End-to-end encryption
With end-to-end encryption, your data is never accessible to us and only you can decrypt it using your secret password.
Not only are your usernames and passwords encrypted, but all metadata is also secure - not even Proton can access this data.
Open-source code
As scientists, we know that transparency and peer review lead to better security. All Proton Pass apps are open source(new window) and can be independently reviewed by anyone. Our security claims are not mere claims, but facts that can be independently verified by all.
Independently audited
Like all Proton services, Proton Pass has been audited by independent third-party experts, and such security reports are available to the public. Proton Pass security is also enhanced by a public bug bounty program, that invites and rewards security researchers who can identify security improvements in our apps.
Advanced security and privacy features
256-bit AES-GCM vault encryption
Passwords and other items stored in Proton Pass are kept in encrypted vaults. When you create a vault, Proton Pass generates a 32-byte random vault key that cannot be brute-forced.
Your data is encrypted with 256-bit AES-GCM which is quantum-resistant (cannot be broken by quantum computers). Nobody (not even Proton) can read or create new vault keys.
OpenPGP with ECC
In order to protect your vault key and facilitate the sharing functionality (in case you want to share a login with a trusted third party), Proton Pass uses the OpenPGP encryption standard with elliptic curve cryptography (ECC Curve25519).
OpenPGP is open source, has been audited and battle-tested for nearly 30 years, and has no known vulnerabilities. Proton’s OpenPGP implementation is also modular, to allow easy upgrading to post-quantum encryption algorithms in the future.
Alternative routing
Proton helps people who live under governments that are hostile to privacy. Alternative routing is an advanced anti-censorship feature that allows you to access your password manager even if your government or internet service provider tries to block access.
This means that Proton Pass can work even if you travel to countries with strict internet censorship.
Tor onion site
For extra privacy, you can access our onion site while connected via the Tor Browser or Proton VPN’s Tor over VPN feature.
Passwords are only part
of the equation
Create a unique email alias for each website
By using hide-my-email aliases, in the event that any of the services where you have an account is hacked, malicious actors cannot discover your real email address.
Furthermore, if your email alias is sold or leaked by a third party, you can easily disable it to stop spam.
Metadata encryption
Metadata, such as the websites you have accounts with, is also extremely sensitive as it may reveal your email, browsing history, political views, and other information you want to keep private.
Proton Pass doesn’t just encrypt the password field but applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in your encrypted notes.
This data is never available to Proton and consequently also cannot be extracted by third parties.
Swiss privacy
We are prohibited from sharing the little user data we have with any foreign authorities, and under no circumstances, are we able to decrypt the data you save in Proton Pass.
