all-in-one privacy solution":["Proton Unlimited ist eine All-in-One-Datenschutzlösung"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Keine Werbung. Privatsphäre als Standard."],"People before profits":["Menschen sind uns wichtiger als Gewinne"],"Security through transparency":["Sicherheit durch Transparenz"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Die besten Proton Mail-Angebote zum ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["Der weltweit einzige von der Community unterstützte E-Mail-Dienst"]},"specialoffer:limited":{"${ hours } hour":["${ hours } Stunde","${ hours } Stunden"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Nur noch ${ hoursLeft }, ${ minutesLeft } und ${ secondsLeft }"],"${ minutes } minute":["${ minutes } Minute","${ minutes } Minuten"],"${ seconds } second":["${ seconds } Sekunde","${ seconds } Sekunden"],"Limited time offer":["Zeitlich befristetes Angebot"]},"specialoffer:listitem":{"Create multiple addresses":["Erstelle mehrere Adressen"],"Hide-my-email aliases":["Hide-my-email-Aliase"],"Quickly unsubscribe from newsletters":["Newsletter schnell abbestellen"],"Use your own domain name":["Verwende deine eigene Domain"]},"specialoffer:logos":{"As featured in":["Vorgestellt in"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Nutze einen verschlüsselte E-Mail-Dienst, der deine Privatsphäre schützt"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Proton Mail Black Friday-Angebot – Bis zu 40 % Rabatt"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Erhalte an diesem Black Friday bis zu 40 % Rabatt auf Proton Mail-Abonnements. Mache tolle Schnäppchen bei unseren sicheren, Ende-zu-Ende-verschlüsselten E-Mail-Abonnements."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Proton Mail-Black-Friday-Angebot | Bis zu 40 % Rabatt auf sichere E-Mails"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Zum Preis von ${ TOTAL_SUM } im ersten Jahr"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Zum Preis von ${ TOTAL_SUM } in den ersten zwei Jahren"],"30-day money-back guarantee":["30-tägige Geld-zurück-Garantie"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Zum Preis von ${ TOTAL_SUM } in den ersten zwei Jahren"],"Billed at ${ TOTAL_SUM } for the first year":["Zum Preis von ${ TOTAL_SUM } im ersten Jahr"],"You save ${ SAVE_SUM }":["Du sparst ${ SAVE_SUM }"]},"specialoffer:off":{"${ DISCOUNT } off":["− ${ DISCOUNT }"],"${ PERCENT_OFF } off":["− ${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Ich liebe mein ProtonMail"],"My favorite email service":["Mein Lieblings-E-Mail-Dienst"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Danke Proton, dass du uns alle im komplizierten Internet-Universum beschützt."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Du bekommst, wofür du bezahlst. Wenn du nichts bezahlst, wirst du bei der Nutzung von Big Tech ausgenutzt. Ich habe Gmail aufgegeben und bin zu @ProtonMail gewechselt"]},"specialoffer:time":{"Days":["Tage"],"Hours":["Stunden"],"Min":["Min."]},"specialoffer:title":{"And much more":["Und vieles mehr"],"Make your inbox yours":["Übernimm volle Kontrolle über deinen Posteingang"],"Safe from trackers":["Sicher vor Trackern"],"Stay organized":["Sorge für Ordnung"],"Black Friday email deals":["E-Mail-Angebote zum Black Friday"],"Don’t just take our word for it":["Verlasse dich nicht nur auf unser Wort"],"Our story":["Unsere Geschichte"],"Transfer your data from Google in one click":["Übertrage deine Daten von Google mit einem Klick"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Greife auf blockierte Inhalte zu und surfe privat. Umfasst ${ TOTAL_SERVERS } Server in über ${ TOTAL_COUNTRIES } Ländern, die Verbindung \nvon bis zu 10 Geräten, weltweite Streaming-Dienste, Malware- und Werbeblocker und mehr."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Teile deinen Kalender ganz einfach mit Verwandten, Freunden oder Kollegen und rufe externe Kalender auf."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Beinhaltet Unterstützung für eine eigene E-Mail-Domain, 10 E-Mail-Adressen, 10 „hide-my-email“-Aliasse, Kalenderfreigabe und mehr."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Beinhaltet Unterstützung für 3 benutzerdefinierte E-Mail-Domänen, 15 E-Mail-Adressen, unbegrenzte „hide-my-email“-Aliase, Kalenderfreigabe und mehr."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Verwalte bis zu 25 Kalender, Ende zu Ende verschlüsselte mobile Apps, 1-Klick-Kalenderimporte von Google und vieles mehr."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Im Moment gibt es Probleme mit dem Proton VPN-Dienst"],"Learn more":["Mehr erfahren"]},"Status banner":{"Learn more":["Mehr erfahren"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Bitte beachte, dass wir im Moment Probleme mit dem Dienst ${ issues[0] } haben."],"We are experiencing issues with one or more services at the moment.":["Im Moment gibt es Probleme mit einem oder mehreren Diensten."]