ProtonBlog

Introducing Proton Pass – Protecting your passwords and online identity

We’re happy to announce the global launch of Proton Pass, available now as a browser extension on most major browsers (Chrome, Firefox, Edge, Brave, and more) and iPhone/iPad and Android. As the name suggests, Proton Pass is a password manager, one of the most highly demanded services from the Proton community in our annual surveys since we first launched Proton Mail, our encrypted email service, in 2014.

At its core, a password manager is a tool that helps you generate secure passwords and save them so you never forget a password again. If you care about your security and privacy, you should use a service like Proton Pass because passwords are still the first line of defense for most online accounts. 

Proton Pass makes it easy to follow security best practices, like using a passphrase instead of a password or using a unique password for every website, without worrying about forgetting your passwords. It also saves you time by letting you log in with one click when you return to a website. Proton Pass does all this for free, but also with Proton’s unparalleled attention to privacy and encryption. 

However, as participants in the Proton Pass beta on a Proton Lifetime, Visionary, or Family plan know, Proton Pass is more than just a password manager — it’s an identity manager, which is a much more powerful concept.

From password management to identity management

What is email? That’s an easily overlooked question that hides a deeper significance. When most people think about email, they think of sending and receiving messages, but it’s probably been 15-20 years since email was primarily a communication medium. Today, your email address is actually your identity. It’s your digital passport that identifies who you are online.

When you sign up for a new online account, you usually give over two valuable pieces of information. The first is obviously a password, and the second is your email address. Of these two, the password is far less valuable. Your password is easy to change, and if you follow password best practices, your password will be unique so that a leak doesn’t compromise another account. Furthermore, if the website follows security best practices, your password will be hashed so that it can’t be exposed in a breach.

However, this isn’t the case for your email. First, an email address is incredibly difficult to change. Second, websites can’t hash your email address because they need it to send you messages, so email addresses are almost always leaked in data breaches. And once your email is leaked, your real-life identity can be connected to the website you signed up for (which can be embarrassing). Leaks can also expose your email address to attackers who might send you spam or dangerous phishing emails.

While most password managers can protect your password, Proton Pass goes further by also protecting your email, which is arguably the more valuable of the two pieces of information websites have from you.

Protecting your identity

When you sign up for an online service, Proton Pass will suggest a secure password and store that in an end-to-end encrypted digital vault. But Proton Pass will also enable you to create a hide-my-email alias.

An email alias is a randomly generated email address that sits between a third party (like Amazon, Facebook, or Netflix) and your real email account. Not only does this prevent the third party from identifying who you are, but it filters out trackers and other marketing tools before forwarding the messages to your main inbox.

If you sign up for a website using a hide-my-email alias and it gets hacked, it can only expose that alias. Your real email address would remain safe. If this happens and you start to receive phishing emails or spam via that alias, you can simply disable it. 

Because we believe everyone should be able to protect their privacy, Proton Pass hide-my-email aliases work with all email services, not just Proton Mail.

Better security and reliability

Like all other Proton services, Proton Pass is designed differently because of our focus on privacy and encryption. For example, while some other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more). 

This is important because seemingly innocuous bits of information (such as saved URLs, which many other password managers don’t encrypt) can be used to create a highly detailed profile on you. For example, if an attacker can see that you have passwords saved for accounts with Grindr, gop.com, or even manga fan websites, they’ll know a lot about you as a person, even if they can’t actually access your accounts.

Cryptographic details matter, and Proton Pass uses a strong bcrypt password hashing implementation (weak PBKDF2 implementations have previously caused security issues with password managers) and a hardened implementation of Secure Remote Password (SRP) for authentication. Proton Pass also syncs across multiple devices and provides automatic end-to-end encrypted backups of your data so you don’t lose your passwords even if you lose all your devices.

Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture. Proton Pass was also recently audited by Cure53, and we’ll share more about this in the coming weeks.

A free password manager

Privacy is a fundamental right, which is why we’re making Proton Pass available for free. We believe its features combined with Proton’s privacy-friendly Swiss jurisdiction make it one of the best free password managers available today. The free version of Proton Pass supports unlimited logins, unlimited encrypted notes, and a limited number of hide-my-email aliases and 2FA logins.

However, if you want to support Proton and also benefit from additional features such as extra vaults to organize your logins, unlimited email aliases, and unlimited 2FA logins, you can also get a paid subscription.

If you have a Proton Unlimited, Business, Visionary, or Family plan, the paid version of Proton Pass is already included for free with your subscription. Otherwise, for a limited time only, we are offering Proton Pass Plus at an 80% discount

In the summer of 2014, you helped launch our journey with a record-breaking crowdfunding campaign to build Proton Mail. In recognition of this, we’re making Proton Pass Plus available for just $1/month with an annual subscription until the end of August.

This is a forever discount, so if you get the promotion, you’ll keep this price forever, even after Proton Pass Plus returns to its regular price of $3.99/month.

Already have an account? Download the Proton Pass mobile apps and browser extensions.

Continuing the journey together

From our very beginning, Proton has been entirely about the community, and all the services we have developed since then, from Proton VPN(new window) to Proton Calendar, Proton Drive, and now Proton Pass, have been built with your input.

Proton Pass has already made massive strides in the past two months thanks to your feedback on the beta, and we look forward to continuing to improve it with your guidance.

Follow Proton Pass on Twitter(new window) to get the latest news.

Request features and discuss with the Pass team on Reddit.(new window)

Thank you again for your support and for coming together with us on the journey towards a better internet that puts people first.

Protect your passwords
Create a free account

Related articles

If you’re comparing different password managers or researching password security, you’ll quickly run into terms like hashing and salting. While these terms might sound like steps you take to make breakfast potatoes, they’re actually processes that ar
People often choose to remove their personal information from the internet due to privacy and security concerns. For example, oversharing on social media can expose you to phishing attacks, identity theft, and cyberstalking. Plus, your data is highl
It’s been roughly three months since the European Union’s Digital Markets Act (DMA), which aims to restore competition and fairness to the internet, came into effect for Big Tech monopolies. Since then, Google has done precisely nothing to comply wit
Today we’re announcing enhancements to our business plans, further enriching our commitment to delivering the best privacy experience for businesses. These upgrades will help us continue expanding our feature suite for organizations, while giving mor
Proton Pass brings secure and private password management to all devices
Today, we’re excited to announce the launch of the Proton Pass macOS app and the Proton Pass Linux app. One of the most popular requests from the Proton community was a standalone desktop app, which is now available on every major platform — Windows,
When you use the internet at home, connected to everything from fitness equipment to game consoles, smartphones, and laptops, marketing companies could be watching you with a tiny piece of surveillance tech you might not even know about. We’re talki