Delivering on one of Proton Mail users’ top requests for years, Proton is starting the beta of its password manager. Naturally, coming from Proton, it features end-to-end encryption and is open source so anyone can audit the security features. Read on for all the details on this iCloud Keychain alternative.
Following up after launching end-to-end encryption for shared calendars earlier this month, Proton founder and CEO Andy Yen shared the Proton Pass beta news in a blog post today:
Today, we’re happy to announce another significant milestone in the growth of the Proton ecosystem with the launch of the Proton Pass beta for Lifetime and Visionary users. Invites will roll out over the next week, and you’ll receive an email from us at your Proton Mail email address when you’re eligible.
For some background, Proton acquired SimpleLogin back in 2022 to help deliver Proton Mail’s advanced “Hide-my-email” aliases. And Proton Pass, the end-to-end encrypted password manager beta came out of that merger as well.
Here’s why Yen says this was the right time to work on a secure password manager:
We’re launching Proton Pass now for two primary reasons. First, joining with SimpleLogin increased our ability to develop a new password manager without impacting efforts on other Proton services. Second, passwords are such sensitive information that an insecure password manager is a risk to the Proton community.
He also called out the major LastPass data breach that saw customers’ entire password vaults obtained – noting that “If an attacker obtains your password (be it through a data breach or hacking your password manager), they can essentially bypass all of Proton Mail’s advanced encryption.”
What makes Proton Pass different?
Along with end-to-end encryption for passwords and an open source, publicly auditable design, Proton Pass uses “end-to-end encryption on all fields (including the username, web address, and more).”
This is important because seemingly innocuous bits of information (such as saved URLs, which many other password managers don’t encrypt) can be used to create a highly detailed profile on you. For example, if an attacker can see that you have passwords saved for an account with Grindr, gop․com, or even a manga fan site, they’ll know a lot about you as a person, even if they can’t actually access your accounts.
Further detailing Proton Pass security details, Yen says it uses “a strong bcrypt password hashing implementation (weak PBKDF2 implementations have made other password managers vulnerable) and a hardened implementation of Secure Remote Password (SRP) for authentication.”
And it also includes “a fully integrated two-factor authenticator (2FA) and supports 2FA autofill.”
Proton also published a separate blog post digging deep into the security model used for the new password manager.
What devices and browsers is Proton Pass beta compatible?
Here’s what Yen says about compatibility for the beta at this time:
- Proton Pass beta is available on iPhone/iPad, Android, and desktop (browser extensions are available for Brave and Chrome).
- Unfortunately, the Firefox browser extension is unavailable at this time because Mozilla was unable to approve it before our release date. If you are looking for a privacy-respecting browser that works with Proton Pass, we recommend using the Brave browser.
That makes it a no-go for Safari users at this time, but we’ll keep an eye out for any changes there.
How to try out Proton Pass beta?
- As mentioned above, Proton is starting by giving beta access to Visionary and Lifetime users “over the next week”
- Look out for the beta invite in your Proton Mail inbox
- For other Proton users, hang tight for more details when the beta will expand
- You can also keep an eye on the new Proton Pass landing page for the latest details
FTC: We use income earning auto affiliate links. More.
Comments