Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services fail to adequately secure this information. The number of breaches spiked by 78%, from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people.
To keep you safe, we’re introducing Pass Monitor for our password manager, a new suite of security features to help you secure your data. Pass Monitor alerts you of account weaknesses and data breaches so you can better defend your online accounts against attacks. We believe security should be easy, so Pass Monitor watches out for you automatically and guides you through solutions in the event your data leaks from a third-party service.
Pass Monitor includes four layers of security:
- Dark Web Monitoring: We scan illicit data marketplaces on the dark web to check if your Proton addresses, email aliases, and up to 10 custom email addresses have been leaked. If we find anything, we alert you immediately so you can take quick action to secure your accounts.
- Password Health: This is like a checkup for your account security. We’ll let you know if you have any weak or reused passwords that need to be updated.
- Inactive two-factor authentication: 2FA is a second layer of security in addition to a password that greatly reduces the risk of hackers breaking into your accounts. Pass will identify accounts where you can enable 2FA.
- Proton Sentinel: Released last year, our Proton Sentinel program uses AI and human analysts to detect and block account takeover attacks. We’re rolling this feature into Pass Monitor.
Password Health and 2FA checks are included in Proton Pass Free plans. You can get Dark Web Monitoring, Proton Sentinel, and other advanced security features with our Pass Plus plan. Pass Monitor will be available to everyone on all devices over the next few days.
Proton gives you the best account security available
Strong passwords are critical for account security, but email security is often overlooked, even though most cyberattacks (like phishing) start with email. Proton Pass enhances security by offering alerts on potential threats and the ability to create unique email addresses for each account through hide-my-email aliases, significantly reducing the risk of cross-service attacks and data breaches.
Now we’re giving you even more proactive security coverage. Last month we launched Dark Web Monitoring in Proton Mail, which looks for leaks of the credentials associated with any Proton email addresses you have. But in fact, Pass Monitor goes even further by monitoring not just for Proton Mail addresses but also any hide-my-email aliases you’ve created and up to 10 (non-Proton) custom email addresses you’ve authorized. We use our own datasets of dark web hubs as well as those compiled by Have I Been Pwned(new window) and Constella Intelligence(new window), leaders in digital threat management. We only share custom email addresses (with your approval) with third parties for Dark Web Monitoring.
Breach alerts provide details about what data was leaked, what service leaked it, when the data was found, and what steps you can take in response.
The combination of Pass Monitor with hide-my-email aliases is especially powerful because if any of your aliases leak, you can simply disable it and generate a new one while your real email address remains private.
Boost your defenses with Password Health
One of the common ways hackers break into people’s accounts is by cracking weak passwords in stolen datasets. (Our article on brute force attacks explains how this works.) Once a password is revealed, hackers then try to use it to log in to other accounts to see if it has been reused elsewhere. As a robust line of defense, two-factor authentication (2FA) can block hackers from accessing your account.
Password Health watches out for all three weaknesses and gives you an overview of the health of your passwords at a glance. Not only do we tell you if you have any weak or reused passwords, but you’ll also see where it’s reused and offer suggestions to create a more robust password.
Pass Monitor includes Inactive 2FA, which checks whether you have 2FA enabled for all the accounts that offer it. Subscribers with paid plans can activate 2FA directly in Proton Pass’s built-in authenticator, which lets you autofill one-time passcodes. Activating 2FA is critical because it prevents hackers from accessing your accounts without the additional one-time security code, even if your password leaks.
All Password Health checks are carried out on your device, so your data remains end-to-end encrypted.
Toward a more secure internet for all
As a company that always puts users first, we believe everybody should have access to the best possible tools to help keep them safe online. As a result, we are offering Pass Monitor’s basic functions for free to all our users.
We can put our users first in this way because we are entirely funded through subscriptions. Unlike many of our competitors, we receive no money from shareholders or from venture capital. We’re only beholden to you, our community, and we thank you for the continued trust and support we enjoy.
If you’re not yet part of the Proton mission but you like the idea of software built exclusively for the benefit of people, we invite you to join us by creating a free Proton Pass account today.