yes a lot
i even sent a DM to the CEO of Proton on twitter but i didn’t get any reply. of course they don’t care what happened to a user i’m just a simple man against a big company and i have no hope of getting my proton account back. is my fault because i was so dumb to believe proton advertising about privacy and user respect.
after proton i went to skiff and you guys know what happened to skiff.
now i’m in tuta because i have no choice. maybe i should give up about privacy in email.
a few months ago i created a new account in proton but i was so stressed about it this account would be deactivated for any shitty reason too so i deleted the account.
i know my message has nothing to do with the topic sorry Privacy Guides. i just wanted to say be careful with proton.
Tuta is worse. They are actively censoring topics and posts in Reddit in which are criticizing them. Maybe you can try mailbox.org?
Edit. Maybe go for business class emails like Microsoft 365?
@Son i tested both of your services, both are great for me.
But for now I have issues with following:
- No Proton Pass (PP) to SimpleLogin (SL) syncing. This will cause errors if you for example remove created in PP alias directly in SL
- No separate AKA Master Password for PP. For now it uses same password (or passwords if 2 password mode enabled) as your account
- No free sending feature (only for new accounts). I think there should be another way to solve situation with abuse. You should have something that other services not provide
- No E2EE in notes section in SL (but with E2EE in note section in PP)
For now 
service. It is definitely better than Addy (limited bandwidth) but have some issues that better to solve.
This only happens on the free plan (which is very prone to abuse), not for subscribers.
I’ve seen the reports on Reddit and they’re free accounts.
This is very worth mentioning because this does not affect subscribers.
Also, regardless, it’s always important to have backups, especially of your password vault.
If someone has access to your mail it’s the same thing as well because they can reset all passwords.
That is why 2FA exist. If I will tell you login/pass to my password manager and you still won’t be able to log in to twitter. You won’t be able to reset email either, 2FA is still needed. And password manager do not has 2fa codes or recovery codes.
I will give you my email login/pass, and you won’t be able to reset my twitter password. You still need 2FA code for reset. Also twitter do not knows my email. I myself do not know which email knows twitter, it is some forwarder service. How are you going to know that email to reset? Well, probably Twitter is not good example and they will allow to reset by username.
–
Now We need some third guy who I give my 2fa phrase or recovery codes. He won’t be able to login without password though… He now needs 1 of you guys.
Or anyone of you both need that 3rd guy to login to twitter.
That is 3 different eggs in 3 different baskets.
At one point I recall seeing a post that said there’d be a feature coming that would allow you to use ProtonPass as a 2FA for your Proton account itself, is there any progress on that? Or, is there a recommended other method of securing your Proton account if you don’t want to use a separate 2FA service?
I guess it depends somewhat on what you mean by “don’t want to use a separate 2FA service.” When you say service are you referring specifically and only to hosted services or do you mean you don’t want to use a separate app, or hardware device. If so, what will you use as the second factor for Protonpass itself?
The only other option for a 2nd factor I can think of would be using an entirely different type of second factor (Typically, the norm is that the first factor is “a secret you know” (e.g. a pin or password) and the second factor is normally “something you possess” (e.g. a phone or yubikey), however an alternative to using “something you possess” as the 2nd factor, would be using “something you uniquely are” (e.g. fingerprint or iris or voice print), but I’m not sure if this is possible with Proton.
If I’ve misunderstood what you are asking and you are open to an app or device, consider a TOTP app (like Aegis or 2fas) or a hardware device (like a pair of yubikeys). In my eyes the two most important accounts to protect with strong 2fa are your password manager and your primary e-mail.
Some links:
Ah so, I was referring to the post I saw here I believe:
https://www.reddit.com/r/ProtonPass/comments/14oj9ij/comment/jqhkge1/
"Currently, you cannot and should not use Proton Pass to store your Proton 2FA. In fact, in our Proton 2FA guides, we don’t recommend this for this reason.
However, one of the upcoming features in Proton Pass will be a way to store Proton 2FA, and have Proton 2FA be accessible without requiring Proton 2FA."
Sounds nifty, as it seems a bit cumbersome to have a secondary 2FA tool installed exclusively for getting into Proton. (And my apologies, I probably should have said “tool” rather than service) But I don’t think this has been implemented, so I was wonderin’ if they had another workaround.
Using 2-password mode could work I suppose, but my understanding is that it isn’t as secure. But yeah I think you’re right, just have to bite the bullet for now.