},"suggestions":{"Suggestions":["Vorschläge"]},"Support":{"Sub category":["Unterkategorie","Unterkategorien"]},"Support article":{"${ readingTime } min":["${ readingTime } Min.","${ readingTime } Min."],"Category":["Kategorie","Kategorien"],"Didn’t find what you were looking for?":["Hast du nicht gefunden, wonach du gesucht hast?"],"General contact":["Allgemeiner Kontakt"],"Get help":["Hilfe erhalten"],"Legal contact":["Kontakt für Rechtliches"],"Media contact":["Kontakt für Medien"],"Partnerships contact":["Kontakt für Partnerschaften"],"Reading":["Lesen"]},"Support categories":{"Browse Proton product support":["Produkt-Support von Proton durchsuchen"]},"Support category":{"There is no article in this category yet.":["In dieser Kategorie gibt es noch keinen Artikel."]},"Support troubleshooting":{"--- Select ---":["--- Auswählen ---"],"App version":["App-Version"],"Browser":["Browser"],"Check if this helps":["Schau, ob das hilft."],"Choose a category for your question":["Wähle eine Kategorie für deine Frage aus."],"Choose a product":["Produkt auswählen"],"Did this solve your issue ?":["Hat dies dein Problem gelöst?"],"Faster assistance is just a few clicks away — please make your selections":["Schnellere Hilfe ist nur ein paar Klicks entfernt. Bitte triff deine Auswahl"],"No, contact support":["Nein, Support kontaktieren"],"Proton account":["Proton-Konto"],"Proton Bridge":["Proton Bridge"],"Proton Calendar":["Proton Calendar"],"Proton Drive":["Proton Drive"],"Proton for Business":["Proton for Business"],"Proton Mail":["Proton Mail"],"Proton Pass":["Proton Pass"],"Proton VPN":["Proton VPN"],"Thank you for your feedback":["Danke für dein Feedback"],"Troubleshooting":["Fehlerbehebung"],"What can we help with ?":["Wie können wir dir helfen?"],"Yes":["Ja"]},"support_modal_search_query":{"Search query":["Anfrage suchen"]},"support_search_button":{"Search":["Suchen"]},"support_search_i_am_looking_for":{"I'm looking for":["Ich suche"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Damit das Problem schneller gelöst werden kann, melde es bitte über die Bridge-App: Help > Report a problem (Hilfe > Problem melden)."],"Information":["Informationen"]},"SupportForm:option":{"Account Security":["Kontosicherheit"],"Contacts":["Kontakte"],"Custom email domain":["Benutzerdefinierte E-Mail-Domain"],"Email delivery and Spam":["E-Mail-Zustellung und Spam"],"Encryption":["Verschlüsselung"],"Login and password":["Anmeldung und Passwort"],"Merge aliases and accounts":["Zusammenführung von Aliassen und Konten"],"Migrate to Proton":["Migration zu Proton"],"Notifications":["Benachrichtigungen"],"Other":["Sonstiges"],"Plans and billing":["Abonnements und Abrechnung"],"Proton for Business":["Proton for Business"],"Sign up":["Registrierung"],"Storage":["Speicher"],"Users, addresses, and identities":["Benutzer, Adressen und Identitäten"]},"SupportForm:optionIntro":{"Select a topic":["Thema auswählen"]},"swiss_baseed_feature":{"Swiss based":["In der Schweiz ansässig"]},"Testimonial":{"Awards":["Auszeichnungen"],"Customers":["Kunden"],"Featured":["Empfohlen"],"Go to testimonial source":["Zur Referenzquelle wechseln"],"Reviews":["Bewertungen"],"Videos":["Videos"]},"Text":{"Find the plan that's right for you":["Finde das passende Abonnement"],"If you need help, check out our ${ supportLink }.":["Hilfe erhältst du in unserem ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Die von dir gesuchte Seite wurde möglicherweise entfernt, oder es könnte sich um einen alten Link handeln."]},"Title":{"On this page":["Auf dieser Seite"],"Related articles":["Verwandte Artikel"],"Share ${ thisPage }":["${ thisPage } teilen"],"Thank you!":["Vielen Dank!"],"this page":["diese Seite"]},"Tooltip":{"More information":["Weitere Informationen"]},"tooltip_calendar":{"Create up to 20 custom & shareable encrypted calendars. On top of that, add up to 5 calendars from friends, family, colleagues, and organizations.":["Erstelle bis zu 20 benutzerdefinierte und teilbare verschlüsselte Kalender. Darüber hinaus kannst du bis zu 5 Kalender von Freunden, Familie, Kollegen und Organisationen hinzufügen."]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Greife auf blockierte Inhalte zu und surfe privat. Enthält über ${ TOTAL_SERVERS } Server in mehr als ${ TOTAL_COUNTRIES } Ländern, höchste VPN-Geschwindigkeiten, ${ TOTAL_VPN_CONNECTIONS } VPN-Verbindungen, weltweite Streaming-Dienste, Malware- und Werbeblocker und mehr."],"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, 10 VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Greife auf blockierte Inhalte zu und surfe privat. Enthält über ${ TOTAL_SERVERS } Server in mehr als ${ TOTAL_COUNTRIES } Ländern, höchste VPN-Geschwindigkeiten, 10 VPN-Verbindungen, weltweite Streaming-Dienste, Malware- und Werbeblocker und mehr."]},"version_history_label":{"Version history":["Versionsverlauf"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Speichere bis zu ${ versionHistoryNumber } Versionen jeder Datei für einen Zeitraum von bis zu ${ years } Jahren"]},"vpn_features_link":{"View VPN plans":["VPN-Abonnements anzeigen"]},"vpn_features_useCase":{"Access blocked content and browse privately":["Greife auf blockierte Inhalte zu und surfe privat"]}}},"unleashApi":"https://account.proton.me/api"};
