Proton Pass (Password manager)

youdontneedtoknow22 · February 26, 2024, 6:45pm

I just want to make a comment about a killer feature/bug that would make Proton Pass very unreliable for grandparents/old parents (if it’s true).
I thought it was a bug on my side when I first tried Proton Pass and deleted it, but it really does seem to not save the suggested password on its own? It just gets copied and it’s your thing to save it then.
The Admin replied there with no shown interest in fixing this.

Son · February 26, 2024, 9:17pm

The generated password is supposed to be saved during the autosave process after you sign up for an account. In case the autosave doesn’t work correctly, you can find the generated passwords in Menu > Advanced > Generated passwords.

Unfortunately a lot of websites don’t follow web standard and practices and hence sometimes the autosave doesn’t pop up - we keep improving it, it’s a never ending feature.

Autosave:

Generated passwords:

ph00lt0 · February 26, 2024, 9:21pm

I actually didn’t know this, good info.

timo · February 26, 2024, 9:25pm

@Son, can I ask you two questions?

If Proton Pass domains using simplelogin MX records, that means that it run on same infrastructure? Why when deleting alias created in Proton Pass through simplelogin I try to delete it in Proton Pass I get an error?
Why SimpleLogin still not using Proton Captcha?

Son · February 26, 2024, 9:44pm

An alias actually exists in both Pass and SL. You can see SL as the alias backend for Pass. When you delete an alias in SL, the alias in Pass still exists but it points to nothing now, hence the error you see. We’ll fix this error in the next version.

Why SimpleLogin still not using Proton Captcha?

There are a couple of reasons:

a) It’s not that simple. Proton apps are SPA (single page applications) whereas most SL apps are classic web apps. Proton captcha is designed for Proton specific use case.

b) SL doesn’t have the same challenge as Proton when it comes to abusive signups. So far, the hcaptcha SL is using is enough to prevent that risk.

timo · February 26, 2024, 10:01pm

But somewhere (maybe I am wrong?) I read that SL got a problem with abuse.

If it is not evil reCAPTCHA I am ok, I was just curious

That was my question. Then why all alias domains from SL will have reverse alias simp*elogin.*o (hidden to avoid bots) but Pass domains have reverse alias domain the same as alias domain? Isn’t it better to separate domains?

youdontneedtoknow22 · February 26, 2024, 11:42pm

I can totally understand how Websites not following standards could lead to this bug, but it’s been known for over 8 months with many reports on your subreddit for it. I tried Proton Pass for like 2-3 Websites I knew and it was very obvious from the beginning that some passwords were not saved.
I didn’t have one such case while using the built-in Password manager in Firefox since 6-7 years. I don’t know how Bitwarden handles this, I hope other users could give us some info if they faced such thing.
Of course it’s up to PG to decide this, but I would definitely not consider Proton Pass a password manager for the public at this point.

Here are some reddit posts about this:
https://www.reddit.com/r/ProtonPass/comments/1695b3l/proton_pass_doenst_detect_new_logins_new/

https://www.reddit.com/r/ProtonPass/comments/14z9tcq/proton_pass_does_not_save_changed_passwords/

https://www.reddit.com/r/ProtonPass/comments/1475tov/chrome_extension_for_proton_pass_not_saving/

https://www.reddit.com/r/ProtonPass/comments/17vcavs/not_saving_generated_passwords_as_new_login/

https://www.reddit.com/r/ProtonPass/comments/15zak4s/password_autosave_not_working/

Update:
Bitwarden seems to have a very similar problem. Here’s a link for the bug report, it may help.