Indeed this does sound interesting. But I don’t fully understand what it is that they are saying. I have a few guesses (involving the ways in which 2fa secrets could be stored in the protonpass mobile app), but it’d be better to get some clarification from someone with actual knowledge of what is planned. Hopefully @son or someone else can provide some context.
My understanding of Multi-factor authentication, is that the above is not 2fa, requiring two passwords is requiring the same factor 2 times, as opposed to 2 distinct factors that complement eachother. That said, it (might) still be a step in the right direction (I say might, because I can’t currently think of many scenarios where an adversary could attain one of the passwords but not the other, but that may just be due to my lack of imagination or lack of technical depth).
However, one of the upcoming features in Proton Pass will be a way to store Proton 2FA, and have Proton 2FA be accessible without requiring Proton 2FA.
Some final details might change but the way it will work is Pass will act as the 2FA authenticator for your Proton account on a “trusted” device that you choose. When you log in on another device, you can approve the login attempt from the trusted device. You can also add the new device to the list of trusted devices.
But please note that this doesn’t change our recommendation of storing the recovery code in a separate location, for ex on a paper that you leave in a safe box.
Thanks for the clarification. That would be excellent.
So I did a brief check on Proton Pass features again that were added since I last commented here 6 months ago.
There were lots of features but it still has no file attachment support which is a huge deal breaker for me. It is great that they increased the number of vaults to 50 from 20 recently. I still don’t like that they don’t have organizational features like nested folders or tags but I can tolerate it since they increased the vaults to 50 (dunno if this is a technical limitation). If they get file attachment support, I might swap over from Bitwarden just for the beautiful UI.
A browser app has been added a month ago too which is good. No desktop app yet but I don’t really mind it but some people here might.
Also keeping track of changes for Proton Pass is REALLY annoying. I made a suggestion about this on their subreddit to have a single place for their changelog but it looks like there still isn’t one. They previously wrote changelogs on their Firefox browser extension page but they recently stopped doing that. I WANT Proton Pass to succeed but digging through Reddit posts and their social medias is a chore. @Son Can you please tell the higher ups about that? Even a plain text README.md file in a GitHub repository would be fine. Just something that I can quickly check if file attachments feature is added.
No, it will not be fine. That would introduce huge mess. There are better places for changelogs. Like dedicated webpage that grabs changes from CHANGELOG file within repo.
Expensive lesson to not have all your data relying on one party it seems.
Always have your own backups.
Anyway do share your support number. AFAIK @Son works at proton so actually might be able to help you out, obviously given you didn’t break their terms.
The changelogs for Pass can be found on
-
android-pass/CHANGELOG.md at a4e6552ab37ba3ad20e6cc4ea0d1f74046d4a650 · protonpass/android-pass · GitHub for Android
-
ios-pass/CHANGELOG.md at f4a6e1f601840b5e9c27ebb6bdbeb5c45d020401 · protonpass/ios-pass · GitHub for iOS
-
WebClients/applications/pass-extension/CHANGELOG.md at c3724631c15d5689852e9286ad6da63461f77af6 · ProtonMail/WebClients · GitHub for browser extension
It is great that they increased the number of vaults to 50 from 20 recently. I still don’t like that they don’t have organizational features like nested folders or tags but I can tolerate it since they increased the vaults to 50 (dunno if this is a technical limitation).
To sync data between devices, each vault is synced separately, so increasing the number of vault is synonym to adding more load on servers. We’ve optimized our code a lot recently to reduce the load and that allows us to increase the vault limit.
Oh hey, thanks! Missed the CHANGELOG.md file when I went over that repo.
Thanks for the explanation on the vaults. Didn’t know the vaults were synced separately. And 50 is more than enough for me so I don’t really mind.
I just need the attachments feature before I can move. I currently have a lot of them per entry over at Bitwarden. I know I can technically just store them in Drive, but I want to have some association with the files with each entry (e.g. when I delete the entry, I want to delete the associated files). Plus it’s just way more convenient for the app to handle that.
After that, I don’t really have much complaints. I’ll primarily be using the web app anyways.
i don’t need to pay for email right now even 500 MB is enough for me
oh man this tuta UI made me crazy i really can’t stand it.
for now i’m using skiff for sending email then maybe i go back to icloud
true, but sometimes you forget and you don’t expect your account to be completely closed.