// We need to import data (the framework context) from the server
// This Astro feature with define:vars works well but creates an inline script
// So we can't directly import the initFramework helper, we have to store the context
window.frameworkContext = frameworkContext;
})();
Proton Pass is an end-to-end encrypted(new window) password manager based on the same well-tested encryption that secures the rest of the Proton ecosystem. Proton Pass is unique in that it was designed from the ground up to have a strong focus on privacy and security. It therefore has a more complete encryption model than most other password managers.
Proton Pass doesn’t just encrypt the password field but applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in the encrypted notes section.
This means Proton Pass prevents anyone, including Proton itself, from knowing which online services you subscribe to or have accounts with. This information, much like your emails or your browsing history, can reveal a lot about you and must be protected if you want to maintain your privacy.
The design of Proton Pass uses end-to-end encryption, guaranteeing that all cryptographic operations, including key generation and data encryption, are performed locally on your device. This means that your unencrypted data cannot be accessed by Proton or shared with any third parties. Proton servers never have access to your unencrypted keys, data, or credentials, including your Proton Account password.
Data model
Proton Pass enables you to store various types of information securely, including:
Credentials: You can store access credentials to websites or apps, which may include a username or email, a password, and a second-factor authentication code (TOTP).
Notes: You can securely store any information that doesn’t fit in a credential field in this free-form text field, including license numbers, codes, or simple text notes.
Aliases: You can also create email aliases with Proton Pass. This feature enables you to create randomly generated email addresses that you can use in place of your real email addresses for online accounts. This makes it easy to shut down an alias that’s linked to a service that’s breached or begins sending you spam without affecting your other accounts.
Proton Pass stores all these items within a secure vault. Vaults provide a convenient way for you to organize and (in the future) securely share your data.
Encryption model
Proton Pass takes a comprehensive approach to ensuring maximum security and privacy for all user data. All cryptographic operations occur locally on your device, and any data transmitted to the server is always encrypted. Proton never has access to the plaintext keys required to decrypt user data, making it impossible for Proton to decrypt stored data, even if requested by third parties.
Proton Pass also benefits from the same advanced encryption we utilize for authentication in Proton Mail. This includes using a hardened version of the Secure Remote Password (SRP) protocol that offers stronger security guarantees against man-in-the-middle (MITM) attacks. Our implementation means that even an attacker who can arbitrarily read, modify, delay, destroy, repeat, or fabricate messages between Proton and a user in an undetectable fashion is limited to checking only a single password guess per login attempt, which is equivalent to just trying to log in directly. This way, even if Proton is compromised and acts maliciously, password-equivalent information is never revealed.
Each Proton Pass user has an asymmetric user key. Proton Pass encrypts this user key as follows:
Accounts that use a single account password: Proton Pass encrypts the user key with a bcrypt hash of the account password and the account salt.
Accounts that use our multiple account passwords feature: Proton Pass encrypts the user key with a bcrypt hash of the key password and the account salt.
The user key is used to open all shares you can access, meaning it must be secured. The bcrypt password hashing implementation used by Proton Pass is more robust and secure than PBKDF2, which has led to breaches in other password managers.