github.com/bitwarden/clients

Bitwarden does not prompt to save or update credentials

opened 09:39PM - 18 Feb 21 UTC

cscharf

enhancement ux browser

## Describe the Bug We are aware of many sites' login forms where the Bitward…en browser extension either on a single platform/browser or multiple will not prompt the user to save a new password or update an existing password. ## Expected Result When you enter new credentials into a login form, or register for a new user account on a site, you should be automatically prompted to save those credentials upon submission by the Bitwarden browser extension. When you update your password on a site and you have a matching login in your vault, you should be automatically prompted to update those credentials upon form submission. ## Actual Result This works sometimes, but not always and it can depend on _many, many_ factors. Some sites simply don't work, some don't work consistently and others who knows. This is what we're aiming to fix! ## Call to Action Below is a link to a Google Form that we have created for capturing information that will help us track down all of these login pages and registration forms where Bitwarden has failed to prompt you to save those credentials. You may submit as many as you like, just please help us help you and the community by providing meaningful information and only those sites/pages where it legitimately doesn't work. [Report failure of prompt to save credentials](https://forms.gle/tJXZSr4WwDqjq6vv5) If you've been sent to this issue because another issue you had open was closed as a duplicate, thank you for taking the time to submit the issue to us, however we truly need to track this under a single item in aggregate fashion so we can manage it holistically and ensure we're taking broad measures that will improve this behavior with the maximum benefit to all. Please consider using the linked form above to submit the prior sites you had reported in the issue closed.

Encounter5729 · February 27, 2024, 4:37am

One of the issues with Proton Pass, is that it uses the same credential as your other Proton accounts. This seems high-risk, plus the fact that this is only web-based (no desktop app),DOES IT ASK for password each times ? (barred //means that any open laptop (or hacked) will have all their passwords on the clear.//)

For recommendation, I think there should be :
1)Native apps on Linux, Windows and MacOS,
2)Require an extra PIN code by default, and option for a full password.
3) Guarantee that you wouldn’t be blocked from accessing your passwords if there are abuse in other Proton products.*

*Imagine someone takes your phone, send in bulk email, and then you have lost all your passwords!

For those that use it, could you say if it is usable offline?

Mesk · February 27, 2024, 7:54pm

Now the only issue is not having separate password from account (it will be even better if it will be additional password)

Encounter5729 · March 1, 2024, 4:58am

Well, they have a windows app that’s great, fix a lot of concerns. Two caveats : not for MacOS and Linux, the offline mode is only available with Premium. *

This is ridiculous. For people with bad connectivity or behind a firewall, this is a “death” blow.

Furthermore, Bitwarden isn’t blocked by any government (AFAIK), while Proton domain is.

*(See their blog post Proton Pass Windows app is now available for everyone | Proton)

Tech-Trooper · March 1, 2024, 11:06am

It’s frequently discussed like if putting eggs in the same basket or using same credentials are high risk or not. If you have 2FA and a good password, I don’t believe it’s a high risk using same credentials for proton pass. It’s mostly theoretical.

ansap · March 7, 2024, 10:25am

Bitwarden desktop app doesn’t even support offline mode either the last time I checked.

If you don’t close Proton Pass, then all data is there when there’s no internet.

ph00lt0 · March 7, 2024, 11:25am

correct

paul · March 7, 2024, 1:13pm

I just tested and Bitwarden on Windows works while offline. I can export my vault and copy psswd.
What do you mean by offline mode here then ?

ph00lt0 · March 7, 2024, 2:49pm

What we generally understand under offline mode is that you can use the application, access your data within the application without internet connection. An export is not considered offline mode.

Encounter5729 · March 10, 2024, 9:10am

As said by paul, you can visualise all your passwords offline. Even the password verification seems to be done offline, as when I change my password, it takes days to update on all my devices.

To be clear, I don’t know if you could use it weeks without internet, but it doesn’t requires a constant connection, like all Proton products do.

On a side not, Proton Pass webapp DO NOT require any PIN or password by default after the initial login. They do prompt you to enable a pin, but nothing mandatory. This is insecure. By contrast, Bitwarden ask you your vault password every 15 minutes.

youdontneedtoknow22 · March 16, 2024, 2:17pm

So Bitwarden wants my main password every 15 mins if I want to login into a new website? Tbh sure this sounds more secure, but it’s way less convenient for normal joe users

Tech-Trooper · March 21, 2024, 1:52pm

Today, I received an email stating that Proton Pass supports Passkeys.

Apollyon · March 21, 2024, 2:05pm

Yes, they just announced on their mastodon account that passkeys are available on all devices. Great news!

Jorgefreeman · March 21, 2024, 11:52pm

@son can we also have separate passwords for Pass?

Topic		Replies	Views
Proton Pass available on F-droid Site Development	6	658	May 15, 2024
Proton Pass web (early access) Privacy	5	608	December 26, 2023
PasswordCard (Analog Password Manager) Tool Suggestions	17	827	December 14, 2023
Padloc Tool Suggestions	5	579	May 19, 2023
Bitwarden or Proton Pass Questions	43	8945	January 3, 2024

Proton Pass (Password manager)

Related Topics