Many people, when they think about a truly secure email service, think about Proton. Which is not surprising because this mailer has end-to-end encryption, protection against phishing, trackers, and much, much more. But how did these same guys cope with protecting your passwords?
Many people, when they think about a truly secure email service, think about Proton. Which is not surprising because this mailer has end-to-end encryption, protection against phishing, trackers, and much, much more. But how did these same guys cope with protecting your passwords?
Why only now?
The first release version of Proton Pass appeared in June 2023, and I deliberately waited several months before writing a review. As a rule, in the first versions, developers do not yet have time to implement the entire necessary set of features. And I would rather not compare it with such mastodons as KeePass, Dashlane or Bitwarden. But now, I think it can be done, and if Proton Pass falls short in some respects, then that’s its problem.
What is the feature of the application?
Proton Pass is a password manager available on Android, iOS and as browser extensions for Chrome, Firefox, Brave and Edge. Which actually upset me right away.
It was precisely because of the abandonment of a separate desktop application that I moved from Dashlane to Bitwarden. It seems to me that developers have begun to forget that passwords are needed not only for authorization on sites, and launching a browser to view passwords is such a pleasure.
But there are features that pleasantly distinguish this password manager from its competitors: open-source code, location of the data center in Switzerland (for some this is another minus), generation of email aliases and much more.
Installation and first setup
To start using Proton Pass, you need to go through a simple registration on the website and download the recovery kit. With its help, you can access your data even if you forget everything.
It looks like a PDF file with a recovery phrase and, if necessary, an account password. The file is suggested to be printed and stored in a safe place.
You will then be prompted to install an extension for your browser and import existing passwords. Supported: 1Password, Bitwarden, Brave, Chrome, Dashlane, Edge, Firefox, Keeper, LastPass, Proton Pass and Safari.
Would it be possible to import some CSV from an unsupported password manager by selecting a supported one? I haven't checked, I only have Bitwarden on hand.
What can he do?
If you didn’t import anything and started working from scratch, then through the extension you can create logins, passwords, email aliases, secure notes, and store credit card numbers. All this stuff can be stored in storage facilities, which can also be created.
You can change the name and icon of the repository. In general, they can be used as folders, but I'm not a fan of this and store passwords in one heap. Using search is much easier for me.
Password storage
When creating a password, the following fields are available: title, username, password, 2FA code, website address, note, text, hidden text.
The password generator is standard for such applications. Mnemonic phrases and regular character sets can be generated. Both types of passwords can be customized. There is also a history of password changes.
To authorize on sites, just click on the input field and select the desired password from those offered.
But you will only have to create a password from the extension itself. That is, when you click on the authorization field, you will be informed that there are no passwords. Then you need to click on the extension icon and generate all the data in it, except for the site address.
All data in the Proton Pass is protected by 256-bit AES-GCM encryption, which even protects against attacks by quantum computers. The OpenPGP standard with ECC Curve25519 is used for encryption.
Email aliases
This seemed like a killer feature of the service to me. For example, in Bitwarden, you can also generate random email addresses in various services. This helps control spam and various subscriptions.
Proton Pass generates such addresses in its own passinbox.com domain and forwards the letters to your main mailbox. You can add a note to aliases, as well as specify the desired prefix and suffix.
Storing card data
There is nothing extraordinary here. You can store all the basic data about your bank card, except the bank name and card type. Of course, this information can be added to the title or note.
There is no autofilling of payment information.
Storing notes
There is nothing to tell here. Regular notes with text without formatting or hiding information.
Mobile versions
I will not talk separately about the mobile versions, since in terms of capabilities they are no different from the desktop. In the same way, there is autofilling of passwords, plus protection of access to data with biometrics.
Other settings or what not, but would really like
There’s nothing special to describe here either, it’s quite a generic section. You can disable various notifications, icons and other attributes. You can also set up auto-lock for your password manager.
In general, Proton Pass really lacks some small, but very familiar things for other managers. For example:
- You cannot attach or store files;
- The password cannot be shared;
- There are no individual-protected notes;
- There is no setting for choosing password encryption;
- There is no storage unlock selection setting;
- There is no protection of the clipboard from monitoring, and in general, no auto-clearing of copied data.
Yes, you can’t even open the so-called application in full screen. You will have to put up with this little window. I'm afraid to imagine what it looks like on widescreen monitors.
Moreover, since this is an extension, the password window will close every time you click past it.
What we have and what we would like in other managers
I don't know how it works, but the data sent from your PC to Proton's servers is supposed to take some alternate routes if you're in a country that might be snooping on your traffic.
Whether this works, given that I'm in Russia, and how to check it, I have no idea. I did not see any settings or messages from the application itself regarding this matter.
Proton also has a mirror on the TOR network.
Price
There is a free plan in which you can store any number of passwords and notes and use the application on any number of devices. But only ten aliases will be available to you and some other small features will be disabled.
Paid subscriptions can be purchased for a month, a year, or two. The Pass Plus plan for $3.99 when purchased for a year unlocks all the features of the application. And the Proton Unlimited tariff for $9.99 per year provides access to all Proton services, including mail, VPN and more.
If you're looking for a free, good password manager that syncs across devices, then you might want to consider Proton Pass. The minimum required to be a set of chips is here and works similarly to the alternatives.
If you are already using Proton apps or have a Proton Unlimited subscription, then you can try this app too. It's an ecosystem, after all.
But if you are looking for a convenient password manager for yourself and are considering paid options, then I would recommend paying attention to alternatives in the form of Dashlane and Bitwarden. Forget about LastPass as an alternative altogether.