When you create a vault, Proton Pass generates a 32-byte random vault key. This key is encrypted and signed with your user key, ensuring only you can decrypt the vault key and nobody (not even Proton) can read or create new vault keys. If several users have access to the same vault, Proton Pass will encrypt the vault key with each user’s public user key. This makes it easy to securely share access to vaults.
Once you have access to the vault key, all items in Proton Pass are encrypted using 256-bit AES-GCM.
Item encryption
Each vault can contain multiple items, such as logins, notes, and aliases. When you create a new item, Proton Pass generates a 32-byte random item key. Proton Pass encrypts that item using the newly generated item key, which itself is then encrypted with your vault key. Both the item key and the item data are encrypted using 256-bit AES-GCM.
Whenever you update an item, Proton Pass encrypts the new data using the previously generated corresponding item key. By using individual item keys for each item, Proton Pass lets you share specific items with other users without sharing the vault key, allowing for more fine-tuned access control.
This approach enables Proton Pass to respect the security principle of least privilege by providing the minimum number of cryptographic keys necessary to access only the data shared.
Sharing
The Proton ecosystem already has open-source, publicly audited, and battle-tested secure sharing encryption models for Proton Drive and Proton Calendar, and we’ve leveraged this experience to design Proton Pass. The Proton Pass encryption model enables you to share your vaults with others, and we plan on adding more sophisticated sharing functionalities as Proton Pass evolves. Currently, you must be a vault administrator to share your vault keys.
Sharing encrypted information requires sharing and distributing public keys, which creates the potential for man-in-the-middle (MITM) attacks, specifically the distribution of fake public keys. In addition to user keys, each Proton user has one or more address keys for each email address associated with their account. This address key is a public key linked to a verifiable identity and published in Proton’s Key Transparency system, ensuring they can’t be maliciously modified by an attacker. We’ll share more information about Proton’s Key Transparency system in the future.
If you’re the vault administrator, you can share your vault key and Proton Pass will encrypt it with your recipient’s address key, ensuring only they can access it.
After your intended recipient receives your encrypted vault key, they will validate its signature using your address key. This step verifies that the invitation legitimately came from you. Once the signature has been validated, Proton Pass will encrypt the vault key using your recipient’s user key and store it securely.
Conclusion
Like all Proton services, Proton Pass will be open source upon release. Anyone will be able to consult the source code to verify our security model. As with our other services, Proton Pass will also undergo regular independent security audits and these audit reports will be shared publicly as soon as they are available.
Finally, for interested security researchers, Proton Pass is eligible for Proton’s Bug Bounty program(new window) that offers awards of up to $10,000 for the discovery of bugs in Proton’s software.
This work was conducted by Adrià Casajús, Son Nguyen Kim, Carlos Quintana, Daniel Huigens, and Lara Bruseghini from the Proton identity and cryptography teams.
Secure, seamless communication is the foundation of every business. As more
organizations secure their data with Proton, we’ve dramatically expanded our
ecosystem with new products and services, from our password manager to Dark Web
Monitoring for cr
Im Bereich der Cybersicherheit ist der Begriff Brute-Force-Attacke oft zu hören.
Eine Brute-Force-Attacke ist jeder Angriff, der nicht auf Finesse setzt, sondern
rohe Rechenkraft nutzt, um Sicherheitsmaßnahmen oder sogar die zugrundeliegende
Verschlü
Abschnitt 702 des Foreign Intelligence Surveillance Act hat sich als berüchtigte
rechtliche Rechtfertigung etabliert, die es Bundesbehörden wie der NSA, CIA und
FBI erlaubt, Überwachungen ohne richterlichen Beschluss durchzuführen, wodurch
die Daten
Als Reaktion auf die zunehmende Anzahl von Datenpannen bietet Proton Mail
zahlenden Abonnenten eine Funktion namens Dark Web Monitoring an. Unser System
überprüft, ob deine Anmeldeinformationen oder andere Daten auf illegalen
Marktplätzen geleakt wur
Deine E-Mail-Adresse ist deine Online-Identität, und du teilst sie jedes Mal,
wenn du einen neuen Account für einen Online-Dienst erstellst. Das bietet zwar
Bequemlichkeit, aber es legt auch deine Identität offen, falls Hacker die
Dienste, die du nut
Unsere Mission bei Proton ist es, ein Internet zu fördern, das deine
Privatsphäre standardmäßig schützt, deine Daten sichert und dir Wahlfreiheit
bietet.
Heute machen wir mit der Einführung unseres Open-Source-Passwortmanagers Proton
Pass im App-Ver