ProtonBlog(new window)

Introducing Proton Pass – Protecting your passwords and online identity

Share this page

We’re happy to announce the global launch of Proton Pass, available now as a browser extension on most major browsers (Chrome, Firefox, Edge, Brave, and more) and iPhone/iPad and Android. As the name suggests, Proton Pass is a password manager, one of the most highly demanded services from the Proton community in our annual surveys since we first launched Proton Mail, our encrypted email service, in 2014.

At its core, a password manager is a tool that helps you generate secure passwords and save them so you never forget a password again. If you care about your security and privacy, you should use a service like Proton Pass because passwords are still the first line of defense for most online accounts. 

Proton Pass makes it easy to follow security best practices, like using a passphrase instead of a password or using a unique password for every website, without worrying about forgetting your passwords. It also saves you time by letting you log in with one click when you return to a website. Proton Pass does all this for free, but also with Proton’s unparalleled attention to privacy and encryption. 

However, as participants in the Proton Pass beta(new window) on a Proton Lifetime, Visionary, or Family plan(new window) know, Proton Pass is more than just a password manager — it’s an identity manager, which is a much more powerful concept.

From password management to identity management

What is email? That’s an easily overlooked question that hides a deeper significance. When most people think about email, they think of sending and receiving messages, but it’s probably been 15-20 years since email was primarily a communication medium. Today, your email address is actually your identity. It’s your digital passport that identifies who you are online.

When you sign up for a new online account, you usually give over two valuable pieces of information. The first is obviously a password, and the second is your email address. Of these two, the password is far less valuable. Your password is easy to change, and if you follow password best practices, your password will be unique so that a leak doesn’t compromise another account. Furthermore, if the website follows security best practices, your password will be hashed so that it can’t be exposed in a breach.

However, this isn’t the case for your email. First, an email address is incredibly difficult to change. Second, websites can’t hash your email address because they need it to send you messages, so email addresses are almost always leaked in data breaches. And once your email is leaked, your real-life identity can be connected to the website you signed up for (which can be embarrassing). Leaks can also expose your email address to attackers who might send you spam or dangerous phishing emails.

While most password managers can protect your password, Proton Pass goes further by also protecting your email, which is arguably the more valuable of the two pieces of information websites have from you.

Protecting your identity

When you sign up for an online service, Proton Pass will suggest a secure password and store that in an end-to-end encrypted digital vault. But Proton Pass will also enable you to create a hide-my-email alias.

An email alias is a randomly generated email address that sits between a third party (like Amazon, Facebook, or Netflix) and your real email account. Not only does this prevent the third party from identifying who you are, but it filters out trackers and other marketing tools before forwarding the messages to your main inbox.

If you sign up for a website using a hide-my-email alias and it gets hacked, it can only expose that alias. Your real email address would remain safe. If this happens and you start to receive phishing emails or spam via that alias, you can simply disable it. 

Because we believe everyone should be able to protect their privacy, Proton Pass hide-my-email aliases work with all email services, not just Proton Mail.

Better security and reliability

Like all other Proton services, Proton Pass is designed differently because of our focus on privacy and encryption. For example, while some other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more). 

This is important because seemingly innocuous bits of information (such as saved URLs, which many other password managers don’t encrypt) can be used to create a highly detailed profile on you. For example, if an attacker can see that you have passwords saved for accounts with Grindr, gop.com, or even manga fan websites, they’ll know a lot about you as a person, even if they can’t actually access your accounts.

Cryptographic details matter, and Proton Pass uses a strong bcrypt password hashing implementation (weak PBKDF2 implementations have previously caused security issues with password managers(new window)) and a hardened implementation of Secure Remote Password (SRP)(new window) for authentication. Proton Pass also syncs across multiple devices and provides automatic end-to-end encrypted backups of your data so you don’t lose your passwords even if you lose all your devices.

Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture(new window). Proton Pass was also recently audited by Cure53, and we’ll share more about this in the coming weeks.

A free password manager

Privacy is a fundamental right, which is why we’re making Proton Pass available for free. We believe its features combined with Proton’s privacy-friendly Swiss jurisdiction make it one of the best free password managers available today. The free version of Proton Pass supports unlimited logins, unlimited encrypted notes, and a limited number of hide-my-email aliases and 2FA logins.

However, if you want to support Proton and also benefit from additional features such as extra vaults to organize your logins, unlimited email aliases, and unlimited 2FA logins, you can also get a paid subscription.

If you have a Proton Unlimited, Business, Visionary, or Family plan, the paid version of Proton Pass is already included for free with your subscription. Otherwise, for a limited time only, we are offering Proton Pass Plus at an 80% discount

In the summer of 2014, you helped launch our journey with a record-breaking crowdfunding campaign to build Proton Mail. In recognition of this, we’re making Proton Pass Plus available for just $1/month with an annual subscription until the end of August.

This is a forever discount, so if you get the promotion, you’ll keep this price forever, even after Proton Pass Plus returns to its regular price of $3.99/month.

Already have an account? Download the Proton Pass mobile apps and browser extensions.

Continuing the journey together

From our very beginning, Proton has been entirely about the community, and all the services we have developed since then, from Proton VPN(new window) to Proton Calendar, Proton Drive, and now Proton Pass, have been built with your input.

Proton Pass has already made massive strides in the past two months thanks to your feedback on the beta, and we look forward to continuing to improve it with your guidance.

Follow Proton Pass on Twitter(new window) to get the latest news.

Request features and discuss with the Pass team on Reddit.(new window)

Thank you again for your support and for coming together with us on the journey towards a better internet that puts people first.

Protect your privacy with Proton
Create a free account

Share this page

Andy Yen(new window)

Andy is the founder and CEO of Proton. He is a long-time advocate for privacy rights and has spoken at TED, Web Summit, and the United Nations about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in particle physics from Harvard University.

Related articles

What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m
In the early days when Proton started, we often received a question along the lines of “I love the product and what Proton stands for, but how do I know you will still be around to protect my data 10 years from now?”  Ten years and 100 million accou
Credential stuffing is a popular type of cyberattack where attackers take login credentials and use them on thousands of websites, hoping to fraudulently gain access to people’s accounts. It’s an effective attack, but fortunately, one that’s easy to
With Skiff abruptly shutting down operations, many people are on the lookout for alternatives that don’t compromise on privacy — and won’t suddenly disappear. People were attracted to Skiff because it promised privacy, no ads, end-to-end encryption,
Skiff is dead. On Feb. 9, the email company Skiff announced it was being bought by Notion. Many Skiff customers have been shocked by this news, as their inboxes have been sold out from under them. Skiff gave people six months to export their data be
Looking into the Dropbox privacy policy
Dropbox was the first mainstream cloud storage provider, and still the biggest player on the market, with 700 million users in 2022. We took a dive into Dropbox’s privacy policy to see how well the company protects the personal data of those millions