After rolling out its password manager to a limited number of users in April, Proton has finally released the service to the general public. The tool, called Proton Pass, uses end-to-end encryption to keep your usernames and passwords away from third parties, including Proton itself. It also lets you create and store randomly generated email aliases that you can use in place of your real address.
Still happy with bitwarden's family plan and ecosystem, but I am happy that there is more OSS in the space. Hopefully competition will push both to be even better!
Honestly, it's just better to use bitwarden, as they have more reputation, or keepass and syncthing if you want to keep your passwords off the internet completely
I don't see any reason to migrate away from 1Password, which works great for me. I have a family plan and everyone in the house has their own personal vault.
I really enjoy Proton VPN and the mail/calendar service has come a long way, but I've been using Bitwarden for years and they've never let me down. I'll try it out, but I'm not sure what they could improve on to make me want to switch.
I'm in the exact same boat, but I switched to try it out. It took under a minute to export/import from bitwarden to Pass and it works well so far. Not sure if I'll switch or not though.
One thing I'm curious about. The announcement says it's encrypts your usernames
Currently when you're on LastPass or onePass for Android, if you visit a website like google.com and want to log in, you get a pop-up prompt (as it checks your usernames but it still needs to decrypt your password)
I'm assuming you won't get anything like that with these guys? It's super handy to go to a site and when you need to log in, it knows what password you'll use and you just need to unlock the manager to auto fill it.
I've imported my content from bitwarden to try it out and it works well. The browser extension detects when you have a match and adds an icon to the username/password field. You click it and it offers you the relevant results. Click the right one (or the only one if you have just the one login) and it autopopulates the fields.
Otherwise you can click the extension and click the username or password to copy and paste. As far as I can tell there's no auto fill from the extension, just from the icon in the appropriate field.
This would be a dealbreaker for me at work, but probably not for personal use. For the former, we use 1Password and commonly have multiple logins to the same website. Considering we make websites that have multiple roles that need to be tested, this is an absolute requirement.
But even for my own personal use, I definitely have multiple logins to the same site. In fact, I have multiple logins to Proton Mail!
Like others, this one can generate passphrases (or jumbled passwords) as well as TOTP. I haven't tried the TOTP yet as I kinda like some separation having those in a separate app.
edit: Forgot, this also has an email generator for when you don't want to give out your real address. I assume this might be part of the paid plans, but I haven't looked into tiers as I'm already a subscriber.
Problem is putting your eggs in one basket. Logging in to your password manager with the same password as your email feels icky.
It doesnt really add value to the Proton subscription, should be a separate product. Proton should focus on their current suite and upgrading that. Things like desktop apps would be a good start.
To keep passwords safe due to not using anyone’s cloud infrastructure? :)
Yes, of course, there are many more things to take into account when choosing password manager, especially self-hosted. But IMO these things should be self-hosted in first place. Remember all these LastPass breaches?
Sure, but the flip side is that there's really no reason to switch yet if you're happy with a current password manager like Bitwarden. I'm glad Proton is lowering the barriers and making it easy for people to start using pw managers if they aren't already doing so, but if it ain't broke.
Security wise, there´s probably no reason to consider leaving Bitwarden. Feature wise, bitwarden already has almost all bases covered when it comes to being a password manager. UI is where it would probably be easiest to get ahead. Pricing on the other hand seems a bit expensive on Protons side. The have the "limited offer" now for 1€ a month, which is already 2€ more per year than Bitwarden, but they write that the regular price would be 4,99 a month, which would be beyond rough compared to BW.
Plus bitwarden is open source, which is huuuuge. That means it can be audited by anyone and increases the likelihood that any issues can be found. It also means that if you or someone else has the know how, you can fix issues yourself (if I ever have the time, I wanna add a way to archive items so that it won't show up in the regular search but is still there in case I ever need it).
I'd assume there's a price tier that includes their other premium services though I think? So you'd also get multiple email addresses with them, 500gb cloud storage, and their VPN's premium features. Not everyone will want all that but if you do it seems like a good deal as a bundle.
I have been using free Protonmail for a while as my 'security-focused email', and started using their free vpn occasionally; with those plus a premium password manager and cloud storage, this is making proton unlimited look very attractive. I might finally pull the trigger on that.
I've been using it as my primary email for ~5 years now I think, having a paid plan. I have no regrets. Free is nice, but I'm trying not to be "a product", so $5/month for everything isn't bad at all.
If you have IOS, then their password manager has all the features proton has, fake emails, 2 factor encryption, for free, these are paid features on proton.
On the other hand proton is open source. and can use it on non apple devices, android, linux, windows.
All the code is in a giant repo all mixed (drive, email, and so on) with no documentation whatsoever. Technically it’s open source, but you can’t take it and self host the service like you can do with a real open source product
Edit: I just watched and it’s even worse than I imagined. No server components are open sourced and the client parts are hard coded to access the official servers. It’s like if I say “this car is open source. Except the engine, all the parts are proprietary design to work only with the secret engine, and anyway there aren’t any instructions, good luck with your diy”
I guess to me, being open source is more about the ability that it can be audited. I don’t care whatsoever about hosting my own proton mail / drive / vpn (which I use constantly all the time) but I do care if it’s audited and secure.
That said, I know they claim to be open source and audited, but I’ve never double checked those claims. Probably should.
Proton’s new password manager not only applies E2EE to your passwords but also the usernames, web addresses, and all the other fields associated with your login information. In a blog post explaining the service’s security model, Proton notes that “all cryptographic operations, including key generation and data encryption,” happen locally on your device, which Protons says it can’t decrypt, even if a third party requests it.
Add comment