirt cheap except if you live in some GENUINELY financially destitute countries like Venezuela, Turkey or Argentina. The extremes of the extremes.

Otherwise it’s affordable by many.

9 Likes