ProtonBlog

Proton Pass introduces enhanced identity protection with Pass Monitor

Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services fail to adequately secure this information. The number of breaches spiked by 78%, from 1,802 in 2022 to 3,205 in 2023(new window), affecting more than 353 million people.

To keep you safe, we’re introducing Pass Monitor for our password manager, a new suite of security features to help you secure your data. Pass Monitor alerts you of account weaknesses and data breaches so you can better defend your online accounts against attacks. We believe security should be easy, so Pass Monitor watches out for you automatically and guides you through solutions in the event your data leaks from a third-party service.

Pass Monitor includes four layers of security:

  • Dark Web Monitoring: We scan illicit data marketplaces on the dark web to check if your Proton addresses, email aliases, and up to 10 custom email addresses have been leaked. If we find anything, we alert you immediately so you can take quick action to secure your accounts.
  • Password Health: This is like a checkup for your account security. We’ll let you know if you have any weak or reused passwords that need to be updated.
  • Inactive two-factor authentication: 2FA is a second layer of security in addition to a password that greatly reduces the risk of hackers breaking into your accounts. Pass will identify accounts where you can enable 2FA.
  • Proton Sentinel: Released last year, our Proton Sentinel program uses AI and human analysts to detect and block account takeover attacks. We’re rolling this feature into Pass Monitor.

Password Health and 2FA checks are included in Proton Pass Free plans. You can get Dark Web Monitoring, Proton Sentinel, and other advanced security features with our Pass Plus plan. Pass Monitor will be available to everyone on all devices over the next few days. 

Proton gives you the best account security available

Strong passwords are critical for account security, but email security is often overlooked, even though most cyberattacks (like phishing) start with email. Proton Pass enhances security by offering alerts on potential threats and the ability to create unique email addresses for each account through hide-my-email aliases, significantly reducing the risk of cross-service attacks and data breaches.

Now we’re giving you even more proactive security coverage. Last month we launched Dark Web Monitoring in Proton Mail, which looks for leaks of the credentials associated with any Proton email addresses you have. But in fact, Pass Monitor goes even further by monitoring not just for Proton Mail addresses but also any hide-my-email aliases you’ve created and up to 10 (non-Proton) custom email addresses you’ve authorized. We use our own datasets of dark web hubs as well as those compiled by Have I Been Pwned(new window) and Constella Intelligence(new window), leaders in digital threat management. We only share custom email addresses (with your approval) with third parties for Dark Web Monitoring. 

Breach alerts provide details about what data was leaked, what service leaked it, when the data was found, and what steps you can take in response. 

The combination of Pass Monitor with hide-my-email aliases is especially powerful because if any of your aliases leak, you can simply disable it and generate a new one while your real email address remains private.

Boost your defenses with Password Health 

One of the common ways hackers break into people’s accounts is by cracking weak passwords in stolen datasets. (Our article on brute force attacks explains how this works.) Once a password is revealed, hackers then try to use it to log in to other accounts to see if it has been reused elsewhere. As a robust line of defense, two-factor authentication (2FA) can block hackers from accessing your account.

Password Health watches out for all three weaknesses and gives you an overview of the health of your passwords at a glance. Not only do we tell you if you have any weak or reused passwords, but you’ll also see where it’s reused and offer suggestions to create a more robust password.

Pass Monitor includes Inactive 2FA, which checks whether you have 2FA enabled for all the accounts that offer it. Subscribers with paid plans can activate 2FA directly in Proton Pass’s built-in authenticator, which lets you autofill one-time passcodes. Activating 2FA is critical because it prevents hackers from accessing your accounts without the additional one-time security code, even if your password leaks. 

All Password Health checks are carried out on your device, so your data remains end-to-end encrypted

Toward a more secure internet for all

As a company that always puts users first, we believe everybody should have access to the best possible tools to help keep them safe online. As a result, we are offering Pass Monitor’s basic functions for free to all our users. 

We can put our users first in this way because we are entirely funded through subscriptions. Unlike many of our competitors, we receive no money from shareholders or from venture capital. We’re only beholden to you, our community, and we thank you for the continued trust and support we enjoy.

If you’re not yet part of the Proton mission but you like the idea of software built exclusively for the benefit of people, we invite you to join us by creating a free Proton Pass account today.

Protect your passwords
Create a free account

Related articles

From the very beginning, Proton has always been a different type of organization. This was probably evident from the way in which we got started via a public crowdfunding campaign that saw 10,000 people donate over $500,000 to launch development. As
Your online data is valuable. While it might feel like you’re browsing the web for free, you’re actually paying marketing companies with your personal information. Often, even when you pay for services, these companies still collect and profit from y
Password spraying attacks pose a major risk to individuals and organizations as a method to breach network security by trying commonly used passwords across numerous accounts. This article explores password spraying attacks, explaining their methods
A secure password is your first defense against unauthorized access to your personal information. While there are tools that generate strong passwords, remembering these complex combinations can become a challenge. Even if you use mnemonic devices,
Choosing the best email hosting provider for your small business is crucial for maintaining security, control, and compliance with data protection laws.  For one, many popular providers, such as Gmail and Outlook, don’t apply end-to-end encryption b
Today, we’re excited to announce new enhancements to Proton Drive’s sharing functionality, giving you greater control over who you share with and how you share your files and folders. This feature builds on how sharing currently works in Drive by le